[keycloak-user] WebSockets
pslegr
pslegr at redhat.com
Wed Aug 5 03:54:28 EDT 2015
Hello Juraci,
maybe other Keycloak core devs might have having other recommendations,
never-less I've put up an example for our project
https://github.com/pslegr/pnc/commit/873e875d657215890b9b9aafe93b2138ae946ec5
which uses Keycloak to secure the WS endpoint.
The point is to intercept the initial HttpRequest and add an
AuthorizationHeader
into this one.
...
List<String> authHeader = new ArrayList<String>();
authHeader.add("Bearer " + authenticate());
headers.put("Authorization", authHeader);
...
This is done before protocol upgrade into WS/WSS.
I don't see any other way doing this so far....
regards
Pavel
On 4.8.2015 16:44, Juraci Paixão Kröhling wrote:
> I'm currently looking into the best way to perform authentication for
> WebSockets, and it seems that the best (only?) option so far is to
> handle this on the socket's endpoint itself.
>
> But before I start with some library for the other Hawkular components
> to consume, I'd like to ask if there's a best practices/recommendations
> for doing WebSocket authentication with Keycloak.
>
> My plan right now is to require the endpoints to inject a service that
> would accept a message and session, closing the session on this service
> if the login data is not provided (login data == token, send on the
> first message, at least at first).
>
> Ideas/thoughts?
>
> - Juca.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150805/5a2164b8/attachment.html
More information about the keycloak-user
mailing list