securing the event bus bridge

[Tarek]

I have a question about securing the event bus bridge. In the vertx-web docs is a code about securing the event bus path:

http://vertx.io/docs/vertx-web/java/#_requiring_authorisation_for_messages

This is a code snippet from the docs:

AuthHandler basicAuthHandler = BasicAuthHandler.create(authProvider);
router.route("/eventbus/*").handler(basicAuthHandler);  
router.route("/eventbus/*").handler(sockJSHandler);

But how can i set a Basic Auth Header on the client side with the javascript event bus lib? Or do i have to login the user with „traditional“ HTTP methods and after that open the event bus? Do you have a working example with server and client code? 

Thanks in Advance

[Tim Fox]

On 12/08/15 10:49, Tarek wrote:

I have a question about securing the event bus bridge. In the vertx-web docs is a code about securing the event bus path:

http://vertx.io/docs/vertx-web/java/#_requiring_authorisation_for_messages

This is a code snippet from the docs:

AuthHandler basicAuthHandler = BasicAuthHandler.create(authProvider);
router.route("/eventbus/*").handler(basicAuthHandler);  
router.route("/eventbus/*").handler(sockJSHandler);

But how can i set a Basic Auth Header on the client side with the javascript event bus lib? Or do i have to login the user with „traditional“ HTTP methods and after that open the event bus?

It would be common to log the user in before opening the event bus. You can use any of the normal vertx-web auth handlers for that (basic, redirect, jwt, etc)

If you don't want to do any of that and handle auth in a custom way, e.g. by sending some kind of username and password over the event bus connection - you can intercept that using a event bus bridge events and handle auth yourself on the server side. Not sure I would recommend that though - seems more complex than it needs to be.

Do you have a working example with server and client code?

There are various examples in the examples repo of the different auth, and also in the vertx-web test suite. The examples don't show the event bus bridge, but auth would be be done exactly the same whether you're using eventbusbridge or just serving some static pages (or whatever).

Thanks in Advance

--
You received this message because you are subscribed to the Google Groups "vert.x" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vertx+un...@googlegroups.com.
Visit this group at http://groups.google.com/group/vertx.
To view this discussion on the web, visit https://groups.google.com/d/msgid/vertx/e986c51a-d2b7-4366-a4ce-53fee07cf1b3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Tarek]

Am Mittwoch, 12. August 2015 11:59:45 UTC+2 schrieb Tim Fox:

On 12/08/15 10:49, Tarek wrote:

I have a question about securing the event bus bridge. In the vertx-web docs is a code about securing the event bus path:

http://vertx.io/docs/vertx-web/java/#_requiring_authorisation_for_messages

This is a code snippet from the docs:

AuthHandler basicAuthHandler = BasicAuthHandler.create(authProvider);
router.route("/eventbus/*").handler(basicAuthHandler);  
router.route("/eventbus/*").handler(sockJSHandler);

But how can i set a Basic Auth Header on the client side with the javascript event bus lib? Or do i have to login the user with „traditional“ HTTP methods and after that open the event bus?

It would be common to log the user in before opening the event bus. You can use any of the normal vertx-web auth handlers for that (basic, redirect, jwt, etc)

Thank you for the fast answer! So i will use the this method.