2

Im building a social platform and just started on the websocket portion. I'm having trouble understanding where to hook my auth into the Vert.x SockJsHandler. I found a code example using "SockJsServer" via vertx.createSockJsServer here but it doesnt seem like that exists in current versions:

https://github.com/michalboska/codingbeer-vertx/blob/auth-experiment/src/main/java/ch/erni/beer/vertx/HTTPServerVerticle.java

The only hook Im aware of in current version is:

return SockJSHandler.create(vertx).bridge(options) {event ->
    logger.info{ "socket event: ${event.type()}" }
    event.complete(true)
}

I see event.socket().webUser() and .webSession() exists but am unclear how/where that would get set. So my question is, will I need to create an auth handler on the initial handshake only and if so, where? If a js client needs to receive notifications for say, a message from a specific chatroom they are a member 'chat123', should I register unique handlers for chat123, or somehow iterate over event.socket().webUser() for valid ids each time?

Most vert.x docs are offline with the new site migrating to vert.x 4 so infos a bit hard to find at the moment.

Micah Smith
  • 311
  • 2
  • 11
  • The question is very broad, and isn't directly related to Vert.x In general, WebSockets don't provide you with any kind of authentication or authorisation, nor does Vertx, and you should write one yourself. – Alexey Soshin Dec 17 '20 at 17:04
  • @AlexeySoshin edited with vertx specific question. Im aware ill need to write an AuthHandler for my jwt token but unsure where to hook in or interfaces to implement. Most vertx docs are down, and theyre isnt much on the sockjs handler anyway – Micah Smith Dec 17 '20 at 18:08
  • Is the documentation still not working for you? Try this link: https://vertx.io/docs/vertx-web/java/#_requiring_authorization_for_messages It seems that it's very close to what you're looking for. I'm not sure if you would like to use the `SockJsBridge`, though – Alexey Soshin Dec 17 '20 at 20:37
  • I have been wondering about this for a long time too. It seems like you have to intercept the bridge events, and authorize the send, publish and/or receive events, based on the web user or web session of the socket of the event: https://vertx.io/docs/vertx-web/java/#_handling_event_bus_bridge_events – Johan Stuyts Jan 21 '21 at 23:23

0 Answers0