CODEWITHSUNDEEP
authenticationwebsocketsafarijetty
We are Borg
We are Borg

Reputation: 5313

Safari, Jetty : Websockets not working as authentication header is not sent

We have a Spring-MVC application with websockets deployed on a Jetty server. We also have HashLoginService as shown below configured for jetty. When the application starts, we are able to access it with websockets functionality intact on FF, Chrome, Opera, IE but not on Safari. The only thing we get back is 401. After disabling the HashLoginService, websockets work fine. Is there some configuration in Jetty or somewhere required so that websockets work in Safari with authentication. Thank you.

Safari version : 11.0.3(desktop version)
Jetty - 9.4

jetty.xml :

  <Arg>
            <New class="org.eclipse.jetty.security.HashLoginService">
               <Set name="name">Default Realm</Set>
               <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
            </New>
         </Arg>
      </Call>

web.xml from project: 

<security-constraint>
            <web-resource-collection>
                <web-resource-name>username</web-resource-name>
                <url-pattern>/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                <role-name>user-role</role-name>
            </auth-constraint>
        </security-constraint>

            <security-constraint>
                <web-resource-collection>
                    <web-resource-name>username</web-resource-name>
                    <url-pattern>/*</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                    <role-name>user-role</role-name>
                </auth-constraint>
            </security-constraint>

        <security-role>
            <role-name>user-role</role-name>
        </security-role>

Any idea what we can do? Thanks.

Upvotes: 2

Views: 2171

Answers (1)

Joakim Erdfelt
Joakim Erdfelt

Reputation: 49525

Standard HTTP Authentication is apparently not supported on Safari and WebSockets.

See: https://bugs.webkit.org/show_bug.cgi?id=80362

You can find some workarounds at a different stackoverflow answer.

HTTP headers in Websockets client API

Upvotes: 3

Related Questions