Hi folks,
One of the larger items remaining to work on is how the Web Socket API
integrates-with/works-when-deployed-in web containers and in the Java EE
platform.
So I wanted to get out a few simple ideas to stimulate discussion on
that topic.
1) Integration with web security
- it should be possible to declare a web socket's security context: an
endpoint's required authentication scheme, the user-roles that can
access it, whether transport encryption must be on on/off.
- developers should have access to the security context at runtime
(current API does some, not all of this).
2) Web Socket sessions and Http Sessions
- see my last email on 'Multithreading Options' for four suggested
scenarios on that. I'm sure there are more.
3) Using EE components to create Web Sockets
- it should be possible to create a web socket endpoint using a
stateless session or singleton EJB, or using a CDI managed bean
4) Here are some useful objects to inject into web socket applications:-
a) into web socket endpoints
- HttpSession
- ServletContext
- ServerContainer (see WebSocketAPI v003)
- EndpointConfiguration (see WebSocketAPI v003)
- list of active Sessions (see WebSocketAPI v003)
b) into a MessageHandler
- current Session (see WebSocketAPI v003)
- Remote (see WebSocketAPI v003)
5) Packaging model
- should be able to deploy websocket application classes into a WAR
- they should live in the usual spot WEB-INF/classes and/or WEB-INF/lib
I'd welcome other ideas or comment on all of these !
- Danny
--
<http://www.oracle.com> *Danny Coward *
Java EE
Oracle Corporation