Hi,
there are currently 3 things you can do to secure access to the bridge:
You can require TLS: require_tls
You can restrict source IPs: require_ip
Eg see:
http://crossbar.io/docs/HTTP-Bridge-Publisher
And you can demand requests to be signed:
http://crossbar.io/docs/HTTP-Bridge-Publisher/#signed-requests
The signature is computed from a pre-shared secret.
Cheers,
/Tobias
Am 11.04.2016 um 22:53 schrieb Jun:
> Does anybody have idea if crossbar supports the http bridge
> authentication? Thanks.
>
> On Tuesday, April 5, 2016 at 2:08:35 PM UTC-7, Jun wrote:
>
> The http bridge is a good feature to use.
> (
http://crossbar.io/docs/HTTP-Bridge/
> <
http://crossbar.io/docs/HTTP-Bridge/>)
>
> Currently, I register a callback to dynamically authenticate and
> authorize wamp connections by registering the two authenticator and
> authorizer callbacks.
>
> How will the dynamic authentication/authorization work for http
> bridge? (the ticket method is preferred)
>
> Do you have a sample config.json and sample code? What is required
> for a http post request to do to be authenticated/authorized?
>
> Thanks
>
> Regards,
> Jun
>
> --
> You received this message because you are subscribed to the Google
> Groups "Crossbar" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to
crossbario+...@googlegroups.com
> <mailto:
crossbario+...@googlegroups.com>.
> To post to this group, send email to
cross...@googlegroups.com
> <mailto:
cross...@googlegroups.com>.
> To view this discussion on the web visit
>
https://groups.google.com/d/msgid/crossbario/e458e115-8df3-4c83-b5fb-03f659b817f2%40googlegroups.com
> <
https://groups.google.com/d/msgid/crossbario/e458e115-8df3-4c83-b5fb-03f659b817f2%40googlegroups.com?utm_medium=email&utm_source=footer>.
> For more options, visit
https://groups.google.com/d/optout.