WebSockets are secured using the web container security model. A WebSockets developer can declare whether the access to the WebSocket server endpoint needs to be authenticated, who can access it, or if it needs an encrypted connection.
A WebSockets endpoint which is mapped to a
ws:// URI is protected under the deployment descriptor with
http:// URI with the same
hostname,port path since the initial handshake is from the HTTP connection. So, WebSockets developers can assign an authentication scheme, user roles, and a transport guarantee to any WebSockets endpoints.
We will take the same sample as we saw in Chapter 2, WebSockets and Server-sent Events, and make it a secure WebSockets application.
Here is the
web.xml for a secure ...