3:50 a.m.
On 5.8.2015 10:47, Marek Posolda wrote:
There is also another example
https://github.com/secondsun/wildfly-secured-websocket , where client
is javascript application . It's based on web.xml security and the
client and server are both in same web application. Unfortunately I
don't know if it can work if client and server are in different
applications, as it seems that there is no way for add additional HTTP
headers on client in javascript websockets API (at least according to
http://stackoverflow.com/questions/4361173/http-headers-in-websockets-cli...
). So adding "Authorization: Bearer" looks like a challenge here.
Exactly, same experience here !
I was not able to handle the JS api and intercept with Authorization
header there
On the Java client worked fine
Marek
On 5.8.2015 09:54, pslegr wrote:
> Hello Juraci,
>
> maybe other Keycloak core devs might have having other recommendations,
> never-less I've put up an example for our project
> https://github.com/pslegr/pnc/commit/873e875d657215890b9b9aafe93b2138ae94...
> which uses Keycloak to secure the WS endpoint.
> The point is to intercept the initial HttpRequest and add an
> AuthorizationHeader
> into this one.
>
> ...
> List<String> authHeader = new ArrayList<String>();
> authHeader.add("Bearer " + authenticate());
> headers.put("Authorization", authHeader);
>
> ...
>
> This is done before protocol upgrade into WS/WSS.
>
> I don't see any other way doing this so far....
>
> regards
> Pavel
>
> On 4.8.2015 16:44, Juraci Paixão Kröhling wrote:
>> I'm currently looking into the best way to perform authentication for
>> WebSockets, and it seems that the best (only?) option so far is to
>> handle this on the socket's endpoint itself.
>>
>> But before I start with some library for the other Hawkular components
>> to consume, I'd like to ask if there's a best practices/recommendations
>> for doing WebSocket authentication with Keycloak.
>>
>> My plan right now is to require the endpoints to inject a service that
>> would accept a message and session, closing the session on this service
>> if the login data is not provided (login data == token, send on the
>> first message, at least at first).
>>
>> Ideas/thoughts?
>>
>> - Juca.
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user