Our existing web app has custom session management (does not use JSESSIONID) and stores the session identifier in a cookie. The cookie is marked httpOnly (and secure) so the client side Javascript opening the websocket does not have access to it. I want to use this session identifier in ServerEndPoint.onOpen to verify the user attempting to open the Websocket connection and then be able to keep track of the user's context as messages are received and sent over websocket.
Thanks for any additional ideas on how to accomplish this. Todd On Fri, Aug 23, 2013 at 10:08 AM, Niki Dokovski <nick...@gmail.com> wrote: > On Fri, Aug 23, 2013 at 7:03 PM, toddfas <todd...@gmail.com> wrote: > > > Thanks very much for the quick response Niki! > > > > I went down the configurator path too, but then I could not find a way > > to pass the cookie values into the ServerEndPoint.onOpen where I need > > to use it. I tried passing it via session.getRequestParameterMap() but > > that is a Collections.unmodifiableMap(). In my scenario the > > session.getHttpSession() is NULL so I can't put it in there. I didn't > > like the idea of putting it in ThreadLocal (unless I am guaranteed by > > the spec that ServerEndPoint.onOpen is always called on the same > > thread that processes the handshake). > > > > That was when I started thinking I must be missing something simple. > > Any suggestions? > > > > Well, onOpen is called after the handshake is finished. [WSC-4.4-1] It > designates an established connection and that means you are already in the > websocket world. I don;t see an easy way for doing this. Can you describe > the use case in greater details. What problem do you solve by having access > to the handshale request headers (incl cookies) in that phase? > > > > > Thanks, > > Todd > > > > > > On Thu, Aug 22, 2013 at 10:12 PM, Niki Dokovski <nick...@gmail.com> > wrote: > > > On Fri, Aug 23, 2013 at 2:58 AM, toddfas <todd...@gmail.com> wrote: > > > > > >> I'm trying to figure out how to get access to the cookies and headers > > >> passed up in the Websocket handshake request on Tomcat 8. > > >> > > >> In Tomcat 7 the whole HttpServletRequest was passed into the > > >> WebSocketServlet. createWebSocketInbound method so it was easy to grab > > >> from the request headers. In Tomcat 8 the querystring and URI are both > > >> exposed by the javax.websocket.Session passed to > > >> ServerEndPoint.onOpen, but I don't see a mechanism for getting the > > >> cookies or headers. > > >> > > > > > > You can supply an extension of > > > > > > http://docs.oracle.com/javaee/7/api/javax/websocket/server/ServerEndpointConfig.Configurator.html > > > and get > > > > > > http://docs.oracle.com/javaee/7/api/javax/websocket/server/HandshakeRequest.html > > > through > > > modifyHandshake invoked by the container during processing of client > > 'GET' > > > handshake message. Handshake request containes methods for inspecting > the > > > http request parameters and headers. > > > > > > > > > > > >> We are integrating Websocket connections into an existing web app and > > >> want to use the cookies set by our web app in the Websocket connection > > >> process. > > >> > > >> Thanks for any insight. > > >> Todd > > >> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > >> For additional commands, e-mail: users-h...@tomcat.apache.org > > >> > > >> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > >
