[
https://issues.apache.org/jira/browse/SHIRO-620?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15949254#comment-15949254
]
Laszlo Hornyak commented on SHIRO-620:
--------------------------------------
(!) A possible obstacle/problem: websocket api is only supported by spring 4.0+
while shiro only requires 3.2. This should go either to a separate module or
the spring version should be updated.
> authentication and authorization support for spring websocket
> -------------------------------------------------------------
>
> Key: SHIRO-620
> URL: https://issues.apache.org/jira/browse/SHIRO-620
> Project: Shiro
> Issue Type: New Feature
> Components: Authentication (log-in), Authorization (access control)
> Reporter: Laszlo Hornyak
> Labels: features, security, spring, websocket
>
> Shiro could add some support for spring websockets.
> {code:xml}
> <websocket:handlers>
> <websocket:mapping path="/ws" handler="wsHandler"/>
> <websocket:handshake-interceptors>
> <bean
> class="org.apache.shiro.somepackage.WebsocketSecurityInterceptor"></bean>
> </websocket:handshake-interceptors>
> </websocket:handlers>
> {code}
> This security interceptor could do two things by overriding the
> beforeHandshake method:
> * Decide whether or not the user can open the websocket
> * Set authentication information in the socket attributes
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
