On 18/09/2012 23:04, Gismor3 wrote: > What do I need to do in order to restrict the access to the application? > Thanks in advance
The WebSocket protocol does not include any concept of an authentication challenge. I tested this recently and the browsers drop the connection if they get a 401 response. To get this working with Tomcat, the following *should* work but is untested. 1. Create an HTTP session. 2. Authenticate the user 3. Start the web socket connection. Provided the user/session is already authenticated, you should be able to protect the WebSocket endpoints using normal Servlet security in web.xml. HTH, Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org