added routes to explore web socket security

[nathandunn]

Note - method for work:

Note: react client code is here: https://github.com/nathandunn/apollo-websocket-test

Login from React:

• in client code, yarn build -> cp build <apollo-src>/web-app/<target_dir> assuming target_dir does not exist
• running apollo2 go to the react code (I don't even think this PR is necessary) go to <apollo2_url>/<target_dir>
  • fill out proper username and password
  • hit Ajax Login
  • hit WebSocket Login (establishes the connection), can probably done on the callback
  • Note that get Current user should work as well as the other methods
• Confirm that on <apollo2_url>/<target_dir> (via a refresh) that you will also be logged in

Logout from Logout:

• in client code, yarn build -> cp build <apollo-src>/web-app/<target_dir> assuming target_dir does not exist
• hit Ajax Logout
• note that the webscoket methods no longer work
• Confirm that on <apollo2_url>/<target_dir> has been logged out as well

For when in dev mode on port 3000 (note proxy in package.json):

• in https://github.com/nathandunn/apollo-websocket-test do a yarn start
• if logged into Apollo 2, verify that clicking

---

• [x`] ajax logout from react should invalidate apollo 2 session (i.e., a refresh will fail to have the session)
• ajax logout from react should force other Apollo2 sessions to fail
• ajax login from react should create a valid session (other react functions should connect and work), Apollo2 refresh should automatically work
• clean out code

---

• ajax logout from Apollo2 logs out logged in react client
• ajax logged in from Apollo2 creates a valid session for same server (shares JSESSIONID)

[nathandunn]

Using https://github.com/nathandunn/apollo-websocket-test for testing. From @garrettjstevens original branch.

[nathandunn]

Websocket logout is able to properly transmit, though it is an error. principal is not there on the same session, so have to explicitly supply the session.

[nathandunn]

So this does work perfectly well when deployed (i.e., using the ajax login).

Probably the ideal strategy is to do an initial deployment using yarn build and copying it into a web-app directory:

 "deploy": "react-scripts build && rm -rf /Users/nathandunn/repositories/APOLLO/nathanApolloMaster/web-app/jb2-client && cp -r build /Users/nathandunn/repositories/APOLLO/nathanApolloMaster/web-app/jb2-client"

Then in the client directory run yarn start and go here:

http://localhost:3000/apollo/jb2-client/

Once the thread is establish, the JSESSIONID is shared between the 3000 port 8080 port and the apollo2 server.

What does NOT work is doing the AJAX login through port 3000. For some reason on the server-side it wants to create a novel session. Regardless, I don't think further changes are necessary.

[nathandunn]

For some reason it stopped working here, but started working here: #2602

[nathandunn]

merged this into this: #2598