I've opened a PR for issue #648 (add security to STOMP messaging):
https://github.com/comixed/comixed/pull/649
In this PR, I've hooked the STOMP messaging into the existing web
security framework. After the user logs into the system, and the
messaging system is being initialized, the code submits the
authentication token as a header in the STOMP messaging connection.
Then, on the server side, the token is checked and a user principal is
created so the server-side can verify the user before processing any
messages received.
--
Darryl L. Pierce <mcpierce@xxxxxxxxx>
"Le centre du monde est partout." - Blaise Pascal
"Let's try and find some point of transcendence and leap together." -
Gord Downie