Setting up the websocket user

Datetime:2016-08-22 22:30:28         Topic: WebSocket          Share        Original >>
Here to See The Original Article!!!

We began with the basic Websocket server install in theprevious blog post. It’s time to secure our server by adding a special user to the database that will be responsible for running the WebSocket server.

Series Content

  1. Basic WebSocket Server Installation Guide for IBM Domino Server
  2. Setting up the websocket user
  3. Securing your WebSocket server with TLS
  4. Your first non-chat websocket app
  5. Adding server-side listener for persistence

Register a new user

Open your IBM Domino admin application and in the People & Groups tab Register a new user

Change the security settings of the Domino Server

Configuration tab > Current Server Document > Security

Add the websocket user to the Programmability Restrictions as shown below:

Change of ACLs

We need to update the websocketupdate.nsf, the websocket.nsf and the applications that use websocket, in our case the chat.nsf. Add the Websocket User to the websocketupdate and websocket.nsf ACL and give the user editor access with deletion (or higher).

The chat.nsf or any other application that you write and uses websocket, add the Websocket user to the ACL list and add designer or or higher access.

WebSocket server configuration using profile config document

Open the websocket.nsf in your IBM Domino Admin application and go to Action > Admin > 1) Edit Config

Paste these lines into the Config Data field:





WEBSOCKET_USER=Websocket User/home













Edit the values according to your needs. More server setting values can be found in the official xocket.iodocumentation.

Make sure that you add your admin user, server and the websocket user to the Other Readers field:

And with that, we are done.

Testing the WebSocket sever

Restart the Domino server and check your startup log. It should look like this:

  1. The websocket config is read from the websocket.nsf
  2. The server is running under the Websocket user id.
  3. The server uses a single port for http and websocket traffic.
  4. Anonymous websocket access is disabled.

There’s a single error message near the end of the log. I was not able to get rid of that, but it does not seem to affect the server’s functionality.

Open the chat.nsf in your browser and test that it works. You should see these messages in your console.log

Congratulations. Your WebSocket server is already more secure and functional.  In the next post we will encrypt WebSocket traffic using TLS certificates, to make it even more secure.


Put your ads here, just $200 per month.