I think I answered my own question. Looks like `ServerEndpointConfig.Configurator` is the class i want and it can be attached to annotations of the web socket endpoint
On Fri, Feb 9, 2018 at 4:42 PM, Alex O'Ree <alexo...@apache.org> wrote: > Is there any kind of trickery to get user roles from a web socket server > running in tomcat? I'm looking at javax.websocket.Session and I'm not > seeing anything other than obtaining the user principle. > > Further more, aside from SSL/TLS, are there any other security related > guides that I should be aware of when using web socket connections in > tomcat? >