<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">It looks it's possible to add query
parameters in Javscript Websocket client. But ATM our adapter
supports authenticating requests where the token is sent only in
"Authorization: Bearer" header. Maybe adding support for
authentication tokens from query parameter is something we can
support for adapters though (if someone has valid usecase for it)<br>
<br>
Marek<br>
<br>
On 5.8.2015 10:47, Marek Posolda wrote:<br>
</div>
<blockquote cite="mid:55C1CD8C.7070907@redhat.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<div class="moz-cite-prefix">There is also another example <a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://github.com/secondsun/wildfly-secured-websocket">https://github.com/secondsun/wildfly-secured-websocket</a>
, where client is javascript application . It's based on web.xml
security and the client and server are both in same web
application. Unfortunately I don't know if it can work if client
and server are in different applications, as it seems that there
is no way for add additional HTTP headers on client in
javascript websockets API (at least according to <a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://stackoverflow.com/questions/4361173/http-headers-in-websockets-client-api">http://stackoverflow.com/questions/4361173/http-headers-in-websockets-client-api</a>
). So adding "Authorization: Bearer" looks like a challenge
here.<br>
<br>
Marek<br>
<br>
On 5.8.2015 09:54, pslegr wrote:<br>
</div>
<blockquote cite="mid:55C1C134.8060408@redhat.com" type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
Hello Juraci,<br>
<br>
maybe other Keycloak core devs might have having other
recommendations, <br>
never-less I've put up an example for our project <br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://github.com/pslegr/pnc/commit/873e875d657215890b9b9aafe93b2138ae946ec5">https://github.com/pslegr/pnc/commit/873e875d657215890b9b9aafe93b2138ae946ec5</a><br>
which uses Keycloak to secure the WS endpoint.<br>
The point is to intercept the initial HttpRequest and add an
AuthorizationHeader<br>
into this one.<br>
<br>
...<br>
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<pre style="color: rgb(0, 0, 0); font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; widows: 1; word-spacing: 0px; -webkit-text-stroke-width: 0px;"> List<String> authHeader = new ArrayList<String>();
authHeader.add("Bearer " + authenticate());
headers.put("Authorization", authHeader);
...
</pre>
This is done before protocol upgrade into WS/WSS.<br>
<br>
I don't see any other way doing this so far....<br>
<br>
regards<br>
Pavel<br>
<br>
<div class="moz-cite-prefix">On 4.8.2015 16:44, Juraci Paixão
Kröhling wrote:<br>
</div>
<blockquote cite="mid:55C0CFE5.3080108@kroehling.de" type="cite">
<pre wrap="">I'm currently looking into the best way to perform authentication for
WebSockets, and it seems that the best (only?) option so far is to
handle this on the socket's endpoint itself.
But before I start with some library for the other Hawkular components
to consume, I'd like to ask if there's a best practices/recommendations
for doing WebSocket authentication with Keycloak.
My plan right now is to require the endpoints to inject a service that
would accept a message and session, closing the session on this service
if the login data is not provided (login data == token, send on the
first message, at least at first).
Ideas/thoughts?
- Juca.
_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a>
</pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>