2

We have a Spring-MVC application with websockets deployed on a Jetty server. We also have HashLoginService as shown below configured for jetty. When the application starts, we are able to access it with websockets functionality intact on FF, Chrome, Opera, IE but not on Safari. The only thing we get back is 401. After disabling the HashLoginService, websockets work fine. Is there some configuration in Jetty or somewhere required so that websockets work in Safari with authentication. Thank you.

Safari version : 11.0.3(desktop version)
Jetty - 9.4

jetty.xml :

  <Arg>
            <New class="org.eclipse.jetty.security.HashLoginService">
               <Set name="name">Default Realm</Set>
               <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
            </New>
         </Arg>
      </Call>

web.xml from project: 

<security-constraint>
            <web-resource-collection>
                <web-resource-name>username</web-resource-name>
                <url-pattern>/*</url-pattern>
            </web-resource-collection>
            <auth-constraint>
                <role-name>user-role</role-name>
            </auth-constraint>
        </security-constraint>

            <security-constraint>
                <web-resource-collection>
                    <web-resource-name>username</web-resource-name>
                    <url-pattern>/*</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                    <role-name>user-role</role-name>
                </auth-constraint>
            </security-constraint>

        <security-role>
            <role-name>user-role</role-name>
        </security-role>

Any idea what we can do? Thanks.

We are Borg
  • 5,117
  • 17
  • 102
  • 225
  • What version of Safari (and is this mobile safari or desktop/laptop safari)? and What version of Jetty? – Joakim Erdfelt Mar 16 '18 at 13:08
  • @JoakimErdfelt : I have also added it to the main post after ur comment. Thank you. Safari version : 11(desktop), Jetty : 9.4 – We are Borg Mar 16 '18 at 13:12
  • Which websockets API are you using on Jetty? (Native WebSockets, or JSR356 WebSockets)? – Joakim Erdfelt Mar 16 '18 at 15:29
  • @Joakim Erdfelt : I have enabled websockets module from start.ini by adding --module=websockets. I presume the default one is loaded, but how can I check. – We are Borg Mar 16 '18 at 16:25
  • That module makes both APIs available, its up to your webapp to choose one or the other (or in some rare cases both). A stackdump while a websocket is active would tell you (are classes on package `org.eclipse.jetty.websocket.jsr356` present? then i'ts JSR356, otherwise it's native WebSocket) – Joakim Erdfelt Mar 16 '18 at 16:27
  • @JoakimErdfelt : sorry for the late reply. I am using native websocket implementation. Thank you. – We are Borg Mar 19 '18 at 08:42
  • @JoakimErdfelt : Any ideas? thank you. – We are Borg Apr 06 '18 at 09:26

1 Answers1

3

Standard HTTP Authentication is apparently not supported on Safari and WebSockets.

See: https://bugs.webkit.org/show_bug.cgi?id=80362

You can find some workarounds at a different stackoverflow answer.

HTTP headers in Websockets client API

Joakim Erdfelt
  • 46,896
  • 7
  • 86
  • 136