You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Laszlo Hornyak (JIRA)" <ji...@apache.org> on 2017/03/30 15:10:42 UTC
[jira] [Commented] (SHIRO-620) authentication and authorization
support for spring websocket
[ https://issues.apache.org/jira/browse/SHIRO-620?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15949254#comment-15949254 ]
Laszlo Hornyak commented on SHIRO-620:
--------------------------------------
(!) A possible obstacle/problem: websocket api is only supported by spring 4.0+ while shiro only requires 3.2. This should go either to a separate module or the spring version should be updated.
> authentication and authorization support for spring websocket
> -------------------------------------------------------------
>
> Key: SHIRO-620
> URL: https://issues.apache.org/jira/browse/SHIRO-620
> Project: Shiro
> Issue Type: New Feature
> Components: Authentication (log-in), Authorization (access control)
> Reporter: Laszlo Hornyak
> Labels: features, security, spring, websocket
>
> Shiro could add some support for spring websockets.
> {code:xml}
> <websocket:handlers>
> <websocket:mapping path="/ws" handler="wsHandler"/>
> <websocket:handshake-interceptors>
> <bean class="org.apache.shiro.somepackage.WebsocketSecurityInterceptor"></bean>
> </websocket:handshake-interceptors>
> </websocket:handlers>
> {code}
> This security interceptor could do two things by overriding the beforeHandshake method:
> * Decide whether or not the user can open the websocket
> * Set authentication information in the socket attributes
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)