Websocket authentication in Wildfly with RolesAllowed

Question

I have a web socket defined using standard annotation like so

@ServerEndpoint("/mySocket")
@Singleton
public class myWebsocket {

@Inject
private MyEjb myEjb;

@OnMessage
public void message(Session session, String msg) { ...

Even though my user has logged in, I get access exceptions when calling myEjb because it doesn't recognize my user. If I check the principal of my session object

session.getUserPrincipal().getName()

the correct user is found, however, if I check the jboss SecurityContext class, I see an anonymous user

looks similar to the issue described here https://developer.jboss.org/thread/240617?start=0&tstart=0 — Chris Pike, Mar 25 '15 at 19:38

score 2 · Answer 1 · edited May 29 '20 at 09:55

2

This is a known deficiency in Java EE 7 WebSocket specification, see the following issue in their bug-tracker.

However, there is a workaround available, see the JBoss Security Extended project and this example.

edited May 29 '20 at 09:55

RagingCactus

5
3

answered Jun 11 '17 at 09:56

mrts

16,697
8
89
72

Websocket authentication in Wildfly with RolesAllowed

1 Answers1