Package com.isomorphic.messaging
Class MessagingAuthFilter
java.lang.Object
com.isomorphic.servlet.BaseFilter
com.isomorphic.messaging.MessagingAuthFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
public class MessagingAuthFilter extends com.isomorphic.servlet.BaseFilter
Filter to block unauthorized attempts to subscribe to Realtime Messaging channels.
This filter can block access to Realtime Messaging channels for both websocket and COMET communication. The filter blocks unauthorized websocket channels by disrupting the initial HTTP handshake that occurs before the websocket itself is opened. To use, place a filter declaration similar to the following in your web.xml:
<filter> <filter-name>MessagingAuthFilter</filter-name> <filter-class>com.isomorphic.messaging.MessagingAuthFilter</filter-class> </filter> <filter-mapping> <filter-name>MessagingAuthFilter</filter-name> <url-pattern>/isomorphic/websocket/*</url-pattern> <url-pattern>/isomorphic/messaging/*</url-pattern> </filter-mapping>where you should adjust the url patterns to match the server websocket and messaging URLs that you have configured.
-
Method Summary
Modifier and TypeMethodDescriptionboolean
authenticate
(String channel, jakarta.servlet.http.HttpServletRequest request) Should the request be allowed to subscribe to the named Realtime Messaging channel?
-
Method Details
-
authenticate
Should the request be allowed to subscribe to the named Realtime Messaging channel?The default implementation always returns true, so that all subscribe requests succeed. To restrict access, define a filter subclass that extends
MessagingAuthFilter
and override this method to return true only for authorized requests.- Parameters:
channel
- the channel that will be subscribed if you grant accessrequest
- the HTTP request that wants to subscribe to the channel
-