I am creating a webapp with Spring MVC on Tomcat7, and I am using Spring Security to authenticate users. Besides the standard controllers, I also have a websocket servlet that requires a connection for authentication.
The flow is as follows: the client connects to the server and redirects to the login page, after successful authentication, it receives attempts to connect to the socket. I need to make sure that only an authenticated user can start a connection to the web server.
After some research, I found that the authentication of the Http Upgrade request that starts the connection to websocket should be enough. However, I do not understand how to do this using the technologies that I use. A simple url hook pointing to websocket does not seem to work, as attempts to connect to the end of the socket with a 302 response, so I think the authentication failed, and I was redirected to my login page. I would appreciate help in solving the problem.
thank
source
share