I am using glassfish 4.0 with websocket support add i would like to know how it is possible to check the origin of webcoket clients and autheticate or not their requests. Please help i cant find any solution.
Asked
Active
Viewed 39 times
0
-
Keep in mind that the `origin` header can be spoofed by non-browser clients anytime. So it is of limited use - definitely not for air-tight security. – oberstet Oct 19 '13 at 16:31
-
i want to know the url from where the handshake is happening not some id for the clients – user2897577 Oct 19 '13 at 17:37
-
Yeah, and that (`origin` == "url from where the handshake is happening") can be faked from non-browser clients. – oberstet Oct 19 '13 at 17:50