Class OriginHandshakeInterceptor
java.lang.Object
org.springframework.web.socket.server.support.OriginHandshakeInterceptor
- All Implemented Interfaces:
HandshakeInterceptor
An interceptor to check request
Origin header value against a
collection of allowed origins.- Since:
- 4.1.2
- Author:
- Sebastien Deleuze
-
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionDefault constructor with only same origin requests allowed.OriginHandshakeInterceptor(Collection<String> allowedOrigins) Constructor using the specified allowed origin values. -
Method Summary
Modifier and TypeMethodDescriptionvoidafterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Exception exception) Invoked after the handshake is done.booleanbeforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Map<String, Object> attributes) Invoked before the handshake is processed.Return theconfiguredallowed origin patterns.Return theconfiguredallowed origins.voidsetAllowedOriginPatterns(Collection<String> allowedOriginPatterns) Alternative tosetAllowedOrigins(Collection)that supports more flexible patterns for specifying the origins for which cross-origin requests are allowed from a browser.voidsetAllowedOrigins(Collection<String> allowedOrigins) Set the origins for which cross-origin requests are allowed from a browser.
-
Field Details
-
logger
-
-
Constructor Details
-
OriginHandshakeInterceptor
public OriginHandshakeInterceptor()Default constructor with only same origin requests allowed. -
OriginHandshakeInterceptor
Constructor using the specified allowed origin values.- See Also:
-
-
Method Details
-
setAllowedOrigins
Set the origins for which cross-origin requests are allowed from a browser. Please, refer toCorsConfiguration.setAllowedOrigins(List)for format details and considerations, and keep in mind that the CORS spec does not allow use of"*"withallowCredentials=true. For more flexible origin patterns usesetAllowedOriginPatterns(java.util.Collection<java.lang.String>)instead.By default, no origins are allowed. When
allowedOriginPatternsis also set, then that takes precedence over this property.Note when SockJS is enabled and origins are restricted, transport types that do not allow to check request origin (Iframe based transports) are disabled. As a consequence, IE 6 to 9 are not supported when origins are restricted.
-
getAllowedOrigins
Return theconfiguredallowed origins.- Since:
- 4.1.5
-
setAllowedOriginPatterns
Alternative tosetAllowedOrigins(Collection)that supports more flexible patterns for specifying the origins for which cross-origin requests are allowed from a browser. Please, refer toCorsConfiguration.setAllowedOriginPatterns(List)for format details and other considerations.By default this is not set.
- Since:
- 5.3.2
-
getAllowedOriginPatterns
Return theconfiguredallowed origin patterns.- Since:
- 5.3.2
-
beforeHandshake
public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Map<String, Object> attributes) throws ExceptionDescription copied from interface:HandshakeInterceptorInvoked before the handshake is processed.- Specified by:
beforeHandshakein interfaceHandshakeInterceptor- Parameters:
request- the current requestresponse- the current responsewsHandler- the target WebSocket handlerattributes- the attributes from the HTTP handshake to associate with the WebSocket session; the provided attributes are copied, the original map is not used.- Returns:
- whether to proceed with the handshake (
true) or abort (false) - Throws:
Exception
-
afterHandshake
public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, @Nullable Exception exception) Description copied from interface:HandshakeInterceptorInvoked after the handshake is done. The response status and headers indicate the results of the handshake, i.e. whether it was successful or not.- Specified by:
afterHandshakein interfaceHandshakeInterceptor- Parameters:
request- the current requestresponse- the current responsewsHandler- the target WebSocket handlerexception- an exception raised during the handshake, ornullif none
-