[Hawkular-dev] hawkular-accounts integration with websocket stuff in kettle

[John Mazzitelli]

Juca,

I think the time is coming close when I need to wrap authentication around the websockets stuff we have in the server. Right now, any client can connect to our websocket server running in kettle. I know you mentioned that KeyCloak doesn't have an official integration with websockets today, but can we make calls to your accounts API directly to do things like logging in?

In our websockets code, I believe we can get access to the headers that were passed in by the UI client when connecting to websockets (javax.websocket.Session.getRequestParameterMap() is what I assume we can use). So a UI or feed could pass in username/password (just like a normal HTTP client would to connect to our metrics or inventory REST API). We would just need to manually take those username/password credentials and ask accounts to verify the credentials and perhaps give us back a UserPrincipal or whatever it is you can give us.

We will eventually need to use this user principal or whatever to logically link that UI client (and the requests it makes to the server) to the responses of those requests (so those responses can be sent back to the proper client)

Ideas?

--John Mazz