I am using glassfish 4.0 with websocket support add i would like to know how it is possible to check the origin of webcoket clients and autheticate or not their requests. Please help i cant find any solution.
Related
I am trying to add an API Gateway to a client-server system, which communicates through WebSockets.
The Server is an audio recognition engine that sits in a remote machine, and clients are connecting to it through WebSockets ('wss://...'), sending audio files and receiving their text translate representation.
My main goal is to add a free open-source API Gateway in the middle in order to authenticate\authorize\rate limit\etc (Tried Kong\Tyk\krakenD, but they are not free).
After searching the web, I focused on Apache APISIX gateway.
As a test, I managed to connect the APISIX to a client-server which communicates by http/https and it worked fine.
Moreover, I managed to connect the client with the server on regular websocket connection (ws://) and the data transactions were successful, but no matter what I do I cant connect to the secured connection. Are there any special configurations I should edit in the dashboard?
I'm wondering if anyone knows from experience if it's possible to use
the secured WebSockets with Apache APISIX and if yes, how exactly it should be done - because the docs are missing any informative info\examples, or if there are better solutions known to my problem.
The only WebSocket reference in APISIX dashboard -
What you should do is create an SSL object (you can find it in the sidebar on the left side). See https://apisix.apache.org/docs/apisix/admin-api/#ssl to learn the APISIX SSL object.
You can see an example at https://apisix.apache.org/docs/apisix/certificate
The SSL object provides the required TLS Certificate and Private Key so that this key pair can be used in a TLS handshake according to the TLS SNI sent from clients. After that, your client established a secured connection with APISIX, and now you can send the WebSocket traffic securely.
I have a process that runs in California that wants to talk to a process in New York, using Stomp over Websockets.
Also note that my process is not a web app, but I implemented a stomp over websocket client in C++, in order to connect things up to my backend. Maybe this was or wasn't a good idea. So, I want my client to talk to the server and subscribe, where their client pushed messages.
I was implementing my own server when I saw that ApacheMQ supported Stomp over Websockets. So, I started reading the docs.
It says with the last line under 'configuration' at
http://activemq.apache.org/websockets :
One thing worth noting is that web sockets (just as Ajax) implements ? > the same origin policy, so you can access only brokers running on the > same host as the web application running the client.
it says it again in several related searches such as http://sensatic.net/activemq/activemq-54-stomp-over-web-sockets.html
Is this a limitation of the server or the web client?
With that limitation, if I understand right, the server is not going to accept websocket connections from a client, of any kind, that is not on the same machine?
I am not sure I see the point of that...
If that is indeed its meaning, then how do I get around it in order to implement my scenario?
I've not found that bit of documentation you are referring to but from what I know of the STOMP implementation on the broker this seems incorrect. There shouldn't be any limit to the transport connector accepting connect requests from an outside host by default and I don't think the browser treats the websocket requests the same as it does other things like an Ajax case in terms of the same origin policy.
This probably a case that is best checked by actually trying it to see if it works, I've connected just fine from outside the same host using AMQP over websockets on ActiveMQ so I'd guess the STOMP stack should also work fine.
I set up an API Gateway through Gravitee.io and a Springboot application, and everything seems to work fine as per the rest endpoints, running in https also.
Now, I would like to open a websocket connection through the same port (8080), but when the client tries to do it, this error come up server-side:
Handshake failed due to invalid Upgrade header: null
Looking for some solutions online, seems like a port issue, which could be potentially easy to manage with a tomcat server. But there is a way to address this issue using Gravitee.io ?
Thanks
I would advice you to create an issue in gravitee.io repository at https://github.com/gravitee-io/issues/issues/new
Websocket is not yet ready within Gravitee.io
Since the Origin does not work in the case of non-browser clients: non-browser clients can connect to a Websocket server with a fake origin. Non browser clients thereby can do requests that a programmer want through a program. How to stop this? I want that only my script hosted on my domain can connect to my websocket server. This page offers a “ticket”-based authentication system: https://devcenter.heroku.com/articles/websocket-security
However, it looks like it does not solve this problem because any non-browser clients from anywhere can have a ticket also.
I want that only my script hosted on my domain can connect to my websocket server.
Please tell me how to solve this. Thanks.
I establish a server using WCF based on Https protocol, now i want to create a client using WSO2 WSF/C++(and the client code is generated by Code Generator Tool), however, i can't communicate with server, because the client is based on Http, not Https. And i do not know how to code my client, also there is little sample or code for reference, almost of them are based on http. Now, how can i code my client to implement Https protocol.Does any one know how should i use the API? Thanks!
Since WSF/C++ uses Axis2/C, the HTTPS configurations are same for both WSF/C++ and Axis2/C. You can find HTTPS configuration here.