Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Securing WebSocket Endpoints

DZone's Guide to

Securing WebSocket Endpoints

· Java Zone
Free Resource

Learn how to troubleshoot and diagnose some of the most common performance issues in Java today. Brought to you in partnership with AppDynamics.

As you know, WebSocket is a key capability standardized into Java EE 7. When I talk to developers, many wonder how WebSockets are to be secured. One very nice characteristic for WebSocket is that it in fact completely piggybacks on HTTP. This means that all the well-understood ways of securing web applications instantly applies to WebSocket including SSL/TLS, Basic Authentication, Digest Authentication, LDAP, role based authorization and all the robust security infrastructure built into modern application servers like GlassFish and WebLogic. In a brief blog post, Pavel Bucek demonstrates how to secure WebSocket endpoints in GlassFish using TLS/SSL. Besides the server-side, he also includes a secure client side code example using the wss: protocol.

For a more complete example, you could look at the code for my joint JavaOne 2013 session with Ryan Cuprak and Bala Muthuvarathan titled "Android and iOS Development with Java EE 7". Do let me know if you need more detailed coverage focused on the topic, I will be happy to put something together on my personal blog.

Understand the needs and benefits around implementing the right monitoring solution for a growing containerized market. Brought to you in partnership with AppDynamics.

Topics:

Published at DZone with permission of Reza Rahman, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}