...
A "ticket" based authentication can be used by applications to handle the authentication problem, similar to what Zeppelin uses as the time or writing. In this method the client side talks to WebSocket server over HTTP, authenticates and obtains a security "ticket". WebSocket server issues this "ticket" and ties it to the user identity (e.g. username) this mapping is then stored in a cache. When the client connects via WebSocket it sends this "ticket" as part of the payload which the WebSocket server uses to verify the user identity and make sure the session is not expired.
Future work
KNOX-772 - Implement binary protocol support for Websocket feature - DONE
Currently websocket feature in Knox only supports text messages, to be fully compatible with the websocket specs we need to support binary protocol as well.
...
Currently Websockets is the only non-http protocol Knox supports, it would help if we could create a generic framework that can be used by all non-http protocols such as Websockets, thrift etc. preventing code duplication and help code and resource re-use.
KNOX-776 - Rewrite rule handling for websockets - DONE
Currently we simply proxy websocket payload we should support some form of rewrite rule handling.
...
Current websocket implementation is a bit taxing on memory it should be lightweight and Knox should be able to support 500 - 1K concurrent connections.
KNOX-895 - Pass cookies to websocket backend - DONE
Share session cookies