Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Securing WebSocket Endpoints

DZone's Guide to

Securing WebSocket Endpoints

· Java Zone ·
Free Resource

The CMS developers love. Open Source, API-first and Enterprise-grade. Try BloomReach CMS for free.

As you know, WebSocket is a key capability standardized into Java EE 7. When I talk to developers, many wonder how WebSockets are to be secured. One very nice characteristic for WebSocket is that it in fact completely piggybacks on HTTP. This means that all the well-understood ways of securing web applications instantly applies to WebSocket including SSL/TLS, Basic Authentication, Digest Authentication, LDAP, role based authorization and all the robust security infrastructure built into modern application servers like GlassFish and WebLogic. In a brief blog post, Pavel Bucek demonstrates how to secure WebSocket endpoints in GlassFish using TLS/SSL. Besides the server-side, he also includes a secure client side code example using the wss: protocol.

For a more complete example, you could look at the code for my joint JavaOne 2013 session with Ryan Cuprak and Bala Muthuvarathan titled "Android and iOS Development with Java EE 7". Do let me know if you need more detailed coverage focused on the topic, I will be happy to put something together on my personal blog.

BloomReach CMS: the API-first CMS of the future. Open-source & enterprise-grade. - As a Java developer, you will feel at home using Maven builds and your favorite IDE (e.g. Eclipse or IntelliJ) and continuous integration server (e.g. Jenkins). Manage your Java objects using Spring Framework, write your templates in JSP or Freemarker. Try for free.

Topics:

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}