Websocket is part of Java EE 7 but I can't apply Jaas mecanism from bean called from websocket
I secure web application with basic auth, and define roles and group/role mapping.
Everythings works fine with Servlet.
Now with websocket
From the method onMessage,
we can check user from session argument ok
@OnMessage
public void receiveCommandMessage(Session client, String msg) {
session.getUserPrincipal()
}
We can too check role from configurator
@ServerEndpoint(value = "/endpoint", configurator = MyConfigurator.class)
public class MyEndpoint {
public class MyConfigurator extends ServerEndpointConfig.Configurator {
@Override
public void modifyHandshake(ServerEndpointConfig sec, HandshakeRequest request, HandshakeResponse response) {
request.isUserInRole(ROLE);
}
}
Endpoint is java EE component but when I inject CDI Bean inside, JAAS Context is not initialized, samething for EJB
In CDI Bean the injection of Principal return an ANONYMOUS Princiapl
In EJB injection of SessionContext is not initialized
JAAS Annotations @DeclaredRole and RoleAllowed etc... of course block all call.
I understand that the Endpoint is as an Singleton. But is there a solution ?
How I can do ?
an idea ?
there is bug ?
Websocket is part of Java EE 7 but I can't apply Jaas mecanism from bean called from websocket
I secure web application with basic auth, and define roles and group/role mapping. Everythings works fine with Servlet.
Now with websocket From the method onMessage, we can check user from session argument ok
We can too check role from configurator
Endpoint is java EE component but when I inject CDI Bean inside, JAAS Context is not initialized, samething for EJB
In CDI Bean the injection of Principal return an ANONYMOUS Princiapl In EJB injection of SessionContext is not initialized JAAS Annotations @DeclaredRole and RoleAllowed etc... of course block all call.
I understand that the Endpoint is as an Singleton. But is there a solution ? How I can do ? an idea ? there is bug ?
Environment
Glassfish server