I'm curious if there's anything defined in JSR-356 to enable a client to pass some security claims in the connect that would allow me to perform an auth check - prior to actually establishing the websocket connection.
In an attempt to avoid a websocket DOS, I'm looking to see whether we can do an auth check in the ServerEndpoint onOpen (or, possibly at an earlier stage) - before the actual websocket gets established. I know we can do this at the application level in the onMessage, but it'd be good to handle this before setting up the actual websocket if possible. Thanks, Bob DeRemer Senior Director, Architecture and Development [Description: Description: Description: Description: cid:image001.png@01CBE3DE.51A12030] http://www.thingworx.com<http://www.thingworx.com/> Skype: bob.deremer.thingworx O: 610.594.6200 x812 M: 717.881.3986
