This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • KIP-3 Websocket Support

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


A "ticket" based authentication can be used by applications to handle the authentication problem, similar to what Zeppelin uses as the time or writing. In this method the client side talks to WebSocket server over HTTP, authenticates and obtains a security "ticket". WebSocket server issues this "ticket" and ties it to the user identity (e.g. username) this mapping is then stored in a cache. When the client connects via WebSocket it sends this "ticket" as part of the payload which the WebSocket server uses to verify the user identity and make sure the session is not expired.

Future work

KNOX-772 - Implement binary protocol support for Websocket feature - DONE

Currently websocket feature in Knox only supports text messages, to be fully compatible with the websocket specs we need to support binary protocol as well.


Currently Websockets is the only non-http protocol Knox supports, it would help if we could create a generic framework that can be used by all non-http protocols such as Websockets, thrift etc. preventing code duplication and help code and resource re-use.

KNOX-776 - Rewrite rule handling for websockets - DONE

Currently we simply proxy websocket payload we should support some form of rewrite rule handling.


Current websocket implementation is a bit taxing on memory it should be lightweight and Knox should be able to support 500 - 1K concurrent connections.

KNOX-895 - Pass cookies to websocket backend - DONE

Share session cookies