[Hawkular-dev] hawkular-accounts integration with websocket stuff in kettle
Juraci Paixão Kröhling
jpkroehling at redhat.com
Thu Aug 6 06:40:26 EDT 2015
On 08/06/2015 12:38 PM, Heiko W.Rupp wrote:
>> That provides only a small part of the whole authentication scheme,
>> though: given that a WebSocket can potentially live for a very long time
>> (hours, or even days), it's likely that a session might expire during
>> the lifetime of the socket connection. So, this connection has to be
>> "somehow" refreshed or killed.
>
> What do you mean by session expiring (which session)?
The HTTP session. For instance, if the user has performed a "single sign
out". Then, the user should be logged out of all applications.
> What may possibly more a cause for concern is that a Hawkular user may
> have a WS-connection open and the user is removed from the user
> database. In this case we may want to invalidate all tokens/grants and
> also forcefully disconnect the WS.
That's a good variant for the above scenario.
- Juca.
More information about the hawkular-dev
mailing list