public class OriginHandshakeInterceptor extends java.lang.Object implements HandshakeInterceptor
Origin header value against a
collection of allowed origins.| Constructor and Description |
|---|
OriginHandshakeInterceptor()
Default constructor with only same origin requests allowed.
|
OriginHandshakeInterceptor(java.util.Collection<java.lang.String> allowedOrigins)
Constructor using the specified allowed origin values.
|
| Modifier and Type | Method and Description |
|---|---|
void |
afterHandshake(ServerHttpRequest request,
ServerHttpResponse response,
WebSocketHandler wsHandler,
java.lang.Exception exception)
Invoked after the handshake is done.
|
boolean |
beforeHandshake(ServerHttpRequest request,
ServerHttpResponse response,
WebSocketHandler wsHandler,
java.util.Map<java.lang.String,java.lang.Object> attributes)
Invoked before the handshake is processed.
|
java.util.Collection<java.lang.String> |
getAllowedOrigins() |
void |
setAllowedOrigins(java.util.Collection<java.lang.String> allowedOrigins)
Configure allowed
Origin header values. |
protected final Log logger
public OriginHandshakeInterceptor()
public OriginHandshakeInterceptor(java.util.Collection<java.lang.String> allowedOrigins)
setAllowedOrigins(Collection)public void setAllowedOrigins(java.util.Collection<java.lang.String> allowedOrigins)
Origin header values. This check is mostly
designed for browsers. There is nothing preventing other types of client
to modify the Origin header value.
Each provided allowed origin must have a scheme, and optionally a port (e.g. "http://example.org", "http://example.org:9090"). An allowed origin string may also be "*" in which case all origins are allowed.
public java.util.Collection<java.lang.String> getAllowedOrigins()
setAllowedOrigins(java.util.Collection<java.lang.String>)public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, java.util.Map<java.lang.String,java.lang.Object> attributes) throws java.lang.Exception
HandshakeInterceptorbeforeHandshake in interface HandshakeInterceptorrequest - the current requestresponse - the current responsewsHandler - the target WebSocket handlerattributes - attributes from the HTTP handshake to associate with the WebSocket
session; the provided attributes are copied, the original map is not used.true) or abort (false)java.lang.Exceptionpublic void afterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, java.lang.Exception exception)
HandshakeInterceptorafterHandshake in interface HandshakeInterceptorrequest - the current requestresponse - the current responsewsHandler - the target WebSocket handlerexception - an exception raised during the handshake, or null if none