@Override public void modifyHandshake( ServerEndpointConfig sec, HandshakeRequest request, HandshakeResponse response) { // Is Authenticated? Principal principal = request.getUserPrincipal(); if (principal == null) { throw new RuntimeException("Not authenticated"); } // Is Authorized? if (!request.isUserInRole("websocket")) { throw new RuntimeException("Not authorized"); } // normal operation super.modifyHandshake(sec, request, response); }
@Override public void modifyHandshake( ServerEndpointConfig sec, HandshakeRequest request, HandshakeResponse response) { delegate.modifyHandshake(sec, request, response); // do not store null keys/values because Tomcat 8 uses ConcurrentMap for UserProperties Map<String, Object> userProperties = sec.getUserProperties(); Object httpSession = request.getHttpSession(); LOG.trace("httpSession: {}", httpSession); if (httpSession != null) { userProperties.put("session", httpSession); } Map<String, List<String>> headers = request.getHeaders(); LOG.trace("headers: {}", headers); if (headers != null) { userProperties.put("headers", headers); } Map<String, List<String>> parameterMap = request.getParameterMap(); LOG.trace("parameterMap: {}", parameterMap); if (parameterMap != null) { userProperties.put("parameterMap", parameterMap); } String queryString = request.getQueryString(); LOG.trace("queryString: {}", queryString); if (queryString != null) { userProperties.put("queryString", queryString); } URI requestURI = request.getRequestURI(); LOG.trace("requestURI: {}", requestURI); if (requestURI != null) { userProperties.put("requestURI", requestURI); } Principal userPrincipal = request.getUserPrincipal(); LOG.trace("userPrincipal: {}", userPrincipal); if (userPrincipal != null) { userProperties.put("userPrincipal", userPrincipal); } }