Hello everybody, I'm testing a web application to use WebSocket with Tomcat 7.0.30.
I would like my WebSocket connection to be protected and accessible only from authenticated user. In particular I would like to use the BASIC authentication. >From what I understand I thought that by adding the security-constraint to the web.xml would be enough. So basically I have added this to the web.xml file: <security-constraint> <web-resource-collection> <web-resource-name>Galaxy</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> <role-name>user</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>testDS</realm-name> </login-config> <security-role> <role-name>admin</role-name> </security-role> <security-role> <role-name>user</role-name> </security-role> unfortunately that doesn't work, and without any problem I can connect to the websocket channel without any authentication. What do I need to do in order to restrict the access to the application? Thanks in advance
