From the course: WebSocket Programming with Java EE
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Secure WebSocket endpoint
From the course: WebSocket Programming with Java EE
Secure WebSocket endpoint
- Securing websocket endpoints is conceptually no different to securing a webpage in the sense that there are two parts to ensuring your site and information is secured. The first part is authentication and authorization. This involves providing a challenge for a username and password then validating that the username and password were entered correctly and checking that the user role is allowed to access the resource. The second part is encryption. This is implemented by enabling TLS. Typically, this is done via the HTTPS protocol for webpages, but for websockets we have WSS. The manner in which the websocket API ensures security is to rely on the containers and security model. The objective in this design is to make it simpler for developers. A websocket which is mapped to a URI like this will be protected by the same mechanism that protects the HTTP URI with the same host name, port, and path like this. In a Java Enterprise application, you do this by configuring security in your…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.