Is there any kind of trickery to get user roles from a web socket server running in tomcat? I'm looking at javax.websocket.Session and I'm not seeing anything other than obtaining the user principle.
Further more, aside from SSL/TLS, are there any other security related guides that I should be aware of when using web socket connections in tomcat?