search

eclipse-ee4j / soteria

Soteria, a Jakarta Security implementation
Other
57 stars 29 forks source link

WebSocket Support/Examples #191

Open glassfishrobot opened 7 years ago

glassfishrobot commented 7 years ago

As JSR 375 was supposed to cross the JEE spec, I see no mention anywhere of WebSocket support. One of the pain points of using JSR 356 is performing security checks such as #isUserInRole after the connection has been established as it only currently appears in javax.websocket.server.HandshakeRequest.

The JSR 356 spec. states:

Websocket endpoints running in the Java EE platform must have full dependency injection support as described in the CDI specification.

Therefore, it should be possible to inject the javax.security.SecurityContext into a WebSocket javax.websocket.Endpoint, however I see no documentation or examples supporting this. Is this a valid assumption? I appreciate the horse may have already bolted, but I'd be surprised if this hasn't been discussed already.

glassfishrobot commented 6 years ago