-
Type:
New Feature
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Authentication (log-in), Authorization (access control)
Shiro could add some support for spring websockets.
<websocket:handlers> <websocket:mapping path="/ws" handler="wsHandler"/> <websocket:handshake-interceptors> <bean class="org.apache.shiro.somepackage.WebsocketSecurityInterceptor"></bean> </websocket:handshake-interceptors> </websocket:handlers>
This security interceptor could do two things by overriding the beforeHandshake method:
- Decide whether or not the user can open the websocket
- Set authentication information in the socket attributes