Question
I have gone through many tutorials on user authentication and authorization, most of them uses form based authentication(j_security_check) and @RolesAllowed for authorization and jdbcRealm.
So, if the authorization has to work I have to send an HTTP request from client to server. But what I want is send normal websocket request and if I am unauthorized to access the method (based on @RolesAllowed parameters) I should get an Exception.
Any help will be appreciated.
No correct solution
OTHER TIPS
You can use Basic Auth. Encode with Base64 your username:password and send it in the request header's Authorization field. Then on the server decode and authenticate for every request. If resource should be available without authentication, use @PermitAll. Otherwise use @RolesAllowed({"role1","role2"}).
You can get the field from the request header like so:
https://stackoverflow.com/questions/21822247
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianrequest.getHeaderValue("Authorization");
