org.springframework.web.socket.server.support

Class OriginHandshakeInterceptor

java.lang.Object

org.springframework.web.socket.server.support.OriginHandshakeInterceptor

All Implemented Interfaces:

HandshakeInterceptor

public class OriginHandshakeInterceptor
extends Object
implements HandshakeInterceptor

An interceptor to check request Origin header value against a collection of allowed origins.

Since:

4.1.2

Author:

Sebastien Deleuze

Field Summary

Fields

Modifier and Type	Field and Description
protected Log	logger

Constructor Summary

Constructors

Constructor and Description
OriginHandshakeInterceptor() Default constructor with only same origin requests allowed.
OriginHandshakeInterceptor(Collection<String> allowedOrigins) Constructor using the specified allowed origin values.

Method Summary

Modifier and Type	Method and Description
void	afterHandshake(org.springframework.http.server.ServerHttpRequest request, org.springframework.http.server.ServerHttpResponse response, WebSocketHandler wsHandler, Exception exception) Invoked after the handshake is done.
boolean	beforeHandshake(org.springframework.http.server.ServerHttpRequest request, org.springframework.http.server.ServerHttpResponse response, WebSocketHandler wsHandler, Map<String,Object> attributes) Invoked before the handshake is processed.
Collection<String>	getAllowedOrigins()
void	setAllowedOrigins(Collection<String> allowedOrigins) Configure allowed Origin header values.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected Log logger

Constructor Detail

OriginHandshakeInterceptor

public OriginHandshakeInterceptor()

Default constructor with only same origin requests allowed.

OriginHandshakeInterceptor

public OriginHandshakeInterceptor(Collection<String> allowedOrigins)

Constructor using the specified allowed origin values.

See Also:

setAllowedOrigins(Collection)

Method Detail

setAllowedOrigins

public void setAllowedOrigins(Collection<String> allowedOrigins)

Configure allowed Origin header values. This check is mostly designed for browser clients. There is nothing preventing other types of client to modify the Origin header value.

Each provided allowed origin must start by "http://", "https://" or be "*" (means that all origins are allowed).

See Also:

RFC 6454: The Web Origin Concept

getAllowedOrigins

public Collection<String> getAllowedOrigins()

Since:

4.1.5

See Also:

setAllowedOrigins(Collection)

beforeHandshake

public boolean beforeHandshake(org.springframework.http.server.ServerHttpRequest request,
                               org.springframework.http.server.ServerHttpResponse response,
                               WebSocketHandler wsHandler,
                               Map<String,Object> attributes)
                        throws Exception

Description copied from interface: HandshakeInterceptor

Invoked before the handshake is processed.

Specified by:

beforeHandshake in interface HandshakeInterceptor

Parameters:

request - the current request

response - the current response

wsHandler - the target WebSocket handler

attributes - attributes from the HTTP handshake to associate with the WebSocket session; the provided attributes are copied, the original map is not used.

Returns:

whether to proceed with the handshake (true) or abort (false)

Throws:

Exception

afterHandshake

public void afterHandshake(org.springframework.http.server.ServerHttpRequest request,
                           org.springframework.http.server.ServerHttpResponse response,
                           WebSocketHandler wsHandler,
                           Exception exception)

Description copied from interface: HandshakeInterceptor

Invoked after the handshake is done. The response status and headers indicate the results of the handshake, i.e. whether it was successful or not.

Specified by:

afterHandshake in interface HandshakeInterceptor

Parameters:

request - the current request

response - the current response

wsHandler - the target WebSocket handler

exception - an exception raised during the handshake, or null if none