On Thu, Jan 19, 2017 at 10:54 AM, Irunika Weeraratne <irun...@wso2.com> wrote:
> Hi Lakshman, > On Wed, Jan 18, 2017 at 2:57 PM, Lakshman Udayakantha <lakshm...@wso2.com> > wrote: > >> I think you don't have to specially implement authentication mechanism >> for web socket protocol. According to the spec[1], websocket doesn't >> provide a way to authenticate clients. You can use any other mechanism with >> HTTPS or HTTP etc. to authenticate the server. >> >> This protocol doesn't prescribe any particular way that servers can >> authenticate clients during the WebSocket handshake. The WebSocket server >> can use any client authentication mechanism available to a generic HTTP >> server, >> >> such as cookies, HTTP authentication, or TLS authentication. >> >> >> [1] https://tools.ietf.org/html/rfc6455 >> > > Yes. They are not providing a mechanism and I'm trying to reuse the > existing authentication mechanisms for Microservices in MSF4J. > Most probably it will work since there is no any difference between a HTTP > request and WebSocket Upgrade Request. Now I'm working on it. > Java API for WS spec does not define any specific security mechanisms instead it recommend to reuse Web container security model and HTTP security for authentication, please refer following 2 posts[1][2] based on Tyrus. [1] - http://ssagara.blogspot.com/2014/07/websocket-security-patterns.html [2] - http://ssagara.blogspot.com/2014/08/secure-java-websocket-endpoints.html Thanks ! > > Thanks, > Irunika > *Irunika Weeraratne* > *Software Engineer | WSO2, Inc. <http://wso2.com/>* > *Email : irun...@wso2.com <irun...@wso2.com>* > *LinkedIn : https://lk.linkedin.com/in/irunika > <https://lk.linkedin.com/in/irunika>* > *Mobile : +94712403314 <+94%2071%20240%203314>* > *Lean . Enterprise . Middleware* > > > _______________________________________________ > Architecture mailing list > Architecture@wso2.org > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Sagara Gunathunga Associate Director / Architect; WSO2, Inc.; http://wso2.com V.P Apache Web Services; http://ws.apache.org/ Linkedin; http://www.linkedin.com/in/ssagara Blog ; http://ssagara.blogspot.com
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
