return;
}
// check the activation key matches.
final EJString activationKey = ejObject.get(MessageParts.WebSocketToken.name()).isString();
if (activationKey == null || !WebSocketTokenManager.verifyOneTimeToken(session, activationKey.stringValue())) {
// nope. go away!
sendMessage(ctx, getFailedNegotiation("bad negotiation key"));
}
else {
// the key matches. now we send the reverse challenge to prove this client is actually