One of the larger items remaining to work on is how the Web Socket API integrates-with/works-when-deployed-in web containers and in the Java EE platform.
So I wanted to get out a few simple ideas to stimulate discussion on that topic.
1) Integration with web security
- it should be possible to declare a web socket's security context: an endpoint's required authentication scheme, the user-roles that can access it, whether transport encryption must be on on/off.
- developers should have access to the security context at runtime (current API does some, not all of this).
2) Web Socket sessions and Http Sessions
- see my last email on 'Multithreading Options' for four suggested scenarios on that. I'm sure there are more.
3) Using EE components to create Web Sockets
- it should be possible to create a web socket endpoint using a stateless session or singleton EJB, or using a CDI managed bean
4) Here are some useful objects to inject into web socket applications:-
a) into web socket endpoints
- ServerContainer (see WebSocketAPI v003)
- EndpointConfiguration (see WebSocketAPI v003)
- list of active Sessions (see WebSocketAPI v003)
b) into a MessageHandler
- current Session (see WebSocketAPI v003)
- Remote (see WebSocketAPI v003)
5) Packaging model
- should be able to deploy websocket application classes into a WAR
- they should live in the usual spot WEB-INF/classes and/or WEB-INF/lib
I'd welcome other ideas or comment on all of these !
[jsr356-experts] Some ideas on Web Sockets in the web container and in Java EE