[keycloak-user] WebSockets

Marek Posolda mposolda at redhat.com
Wed Aug 5 04:47:08 EDT 2015 

There is also another example 
https://github.com/secondsun/wildfly-secured-websocket , where client is 
javascript application . It's based on web.xml security and the client 
and server are both in same web application. Unfortunately I don't know 
if it can work if client and server are in different applications, as it 
seems that there is no way for add additional HTTP headers on client in 
javascript websockets API (at least according to 
http://stackoverflow.com/questions/4361173/http-headers-in-websockets-client-api 
). So adding "Authorization: Bearer" looks like a challenge here.

Marek

On 5.8.2015 09:54, pslegr wrote:
> Hello Juraci,
>
> maybe other Keycloak core devs might have having other recommendations,
> never-less I've put up an example for our project
> https://github.com/pslegr/pnc/commit/873e875d657215890b9b9aafe93b2138ae946ec5
> which uses Keycloak to secure the WS endpoint.
> The point is to intercept the initial HttpRequest and add an 
> AuthorizationHeader
> into this one.
>
> ...
>          List<String> authHeader = new ArrayList<String>();
>          authHeader.add("Bearer " + authenticate());
>          headers.put("Authorization", authHeader);
>
> ...
>
> This is done before protocol upgrade into WS/WSS.
>
> I don't see any other way doing this so far....
>
> regards
> Pavel
>
> On 4.8.2015 16:44, Juraci Paixão Kröhling wrote:
>> I'm currently looking into the best way to perform authentication for
>> WebSockets, and it seems that the best (only?) option so far is to
>> handle this on the socket's endpoint itself.
>>
>> But before I start with some library for the other Hawkular components
>> to consume, I'd like to ask if there's a best practices/recommendations
>> for doing WebSocket authentication with Keycloak.
>>
>> My plan right now is to require the endpoints to inject a service that
>> would accept a message and session, closing the session on this service
>> if the login data is not provided (login data == token, send on the
>> first message, at least at first).
>>
>> Ideas/thoughts?
>>
>> - Juca.
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150805/3d2605ab/attachment.html

More information about the keycloak-user mailing list