You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the feature
Add a onBeforeUpgrade to the WsConfig for when a Ws endpoint is registered:
javalin.ws("/ws", wsConfig -> {
wsConfig.onBeforeUpgrade(ctx -> {
if (!ctx.isAuthorized()) { // Pseudo method.throwUnauthorizedResponse();
}
});,
wsConfig.onConnect(ctx -> {
// Only invoked if `onBeforeUpgrade` succeeds.
});
});
This is the same as doing:
javalin.wsBeforeUpgrade("/ws", ctx -> {
if (!ctx.isAuthorized()) { // Pseudo method.throwUnauthorizedResponse();
}
});
javalin.ws("/ws", wsConfig -> {
wsConfig.onConnect(ctx -> {
// Only invoked if `onBeforeUpgrade` succeeds.
});
});
but allows you to:
Define the path once.
Easily define an 'access manager' per websocket path.
Stops you from accidentally doing javalin.wsBeforeUpgrade("/wws", ctx -> { ... }); and javalin.ws("/ws", wsConfig -> { ... }); and not realising that the before upgrade isn't ever going to match a path, so it results in a 404 error, and now /ws is unauthorized when the application boots. (stumped me for about 30 seconds, then realised I was being dumb).
Additional context
I think it is extremely important to continue supporting the wsBeforeUpgrade(ctx -> { ... }); and wsBeforeUpgrade(path, ctx -> { ... }); methods. The WsConfig introduction is essentially the same thing under the hood.
Add any other context about the feature request here
The text was updated successfully, but these errors were encountered:
@LoonyRules I think it is extremely important to continue supporting the wsBeforeUpgrade(ctx -> { ... }); and wsBeforeUpgrade(path, ctx -> { ... }); methods. The WsConfig introduction is essentially the same thing under the hood.
There seems to be significant overlap here, why do you think it's important to keep both?
(You could eliminate the path issue by using the path(...) method? 🤔)
Ease of use is the only thing I can think of. If you want all web sockets upgrades to be authenticated, then you could just define 1 wsBeforeUpgrade(ctx -> { ... }) handler instead of 1-per-ws, something that you might not necessarily have access to (at the WsConfig level) if you registered the wsBeforeUpgrade in a framework rather than at the application impl level, where the .ws("/ws", wsConfig -> { ... }); is defined.
Describe the feature
Add a
onBeforeUpgrade
to the WsConfig for when a Ws endpoint is registered:This is the same as doing:
but allows you to:
javalin.wsBeforeUpgrade("/wws", ctx -> { ... });
andjavalin.ws("/ws", wsConfig -> { ... });
and not realising that the before upgrade isn't ever going to match a path, so it results in a 404 error, and now/ws
is unauthorized when the application boots. (stumped me for about 30 seconds, then realised I was being dumb).Additional context
I think it is extremely important to continue supporting the
wsBeforeUpgrade(ctx -> { ... });
andwsBeforeUpgrade(path, ctx -> { ... });
methods. The WsConfig introduction is essentially the same thing under the hood.Add any other context about the feature request here
The text was updated successfully, but these errors were encountered: