Re: [Dev] MSF4J Websocket security token transmit

2017-04-21 Thread Irunika Weeraratne 
Hi Godwin,
Yes we can do it. Can we have a small dicussion on Monday?

Thanks,
Irunika

On Apr 21, 2017 8:00 PM, "Godwin Shrimal"  wrote:

> @adding Thusitha.
>
> As described above currently there is no way to extract headers from
> Session in MSF4J and no interceptor support yet with websocket. Shall we
> add the capability to extract headers from Session ?
>
>
> Thanks
> Godwin
>
>
> On Fri, Apr 21, 2017 at 5:32 PM, Godwin Shrimal  wrote:
>
>> Hi All,
>>
>> Here we are using websocket sever as MSF4J and client as netty, my
>> problem is currently there is no way to extract headers from Session while
>> handshake.
>>
>> Thanks
>> Godwin
>>
>> On Fri, Apr 21, 2017 at 12:21 PM, Ayyoob Hamza  wrote:
>>
>>> Hi
>>> What would be solution if we are to initiate the connection from the
>>> browser itself, AFAIK websocket library for browsers does not support
>>> adding headers.
>>>
>>> Thanks,
>>>
>>> *Ayyoob Hamza*
>>> *Senior Software Engineer*
>>> WSO2 Inc.; http://wso2.com
>>> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
>>>
>>> On Fri, Apr 21, 2017 at 11:32 AM, Irunika Weeraratne 
>>> wrote:
>>>
 Hi Godwin,
 IMHO the best way to do it using HTTP header. Are you using netty
 directly? If that so there is a way to add necessary headers for the
 initial handshake and we can check them in the server side.

 Thanks,
 Irunika

 *Irunika Weeraratne*
 *Software Engineer | WSO2, Inc. *
 *Email : irun...@wso2.com *
 *LinkedIn : https://lk.linkedin.com/in/irunika
 *
 *Mobile : +94712403314 <+94%2071%20240%203314>*
 *Lean . Enterprise . Middleware*


 On Fri, Apr 21, 2017 at 11:27 AM, Arshardh Ifthikar 
 wrote:

> You can find it here: https://docs.wso2.com/display/
> AM210/Create+a+WebSocket+API
>
> Thanks
>
> On Fri, Apr 21, 2017 at 11:24 AM, Godwin Shrimal 
> wrote:
>
>> Can you please share the relevant API Manager source ?
>>
>>
>> Thanks
>> Godwin
>>
>> On Fri, Apr 21, 2017 at 11:22 AM, Arshardh Ifthikar <
>> arsha...@wso2.com> wrote:
>>
>>> Hi,
>>>
>>> IMHO the best approach would be to send it via a header in the
>>> initial HTTP request used to establish the connection. This is the 
>>> method
>>> we follow to send the access token for websocket APIs in the API 
>>> Manager.
>>>
>>> Thanks
>>> Arshardh
>>>
>>> On Fri, Apr 21, 2017 at 11:11 AM, Godwin Shrimal 
>>> wrote:
>>>
 Hi All,

 What is the best way to transmit a security token in web socket
 while establishing a connection ? Currently we are passing through path
 parameter such as wss://localhost:8080/server/

 Is it secure to sent it via path parameter ? If not what is the
 correct approach ?


 Thanks
 Godwin

 --
 *Godwin Amila Shrimal*
 WSO2 Inc.; http://wso2.com
 lean.enterprise.middleware

 mobile: *+94772264165*
 linkedin: *http://lnkd.in/KUum6D *
 twitter: https://twitter.com/godwinamila
 

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> *Arshardh Ifthikar*
>>> Trainee Software Engineer
>>> WSO2, Inc.
>>> Mobile: +94719806525 <+94%2071%20980%206525>
>>>
>>
>>
>>
>> --
>> *Godwin Amila Shrimal*
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *http://lnkd.in/KUum6D *
>> twitter: https://twitter.com/godwinamila
>> 
>>
>
>
>
> --
> *Arshardh Ifthikar*
> Trainee Software Engineer
> WSO2, Inc.
> Mobile: +94719806525 <+94%2071%20980%206525>
>


 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> *Godwin Amila Shrimal*
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *http://lnkd.in/KUum6D *
>> twitter: https://twitter.com/godwinamila
>> 
>>
>
>
>
> --
> *Godwin Amila Shrimal*
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D *
> twitter: https://twitter.com/godwinamila
> 
>
_

Re: [Dev] MSF4J Websocket security token transmit

2017-04-21 Thread Godwin Shrimal 
@adding Thusitha.

As described above currently there is no way to extract headers from
Session in MSF4J and no interceptor support yet with websocket. Shall we
add the capability to extract headers from Session ?


Thanks
Godwin


On Fri, Apr 21, 2017 at 5:32 PM, Godwin Shrimal  wrote:

> Hi All,
>
> Here we are using websocket sever as MSF4J and client as netty, my problem
> is currently there is no way to extract headers from Session while
> handshake.
>
> Thanks
> Godwin
>
> On Fri, Apr 21, 2017 at 12:21 PM, Ayyoob Hamza  wrote:
>
>> Hi
>> What would be solution if we are to initiate the connection from the
>> browser itself, AFAIK websocket library for browsers does not support
>> adding headers.
>>
>> Thanks,
>>
>> *Ayyoob Hamza*
>> *Senior Software Engineer*
>> WSO2 Inc.; http://wso2.com
>> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
>>
>> On Fri, Apr 21, 2017 at 11:32 AM, Irunika Weeraratne 
>> wrote:
>>
>>> Hi Godwin,
>>> IMHO the best way to do it using HTTP header. Are you using netty
>>> directly? If that so there is a way to add necessary headers for the
>>> initial handshake and we can check them in the server side.
>>>
>>> Thanks,
>>> Irunika
>>>
>>> *Irunika Weeraratne*
>>> *Software Engineer | WSO2, Inc. *
>>> *Email : irun...@wso2.com *
>>> *LinkedIn : https://lk.linkedin.com/in/irunika
>>> *
>>> *Mobile : +94712403314 <+94%2071%20240%203314>*
>>> *Lean . Enterprise . Middleware*
>>>
>>>
>>> On Fri, Apr 21, 2017 at 11:27 AM, Arshardh Ifthikar 
>>> wrote:
>>>
 You can find it here: https://docs.wso2.com/display/
 AM210/Create+a+WebSocket+API

 Thanks

 On Fri, Apr 21, 2017 at 11:24 AM, Godwin Shrimal 
 wrote:

> Can you please share the relevant API Manager source ?
>
>
> Thanks
> Godwin
>
> On Fri, Apr 21, 2017 at 11:22 AM, Arshardh Ifthikar  > wrote:
>
>> Hi,
>>
>> IMHO the best approach would be to send it via a header in the
>> initial HTTP request used to establish the connection. This is the method
>> we follow to send the access token for websocket APIs in the API Manager.
>>
>> Thanks
>> Arshardh
>>
>> On Fri, Apr 21, 2017 at 11:11 AM, Godwin Shrimal 
>> wrote:
>>
>>> Hi All,
>>>
>>> What is the best way to transmit a security token in web socket
>>> while establishing a connection ? Currently we are passing through path
>>> parameter such as wss://localhost:8080/server/
>>>
>>> Is it secure to sent it via path parameter ? If not what is the
>>> correct approach ?
>>>
>>>
>>> Thanks
>>> Godwin
>>>
>>> --
>>> *Godwin Amila Shrimal*
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> mobile: *+94772264165*
>>> linkedin: *http://lnkd.in/KUum6D *
>>> twitter: https://twitter.com/godwinamila
>>> 
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> *Arshardh Ifthikar*
>> Trainee Software Engineer
>> WSO2, Inc.
>> Mobile: +94719806525 <+94%2071%20980%206525>
>>
>
>
>
> --
> *Godwin Amila Shrimal*
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D *
> twitter: https://twitter.com/godwinamila
> 
>



 --
 *Arshardh Ifthikar*
 Trainee Software Engineer
 WSO2, Inc.
 Mobile: +94719806525 <+94%2071%20980%206525>

>>>
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Godwin Amila Shrimal*
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D *
> twitter: https://twitter.com/godwinamila
> 
>



-- 
*Godwin Amila Shrimal*
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *http://lnkd.in/KUum6D *
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] MSF4J Websocket security token transmit

2017-04-21 Thread Godwin Shrimal 
Hi All,

Here we are using websocket sever as MSF4J and client as netty, my problem
is currently there is no way to extract headers from Session while
handshake.

Thanks
Godwin

On Fri, Apr 21, 2017 at 12:21 PM, Ayyoob Hamza  wrote:

> Hi
> What would be solution if we are to initiate the connection from the
> browser itself, AFAIK websocket library for browsers does not support
> adding headers.
>
> Thanks,
>
> *Ayyoob Hamza*
> *Senior Software Engineer*
> WSO2 Inc.; http://wso2.com
> email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>
>
> On Fri, Apr 21, 2017 at 11:32 AM, Irunika Weeraratne 
> wrote:
>
>> Hi Godwin,
>> IMHO the best way to do it using HTTP header. Are you using netty
>> directly? If that so there is a way to add necessary headers for the
>> initial handshake and we can check them in the server side.
>>
>> Thanks,
>> Irunika
>>
>> *Irunika Weeraratne*
>> *Software Engineer | WSO2, Inc. *
>> *Email : irun...@wso2.com *
>> *LinkedIn : https://lk.linkedin.com/in/irunika
>> *
>> *Mobile : +94712403314 <+94%2071%20240%203314>*
>> *Lean . Enterprise . Middleware*
>>
>>
>> On Fri, Apr 21, 2017 at 11:27 AM, Arshardh Ifthikar 
>> wrote:
>>
>>> You can find it here: https://docs.wso2.com/display/
>>> AM210/Create+a+WebSocket+API
>>>
>>> Thanks
>>>
>>> On Fri, Apr 21, 2017 at 11:24 AM, Godwin Shrimal 
>>> wrote:
>>>
 Can you please share the relevant API Manager source ?


 Thanks
 Godwin

 On Fri, Apr 21, 2017 at 11:22 AM, Arshardh Ifthikar 
 wrote:

> Hi,
>
> IMHO the best approach would be to send it via a header in the initial
> HTTP request used to establish the connection. This is the method we 
> follow
> to send the access token for websocket APIs in the API Manager.
>
> Thanks
> Arshardh
>
> On Fri, Apr 21, 2017 at 11:11 AM, Godwin Shrimal 
> wrote:
>
>> Hi All,
>>
>> What is the best way to transmit a security token in web socket while
>> establishing a connection ? Currently we are passing through path 
>> parameter
>> such as wss://localhost:8080/server/
>>
>> Is it secure to sent it via path parameter ? If not what is the
>> correct approach ?
>>
>>
>> Thanks
>> Godwin
>>
>> --
>> *Godwin Amila Shrimal*
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *http://lnkd.in/KUum6D *
>> twitter: https://twitter.com/godwinamila
>> 
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Arshardh Ifthikar*
> Trainee Software Engineer
> WSO2, Inc.
> Mobile: +94719806525 <+94%2071%20980%206525>
>



 --
 *Godwin Amila Shrimal*
 WSO2 Inc.; http://wso2.com
 lean.enterprise.middleware

 mobile: *+94772264165*
 linkedin: *http://lnkd.in/KUum6D *
 twitter: https://twitter.com/godwinamila
 

>>>
>>>
>>>
>>> --
>>> *Arshardh Ifthikar*
>>> Trainee Software Engineer
>>> WSO2, Inc.
>>> Mobile: +94719806525 <+94%2071%20980%206525>
>>>
>>
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Godwin Amila Shrimal*
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *http://lnkd.in/KUum6D *
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] MSF4J Websocket security token transmit

2017-04-21 Thread Arshardh Ifthikar 
You can find it here:
https://docs.wso2.com/display/AM210/Create+a+WebSocket+API

Thanks

On Fri, Apr 21, 2017 at 11:24 AM, Godwin Shrimal  wrote:

> Can you please share the relevant API Manager source ?
>
>
> Thanks
> Godwin
>
> On Fri, Apr 21, 2017 at 11:22 AM, Arshardh Ifthikar 
> wrote:
>
>> Hi,
>>
>> IMHO the best approach would be to send it via a header in the initial
>> HTTP request used to establish the connection. This is the method we follow
>> to send the access token for websocket APIs in the API Manager.
>>
>> Thanks
>> Arshardh
>>
>> On Fri, Apr 21, 2017 at 11:11 AM, Godwin Shrimal  wrote:
>>
>>> Hi All,
>>>
>>> What is the best way to transmit a security token in web socket while
>>> establishing a connection ? Currently we are passing through path parameter
>>> such as wss://localhost:8080/server/
>>>
>>> Is it secure to sent it via path parameter ? If not what is the correct
>>> approach ?
>>>
>>>
>>> Thanks
>>> Godwin
>>>
>>> --
>>> *Godwin Amila Shrimal*
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> mobile: *+94772264165*
>>> linkedin: *http://lnkd.in/KUum6D *
>>> twitter: https://twitter.com/godwinamila
>>> 
>>>
>>> ___
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> *Arshardh Ifthikar*
>> Trainee Software Engineer
>> WSO2, Inc.
>> Mobile: +94719806525 <+94%2071%20980%206525>
>>
>
>
>
> --
> *Godwin Amila Shrimal*
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D *
> twitter: https://twitter.com/godwinamila
> 
>



-- 
*Arshardh Ifthikar*
Trainee Software Engineer
WSO2, Inc.
Mobile: +94719806525
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] MSF4J Websocket security token transmit

2017-04-21 Thread Arshardh Ifthikar 
Hi all,

@Godwin, we can get it from the message object received given by the
channel read method in a ChannelInboundHandler [1] inserted to the
pipeline. As an example [2] is how we have done it for the API Manager.

@Ayyoob, The javascript Websocket library does not support adding external
headers. It is a limitation of using this approach. But certain developers
seems to have found work arounds [3]

Thanks

[1] https://netty.io/4.0/api/io/netty/channel/ChannelInboundHandler.html
[2]
https://github.com/wso2/carbon-apimgt/blob/6.1.x/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/WebsocketInboundHandler.java#L111
[3]
http://stackoverflow.com/questions/4361173/http-headers-in-websockets-client-api/41521871#41521871

On Fri, Apr 21, 2017 at 12:37 PM, Godwin Shrimal  wrote:

> yes, we are using netty client. can you point me how we are reading HTTP
> headers in websocket handshake ? I cant see any api to read http headers
> from session object.
>
>
> Thanks
> Godwin
>
> On Fri, Apr 21, 2017 at 11:32 AM, Irunika Weeraratne 
> wrote:
>
>> Hi Godwin,
>> IMHO the best way to do it using HTTP header. Are you using netty
>> directly? If that so there is a way to add necessary headers for the
>> initial handshake and we can check them in the server side.
>>
>> Thanks,
>> Irunika
>>
>> *Irunika Weeraratne*
>> *Software Engineer | WSO2, Inc. *
>> *Email : irun...@wso2.com *
>> *LinkedIn : https://lk.linkedin.com/in/irunika
>> *
>> *Mobile : +94712403314 <+94%2071%20240%203314>*
>> *Lean . Enterprise . Middleware*
>>
>>
>> On Fri, Apr 21, 2017 at 11:27 AM, Arshardh Ifthikar 
>> wrote:
>>
>>> You can find it here: https://docs.wso2.com/display/
>>> AM210/Create+a+WebSocket+API
>>>
>>> Thanks
>>>
>>> On Fri, Apr 21, 2017 at 11:24 AM, Godwin Shrimal 
>>> wrote:
>>>
 Can you please share the relevant API Manager source ?


 Thanks
 Godwin

 On Fri, Apr 21, 2017 at 11:22 AM, Arshardh Ifthikar 
 wrote:

> Hi,
>
> IMHO the best approach would be to send it via a header in the initial
> HTTP request used to establish the connection. This is the method we 
> follow
> to send the access token for websocket APIs in the API Manager.
>
> Thanks
> Arshardh
>
> On Fri, Apr 21, 2017 at 11:11 AM, Godwin Shrimal 
> wrote:
>
>> Hi All,
>>
>> What is the best way to transmit a security token in web socket while
>> establishing a connection ? Currently we are passing through path 
>> parameter
>> such as wss://localhost:8080/server/
>>
>> Is it secure to sent it via path parameter ? If not what is the
>> correct approach ?
>>
>>
>> Thanks
>> Godwin
>>
>> --
>> *Godwin Amila Shrimal*
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *http://lnkd.in/KUum6D *
>> twitter: https://twitter.com/godwinamila
>> 
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Arshardh Ifthikar*
> Trainee Software Engineer
> WSO2, Inc.
> Mobile: +94719806525 <+94%2071%20980%206525>
>



 --
 *Godwin Amila Shrimal*
 WSO2 Inc.; http://wso2.com
 lean.enterprise.middleware

 mobile: *+94772264165*
 linkedin: *http://lnkd.in/KUum6D *
 twitter: https://twitter.com/godwinamila
 

>>>
>>>
>>>
>>> --
>>> *Arshardh Ifthikar*
>>> Trainee Software Engineer
>>> WSO2, Inc.
>>> Mobile: +94719806525 <+94%2071%20980%206525>
>>>
>>
>>
>
>
> --
> *Godwin Amila Shrimal*
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D *
> twitter: https://twitter.com/godwinamila
> 
>



-- 
*Arshardh Ifthikar*
Trainee Software Engineer
WSO2, Inc.
Mobile: +94719806525
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] MSF4J Websocket security token transmit

2017-04-21 Thread Godwin Shrimal 
Can you please share the relevant API Manager source ?


Thanks
Godwin

On Fri, Apr 21, 2017 at 11:22 AM, Arshardh Ifthikar 
wrote:

> Hi,
>
> IMHO the best approach would be to send it via a header in the initial
> HTTP request used to establish the connection. This is the method we follow
> to send the access token for websocket APIs in the API Manager.
>
> Thanks
> Arshardh
>
> On Fri, Apr 21, 2017 at 11:11 AM, Godwin Shrimal  wrote:
>
>> Hi All,
>>
>> What is the best way to transmit a security token in web socket while
>> establishing a connection ? Currently we are passing through path parameter
>> such as wss://localhost:8080/server/
>>
>> Is it secure to sent it via path parameter ? If not what is the correct
>> approach ?
>>
>>
>> Thanks
>> Godwin
>>
>> --
>> *Godwin Amila Shrimal*
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *http://lnkd.in/KUum6D *
>> twitter: https://twitter.com/godwinamila
>> 
>>
>> ___
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> *Arshardh Ifthikar*
> Trainee Software Engineer
> WSO2, Inc.
> Mobile: +94719806525 <+94%2071%20980%206525>
>



-- 
*Godwin Amila Shrimal*
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *http://lnkd.in/KUum6D *
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] MSF4J Websocket security token transmit

2017-04-21 Thread Godwin Shrimal 
yes, we are using netty client. can you point me how we are reading HTTP
headers in websocket handshake ? I cant see any api to read http headers
from session object.


Thanks
Godwin

On Fri, Apr 21, 2017 at 11:32 AM, Irunika Weeraratne 
wrote:

> Hi Godwin,
> IMHO the best way to do it using HTTP header. Are you using netty
> directly? If that so there is a way to add necessary headers for the
> initial handshake and we can check them in the server side.
>
> Thanks,
> Irunika
>
> *Irunika Weeraratne*
> *Software Engineer | WSO2, Inc. *
> *Email : irun...@wso2.com *
> *LinkedIn : https://lk.linkedin.com/in/irunika
> *
> *Mobile : +94712403314 <+94%2071%20240%203314>*
> *Lean . Enterprise . Middleware*
>
>
> On Fri, Apr 21, 2017 at 11:27 AM, Arshardh Ifthikar 
> wrote:
>
>> You can find it here: https://docs.wso2.com/display/
>> AM210/Create+a+WebSocket+API
>>
>> Thanks
>>
>> On Fri, Apr 21, 2017 at 11:24 AM, Godwin Shrimal  wrote:
>>
>>> Can you please share the relevant API Manager source ?
>>>
>>>
>>> Thanks
>>> Godwin
>>>
>>> On Fri, Apr 21, 2017 at 11:22 AM, Arshardh Ifthikar 
>>> wrote:
>>>
 Hi,

 IMHO the best approach would be to send it via a header in the initial
 HTTP request used to establish the connection. This is the method we follow
 to send the access token for websocket APIs in the API Manager.

 Thanks
 Arshardh

 On Fri, Apr 21, 2017 at 11:11 AM, Godwin Shrimal 
 wrote:

> Hi All,
>
> What is the best way to transmit a security token in web socket while
> establishing a connection ? Currently we are passing through path 
> parameter
> such as wss://localhost:8080/server/
>
> Is it secure to sent it via path parameter ? If not what is the
> correct approach ?
>
>
> Thanks
> Godwin
>
> --
> *Godwin Amila Shrimal*
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D *
> twitter: https://twitter.com/godwinamila
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


 --
 *Arshardh Ifthikar*
 Trainee Software Engineer
 WSO2, Inc.
 Mobile: +94719806525 <+94%2071%20980%206525>

>>>
>>>
>>>
>>> --
>>> *Godwin Amila Shrimal*
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> mobile: *+94772264165*
>>> linkedin: *http://lnkd.in/KUum6D *
>>> twitter: https://twitter.com/godwinamila
>>> 
>>>
>>
>>
>>
>> --
>> *Arshardh Ifthikar*
>> Trainee Software Engineer
>> WSO2, Inc.
>> Mobile: +94719806525 <+94%2071%20980%206525>
>>
>
>


-- 
*Godwin Amila Shrimal*
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware

mobile: *+94772264165*
linkedin: *http://lnkd.in/KUum6D *
twitter: https://twitter.com/godwinamila

___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] MSF4J Websocket security token transmit

2017-04-21 Thread Ayyoob Hamza 
Hi
What would be solution if we are to initiate the connection from the
browser itself, AFAIK websocket library for browsers does not support
adding headers.

Thanks,

*Ayyoob Hamza*
*Senior Software Engineer*
WSO2 Inc.; http://wso2.com
email: ayy...@wso2.com cell: +94 77 1681010 <%2B94%2077%207779495>

On Fri, Apr 21, 2017 at 11:32 AM, Irunika Weeraratne 
wrote:

> Hi Godwin,
> IMHO the best way to do it using HTTP header. Are you using netty
> directly? If that so there is a way to add necessary headers for the
> initial handshake and we can check them in the server side.
>
> Thanks,
> Irunika
>
> *Irunika Weeraratne*
> *Software Engineer | WSO2, Inc. *
> *Email : irun...@wso2.com *
> *LinkedIn : https://lk.linkedin.com/in/irunika
> *
> *Mobile : +94712403314 <+94%2071%20240%203314>*
> *Lean . Enterprise . Middleware*
>
>
> On Fri, Apr 21, 2017 at 11:27 AM, Arshardh Ifthikar 
> wrote:
>
>> You can find it here: https://docs.wso2.com/display/
>> AM210/Create+a+WebSocket+API
>>
>> Thanks
>>
>> On Fri, Apr 21, 2017 at 11:24 AM, Godwin Shrimal  wrote:
>>
>>> Can you please share the relevant API Manager source ?
>>>
>>>
>>> Thanks
>>> Godwin
>>>
>>> On Fri, Apr 21, 2017 at 11:22 AM, Arshardh Ifthikar 
>>> wrote:
>>>
 Hi,

 IMHO the best approach would be to send it via a header in the initial
 HTTP request used to establish the connection. This is the method we follow
 to send the access token for websocket APIs in the API Manager.

 Thanks
 Arshardh

 On Fri, Apr 21, 2017 at 11:11 AM, Godwin Shrimal 
 wrote:

> Hi All,
>
> What is the best way to transmit a security token in web socket while
> establishing a connection ? Currently we are passing through path 
> parameter
> such as wss://localhost:8080/server/
>
> Is it secure to sent it via path parameter ? If not what is the
> correct approach ?
>
>
> Thanks
> Godwin
>
> --
> *Godwin Amila Shrimal*
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D *
> twitter: https://twitter.com/godwinamila
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


 --
 *Arshardh Ifthikar*
 Trainee Software Engineer
 WSO2, Inc.
 Mobile: +94719806525 <+94%2071%20980%206525>

>>>
>>>
>>>
>>> --
>>> *Godwin Amila Shrimal*
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> mobile: *+94772264165*
>>> linkedin: *http://lnkd.in/KUum6D *
>>> twitter: https://twitter.com/godwinamila
>>> 
>>>
>>
>>
>>
>> --
>> *Arshardh Ifthikar*
>> Trainee Software Engineer
>> WSO2, Inc.
>> Mobile: +94719806525 <+94%2071%20980%206525>
>>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] MSF4J Websocket security token transmit

2017-04-21 Thread Abimaran Kugathasan 
Hi Godwin,

You can find the source code of API Manager websocket Inbound Handler here
[1] which reading and validating Authorization header.

[1] :
https://github.com/wso2/carbon-apimgt/blob/6.1.x/components/apimgt/org.wso2.carbon.apimgt.gateway/src/main/java/org/wso2/carbon/apimgt/gateway/handlers/WebsocketInboundHandler.java#L177

On Fri, Apr 21, 2017 at 11:32 AM, Irunika Weeraratne 
wrote:

> Hi Godwin,
> IMHO the best way to do it using HTTP header. Are you using netty
> directly? If that so there is a way to add necessary headers for the
> initial handshake and we can check them in the server side.
>
> Thanks,
> Irunika
>
> *Irunika Weeraratne*
> *Software Engineer | WSO2, Inc. *
> *Email : irun...@wso2.com *
> *LinkedIn : https://lk.linkedin.com/in/irunika
> *
> *Mobile : +94712403314 <+94%2071%20240%203314>*
> *Lean . Enterprise . Middleware*
>
>
> On Fri, Apr 21, 2017 at 11:27 AM, Arshardh Ifthikar 
> wrote:
>
>> You can find it here: https://docs.wso2.com/display/
>> AM210/Create+a+WebSocket+API
>>
>> Thanks
>>
>> On Fri, Apr 21, 2017 at 11:24 AM, Godwin Shrimal  wrote:
>>
>>> Can you please share the relevant API Manager source ?
>>>
>>>
>>> Thanks
>>> Godwin
>>>
>>> On Fri, Apr 21, 2017 at 11:22 AM, Arshardh Ifthikar 
>>> wrote:
>>>
 Hi,

 IMHO the best approach would be to send it via a header in the initial
 HTTP request used to establish the connection. This is the method we follow
 to send the access token for websocket APIs in the API Manager.

 Thanks
 Arshardh

 On Fri, Apr 21, 2017 at 11:11 AM, Godwin Shrimal 
 wrote:

> Hi All,
>
> What is the best way to transmit a security token in web socket while
> establishing a connection ? Currently we are passing through path 
> parameter
> such as wss://localhost:8080/server/
>
> Is it secure to sent it via path parameter ? If not what is the
> correct approach ?
>
>
> Thanks
> Godwin
>
> --
> *Godwin Amila Shrimal*
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D *
> twitter: https://twitter.com/godwinamila
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


 --
 *Arshardh Ifthikar*
 Trainee Software Engineer
 WSO2, Inc.
 Mobile: +94719806525 <+94%2071%20980%206525>

>>>
>>>
>>>
>>> --
>>> *Godwin Amila Shrimal*
>>> WSO2 Inc.; http://wso2.com
>>> lean.enterprise.middleware
>>>
>>> mobile: *+94772264165*
>>> linkedin: *http://lnkd.in/KUum6D *
>>> twitter: https://twitter.com/godwinamila
>>> 
>>>
>>
>>
>>
>> --
>> *Arshardh Ifthikar*
>> Trainee Software Engineer
>> WSO2, Inc.
>> Mobile: +94719806525 <+94%2071%20980%206525>
>>
>
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
Thanks
Abimaran Kugathasan
Senior Software Engineer - API Technologies

Email : abima...@wso2.com
Mobile : +94 773922820


  
  
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] MSF4J Websocket security token transmit

2017-04-20 Thread Arshardh Ifthikar 
Hi,

IMHO the best approach would be to send it via a header in the initial HTTP
request used to establish the connection. This is the method we follow to
send the access token for websocket APIs in the API Manager.

Thanks
Arshardh

On Fri, Apr 21, 2017 at 11:11 AM, Godwin Shrimal  wrote:

> Hi All,
>
> What is the best way to transmit a security token in web socket while
> establishing a connection ? Currently we are passing through path parameter
> such as wss://localhost:8080/server/
>
> Is it secure to sent it via path parameter ? If not what is the correct
> approach ?
>
>
> Thanks
> Godwin
>
> --
> *Godwin Amila Shrimal*
> WSO2 Inc.; http://wso2.com
> lean.enterprise.middleware
>
> mobile: *+94772264165*
> linkedin: *http://lnkd.in/KUum6D *
> twitter: https://twitter.com/godwinamila
> 
>
> ___
> Dev mailing list
> Dev@wso2.org
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>


-- 
*Arshardh Ifthikar*
Trainee Software Engineer
WSO2, Inc.
Mobile: +94719806525
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Re: [Dev] MSF4J Websocket security token transmit

2017-04-20 Thread Irunika Weeraratne 
Hi Godwin,
IMHO the best way to do it using HTTP header. Are you using netty directly?
If that so there is a way to add necessary headers for the initial
handshake and we can check them in the server side.

Thanks,
Irunika

*Irunika Weeraratne*
*Software Engineer | WSO2, Inc. *
*Email : irun...@wso2.com *
*LinkedIn : https://lk.linkedin.com/in/irunika
*
*Mobile : +94712403314*
*Lean . Enterprise . Middleware*


On Fri, Apr 21, 2017 at 11:27 AM, Arshardh Ifthikar 
wrote:

> You can find it here: https://docs.wso2.com/display/
> AM210/Create+a+WebSocket+API
>
> Thanks
>
> On Fri, Apr 21, 2017 at 11:24 AM, Godwin Shrimal  wrote:
>
>> Can you please share the relevant API Manager source ?
>>
>>
>> Thanks
>> Godwin
>>
>> On Fri, Apr 21, 2017 at 11:22 AM, Arshardh Ifthikar 
>> wrote:
>>
>>> Hi,
>>>
>>> IMHO the best approach would be to send it via a header in the initial
>>> HTTP request used to establish the connection. This is the method we follow
>>> to send the access token for websocket APIs in the API Manager.
>>>
>>> Thanks
>>> Arshardh
>>>
>>> On Fri, Apr 21, 2017 at 11:11 AM, Godwin Shrimal 
>>> wrote:
>>>
 Hi All,

 What is the best way to transmit a security token in web socket while
 establishing a connection ? Currently we are passing through path parameter
 such as wss://localhost:8080/server/

 Is it secure to sent it via path parameter ? If not what is the correct
 approach ?


 Thanks
 Godwin

 --
 *Godwin Amila Shrimal*
 WSO2 Inc.; http://wso2.com
 lean.enterprise.middleware

 mobile: *+94772264165*
 linkedin: *http://lnkd.in/KUum6D *
 twitter: https://twitter.com/godwinamila
 

 ___
 Dev mailing list
 Dev@wso2.org
 http://wso2.org/cgi-bin/mailman/listinfo/dev


>>>
>>>
>>> --
>>> *Arshardh Ifthikar*
>>> Trainee Software Engineer
>>> WSO2, Inc.
>>> Mobile: +94719806525 <+94%2071%20980%206525>
>>>
>>
>>
>>
>> --
>> *Godwin Amila Shrimal*
>> WSO2 Inc.; http://wso2.com
>> lean.enterprise.middleware
>>
>> mobile: *+94772264165*
>> linkedin: *http://lnkd.in/KUum6D *
>> twitter: https://twitter.com/godwinamila
>> 
>>
>
>
>
> --
> *Arshardh Ifthikar*
> Trainee Software Engineer
> WSO2, Inc.
> Mobile: +94719806525 <+94%2071%20980%206525>
>
___
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev