WebSocket as Java EE component but JAAS not include

[glassfishrobot]

Websocket is part of Java EE 7 but I can't apply Jaas mecanism from bean called from websocket

I secure web application with basic auth, and define roles and group/role mapping. Everythings works fine with Servlet.

Now with websocket From the method onMessage, we can check user from session argument ok

@OnMessage
public void receiveCommandMessage(Session client, String msg) {
    session.getUserPrincipal()
}

We can too check role from configurator

@ServerEndpoint(value = "/endpoint", configurator = MyConfigurator.class)
public class MyEndpoint {

public class MyConfigurator extends ServerEndpointConfig.Configurator {
    @Override
    public void modifyHandshake(ServerEndpointConfig sec, HandshakeRequest request, HandshakeResponse response) {
        request.isUserInRole(ROLE);
    }
}

Endpoint is java EE component but when I inject CDI Bean inside, JAAS Context is not initialized, samething for EJB

In CDI Bean the injection of Principal return an ANONYMOUS Princiapl In EJB injection of SessionContext is not initialized JAAS Annotations @DeclaredRole and RoleAllowed etc... of course block all call.

I understand that the Endpoint is as an Singleton. But is there a solution ? How I can do ? an idea ? there is bug ?

Environment

Glassfish server

[glassfishrobot]

• Issue Imported From: https://github.com/tyrus-project/tyrus/issues/587
• Original Issue Raised By:@glassfishrobot
• Original Issue Assigned To: @pavelbucek

[glassfishrobot]

@glassfishrobot Commented Reported by hhf

[glassfishrobot]

@glassfishrobot Commented Issue-Links: is blocked by WEBSOCKET_SPEC-197

[glassfishrobot]

@glassfishrobot Commented This issue was imported from java.net JIRA TYRUS-410