[undertow-dev] Unified SecurityContext/Exchange/Session for Http and Websockets
Robin Anil
robin.anil at gmail.com
Sat Nov 14 13:56:28 EST 2015
Currently the code path requires separate mechanisms for http and
websockets. This means the guice scoping logic gets complicated for all
business objects derived from SecurityContext/Exchange
For example lets say we are sending a cookie containing a JWT token. For
Http we have written an Authentication mechanism which creates a security
context and then a guice injector which gets the authenticated data from
the security context Principal.
Now if we need to support websockets, firstly the authentication mechanism
is non existent.
Another example is the Headers. In HttpServerExchange the headers are in a
HeaderMap but for websockets it is a Map<String, List<String>>. The
injection code that worked off HeaderMap now no longer work in Websocket
context.
I feel like this can be improved if there are shared interfaces for these
core objects across Http and Websockets so that it becomes easy for
downstream code to re-use business object injection logic across the two
Thoughts?
Robin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20151114/40133702/attachment.html
More information about the undertow-dev
mailing list