Over a million developers have joined DZone.

Securing WebSocket Endpoints

DZone's Guide to

Securing WebSocket Endpoints

· Java Zone ·
Free Resource

Learn how to stop testing everything every sprint and only test the code you’ve changed. Brought to you by Parasoft.

As you know, WebSocket is a key capability standardized into Java EE 7. When I talk to developers, many wonder how WebSockets are to be secured. One very nice characteristic for WebSocket is that it in fact completely piggybacks on HTTP. This means that all the well-understood ways of securing web applications instantly applies to WebSocket including SSL/TLS, Basic Authentication, Digest Authentication, LDAP, role based authorization and all the robust security infrastructure built into modern application servers like GlassFish and WebLogic. In a brief blog post, Pavel Bucek demonstrates how to secure WebSocket endpoints in GlassFish using TLS/SSL. Besides the server-side, he also includes a secure client side code example using the wss: protocol.

For a more complete example, you could look at the code for my joint JavaOne 2013 session with Ryan Cuprak and Bala Muthuvarathan titled "Android and iOS Development with Java EE 7". Do let me know if you need more detailed coverage focused on the topic, I will be happy to put something together on my personal blog.

Get the top tips for Java developers and best practices to overcome common challenges. Brought to you by Parasoft.


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}