Providing a secure connection for sensitive data

Hi,

I am doing a webapp using websockets that has a typical sequence for registering a new user.

User submits a username and password in the initial contract
More information is gathered from the user in a follow up contract and validated against an external service.

So I need 2 characteristics for this, session management and a secure connection. I had a look at undertow and found they support secure websocket, DefaultWebSocketClientSslProvider. But unclear on how to approach both my requirements for session management and security. Any pointers? The code for building the http handler is below: Excuse the markdown not working as it should.

` BldFourK bld4k = Http4K.Build("localhost", 8080).fileRoot("/", root).fileRoot("/jsk", jsroot).httpAPI("/api", csHttpApp) .serType(SerializerType.JsonNoRef).setSessionTimeout(30_000).build().websocket("/ws", csHttpApp) .serType(SerializerType.JsonNoRef).build().build();

    bld4k.httpHandler("/rst", 
            (new HttpHandler() {
                @Override
                public void handleRequest(final HttpServerExchange exchange) throws Exception {
                    Map<String,Deque<String>> params = exchange.getPathParameters();
                    Recover result = csHttpApp.checkRecover(params.get("k").getFirst());
                    if(result != null) {
                        // A valid request, load the right page
                        exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "text/plain");
                        exchange.getResponseSender().send("Screen here");
                    } else {
                        // Not a valid request
                        exchange.getResponseHeaders().put(Headers.CONTENT_TYPE, "text/plain");
                        exchange.getResponseSender().send("False identfication");
                    }
                }
            })
    );`

RuedigerMoeller / kontraktor

Providing a secure connection for sensitive data #30