On Fri, Aug 23, 2013 at 11:25 AM, Nick Williams < nicho...@nicholaswilliams.net> wrote:
> In the modifyHandshake method of your Configurator, you can call > getUserProperties on the EndpointConfig argument. This returns a modifiable > Map<String, Object> that you can add values to. After modifyHandshake > returns and before onOpen is called, the values from that map are copied to > the Session, and you can retrieve them by calling > Session#getUserProperties(). That's how I'm passing Cookie and HttpSession > objects into my endpoints' onOpen methods. For example: > > public class MyConfigurator extends ServerEndpointConfig.Configurator { > public void modifyHandshake(ServerEndpointConfig config, > HandshakeRequest request, HandshakeResponse response) { > > super.modifyHandshake(config, request, response); > config.getUserProperties.put("httpSessionObject", > request.getHttpSession()); > } > } > > Then later: > > @OnOpen > public void onOpen(Session session) { > > HttpSession httpSession = (HttpSession) > session.getUserProperties().get("httpSessionObject"); > } > > It ain't pretty. IMO, it was a serious design flaw in the spec not to > provide ways to get the HttpSession and Cookies from the Session object. > Maybe I'll try to get on the EG for the next version. :-) > > N > > On Aug 23, 2013, at 1:01 PM, toddfas wrote: > > > Our existing web app has custom session management (does not use > > JSESSIONID) and stores the session identifier in a cookie. The cookie is > > marked httpOnly (and secure) so the client side Javascript opening the > > websocket does not have access to it. I want to use this session > identifier > > in ServerEndPoint.onOpen to verify the user attempting to open the > > Websocket connection and then be able to keep track of the user's context > > as messages are received and sent over websocket. > > > > Thanks for any additional ideas on how to accomplish this. > > Todd > > > > > > On Fri, Aug 23, 2013 at 10:08 AM, Niki Dokovski <nick...@gmail.com> > wrote: > > > >> On Fri, Aug 23, 2013 at 7:03 PM, toddfas <todd...@gmail.com> wrote: > >> > >>> Thanks very much for the quick response Niki! > >>> > >>> I went down the configurator path too, but then I could not find a way > >>> to pass the cookie values into the ServerEndPoint.onOpen where I need > >>> to use it. I tried passing it via session.getRequestParameterMap() but > >>> that is a Collections.unmodifiableMap(). In my scenario the > >>> session.getHttpSession() is NULL so I can't put it in there. I didn't > >>> like the idea of putting it in ThreadLocal (unless I am guaranteed by > >>> the spec that ServerEndPoint.onOpen is always called on the same > >>> thread that processes the handshake). > >>> > >>> That was when I started thinking I must be missing something simple. > >>> Any suggestions? > >>> > >> > >> Well, onOpen is called after the handshake is finished. [WSC-4.4-1] It > >> designates an established connection and that means you are already in > the > >> websocket world. I don;t see an easy way for doing this. Can you > describe > >> the use case in greater details. What problem do you solve by having > access > >> to the handshale request headers (incl cookies) in that phase? > >> > >>> > >>> Thanks, > >>> Todd > >>> > >>> > >>> On Thu, Aug 22, 2013 at 10:12 PM, Niki Dokovski <nick...@gmail.com> > >> wrote: > >>>> On Fri, Aug 23, 2013 at 2:58 AM, toddfas <todd...@gmail.com> wrote: > >>>> > >>>>> I'm trying to figure out how to get access to the cookies and headers > >>>>> passed up in the Websocket handshake request on Tomcat 8. > >>>>> > >>>>> In Tomcat 7 the whole HttpServletRequest was passed into the > >>>>> WebSocketServlet. createWebSocketInbound method so it was easy to > grab > >>>>> from the request headers. In Tomcat 8 the querystring and URI are > both > >>>>> exposed by the javax.websocket.Session passed to > >>>>> ServerEndPoint.onOpen, but I don't see a mechanism for getting the > >>>>> cookies or headers. > >>>>> > >>>> > >>>> You can supply an extension of > >>>> > >>> > >> > http://docs.oracle.com/javaee/7/api/javax/websocket/server/ServerEndpointConfig.Configurator.html > >>>> and get > >>>> > >>> > >> > http://docs.oracle.com/javaee/7/api/javax/websocket/server/HandshakeRequest.html > >>>> through > >>>> modifyHandshake invoked by the container during processing of client > >>> 'GET' > >>>> handshake message. Handshake request containes methods for inspecting > >> the > >>>> http request parameters and headers. > >>>> > >>>> > >>>> > >>>>> We are integrating Websocket connections into an existing web app and > >>>>> want to use the cookies set by our web app in the Websocket > connection > >>>>> process. > >>>>> > >>>>> Thanks for any insight. > >>>>> Todd > >>>>> > >>>>> --------------------------------------------------------------------- > >>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>>>> > >>>>> > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>> > >>> > >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > This worked great Nick - thanks very much for the assistance! Yes, I agree it is not the cleanest but glad there is a workable solution. Appreciate the pointer. Todd