import ballerina/websocket;
listener websocket:Listener securedEP = new(9090,
secureSocket = {
key: {
certFile: "../resource/path/to/public.crt",
keyFile: "../resource/path/to/private.key"
}
}
);
// The service can be secured with Basic auth and can be authorized optionally.
// Basic auth using the LDAP user store can be enabled by setting the
// [`websocket:LdapUserStoreConfig`](https://docs.central.ballerina.io/ballerina/websocket/latest/records/LdapUserStoreConfig) configurations.
// Authorization is based on scopes. A scope maps to one or more groups.
// Authorization can be enabled by setting the `string|string[]` type
// configurations for `scopes` field.
@websocket:ServiceConfig {
auth: [
{
ldapUserStoreConfig: {
domainName: "avix.lk",
connectionUrl: "ldap://localhost:389",
connectionName: "cn=admin,dc=avix,dc=lk",
connectionPassword: "avix123",
userSearchBase: "ou=Users,dc=avix,dc=lk",
userEntryObjectClass: "inetOrgPerson",
userNameAttribute: "uid",
userNameSearchFilter: "(&(objectClass=inetOrgPerson)(uid=?))",
userNameListFilter: "(objectClass=inetOrgPerson)",
groupSearchBase: ["ou=Groups,dc=avix,dc=lk"],
groupEntryObjectClass: "groupOfNames",
groupNameAttribute: "cn",
groupNameSearchFilter: "(&(objectClass=groupOfNames)(cn=?))",
groupNameListFilter: "(objectClass=groupOfNames)",
membershipAttribute: "member",
userRolesCacheEnabled: true,
connectionPoolingEnabled: false,
connectionTimeout: 5,
readTimeout: 60
},
scopes: ["admin"]
}
]
}
service /foo on securedEP {
resource isolated function get bar() returns websocket:Service {
return new WsService();
}
}
service class WsService {
*websocket:Service;
remote isolated function onTextMessage(websocket:Caller caller,
string text) returns websocket:Error? {
check caller->writeTextMessage(text);
}
}
Service - Basic Auth LDAP user storeA WebSocket service can be secured using Basic auth and by enforcing
authorization optionally. Then, it validates the Basic auth token sent in
the |
import ballerina/websocket;
listener websocket:Listener securedEP = new(9090,
secureSocket = {
key: {
certFile: "../resource/path/to/public.crt",
keyFile: "../resource/path/to/private.key"
}
}
);
@websocket:ServiceConfig {
auth: [
{
ldapUserStoreConfig: {
domainName: "avix.lk",
connectionUrl: "ldap://localhost:389",
connectionName: "cn=admin,dc=avix,dc=lk",
connectionPassword: "avix123",
userSearchBase: "ou=Users,dc=avix,dc=lk",
userEntryObjectClass: "inetOrgPerson",
userNameAttribute: "uid",
userNameSearchFilter: "(&(objectClass=inetOrgPerson)(uid=?))",
userNameListFilter: "(objectClass=inetOrgPerson)",
groupSearchBase: ["ou=Groups,dc=avix,dc=lk"],
groupEntryObjectClass: "groupOfNames",
groupNameAttribute: "cn",
groupNameSearchFilter: "(&(objectClass=groupOfNames)(cn=?))",
groupNameListFilter: "(objectClass=groupOfNames)",
membershipAttribute: "member",
userRolesCacheEnabled: true,
connectionPoolingEnabled: false,
connectionTimeout: 5,
readTimeout: 60
},
scopes: ["admin"]
}
]
}
service /foo on securedEP {
resource isolated function get bar() returns websocket:Service {
return new WsService();
}
}
The service can be secured with Basic auth and can be authorized optionally.
Basic auth using the LDAP user store can be enabled by setting the
websocket:LdapUserStoreConfig configurations.
Authorization is based on scopes. A scope maps to one or more groups.
Authorization can be enabled by setting the string|string[] type
configurations for scopes field.
service class WsService {
*websocket:Service;
remote isolated function onTextMessage(websocket:Caller caller,
string text) returns websocket:Error? {
check caller->writeTextMessage(text);
}
}
# You may need to change the certificate file path and private key file path.
bal run websocket_service_basic_auth_ldap_user_store.bal
