Package com.isomorphic.messaging

Class MessagingAuthFilter

java.lang.Object
com.isomorphic.servlet.BaseFilter
com.isomorphic.messaging.MessagingAuthFilter
All Implemented Interfaces:
jakarta.servlet.Filter
public class MessagingAuthFilter extends com.isomorphic.servlet.BaseFilter
Filter to block unauthorized attempts to subscribe to Realtime Messaging channels.

This filter can block access to Realtime Messaging channels for both websocket and COMET communication. The filter blocks unauthorized websocket channels by disrupting the initial HTTP handshake that occurs before the websocket itself is opened. To use, place a filter declaration similar to the following in your web.xml: 

<filter>
     <filter-name>MessagingAuthFilter</filter-name>
     <filter-class>com.isomorphic.messaging.MessagingAuthFilter</filter-class>
 </filter>
 <filter-mapping>
     <filter-name>MessagingAuthFilter</filter-name>
     <url-pattern>/isomorphic/websocket/*</url-pattern>
     <url-pattern>/isomorphic/messaging/*</url-pattern>
 </filter-mapping>
where you should adjust the url patterns to match the server websocket and messaging URLs that you have configured.

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    authenticate(String channel, jakarta.servlet.http.HttpServletRequest request)
    Should the request be allowed to subscribe to the named Realtime Messaging channel?

  • Method Details

    • authenticate

      public boolean authenticate(String channel, jakarta.servlet.http.HttpServletRequest request)
      Should the request be allowed to subscribe to the named Realtime Messaging channel?

      The default implementation always returns true, so that all subscribe requests succeed. To restrict access, define a filter subclass that extends MessagingAuthFilter and override this method to return true only for authorized requests.

      Parameters:
      channel - the channel that will be subscribed if you grant access
      request - the HTTP request that wants to subscribe to the channel