Hi,
On 21/08/14 11:53, Michał Woś wrote:
Websocket upgrade request can be done from any origin and by anyone. I
can't find any security means to protect this particular request. Please
advise because I might be missing sth.
The HTTP headers available at the upgrade request will be available to
CXF filters, in case of the OAuth2 client we'd have
Authorization: Bearer 123456
(or whatever the token type is)
and OAuth2 filter will take care of it, while the CORS filter will take
care of the origin restrictions/etc. I'm also presuming it would be
recommended to use a secure wss: protocol.
Does it sound right to you ?
Cheers, Sergey
Kind regards,
Michał
