Class OriginHandshakeInterceptor
- java.lang.Object
- org.springframework.web.socket.server.support.OriginHandshakeInterceptor
- All Implemented Interfaces:
HandshakeInterceptor
public class OriginHandshakeInterceptor extends Object implements HandshakeInterceptor
An interceptor to check requestOrigin
header value against a collection of allowed origins.- Since:
- 4.1.2
- Author:
- Sebastien Deleuze
Constructor Summary
Constructors Constructor Description OriginHandshakeInterceptor()
Default constructor with only same origin requests allowed.OriginHandshakeInterceptor(Collection<String> allowedOrigins)
Constructor using the specified allowed origin values.
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
afterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Exception exception)
Invoked after the handshake is done.boolean
beforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Map<String,Object> attributes)
Invoked before the handshake is processed.Collection<String>
getAllowedOrigins()
Return the allowedOrigin
header values.void
setAllowedOrigins(Collection<String> allowedOrigins)
Configure allowedOrigin
header values.
Constructor Detail
OriginHandshakeInterceptor
public OriginHandshakeInterceptor()
Default constructor with only same origin requests allowed.
OriginHandshakeInterceptor
public OriginHandshakeInterceptor(Collection<String> allowedOrigins)
Constructor using the specified allowed origin values.- See Also:
setAllowedOrigins(Collection)
Method Detail
setAllowedOrigins
public void setAllowedOrigins(Collection<String> allowedOrigins)
Configure allowedOrigin
header values. This check is mostly designed for browsers. There is nothing preventing other types of client to modify theOrigin
header value.Each provided allowed origin must have a scheme, and optionally a port (e.g. "https://example.org", "https://example.org:9090"). An allowed origin string may also be "*" in which case all origins are allowed.
- See Also:
- RFC 6454: The Web Origin Concept
getAllowedOrigins
public Collection<String> getAllowedOrigins()
Return the allowedOrigin
header values.- Since:
- 4.1.5
- See Also:
setAllowedOrigins(java.util.Collection<java.lang.String>)
beforeHandshake
public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Map<String,Object> attributes) throws Exception
Description copied from interface:HandshakeInterceptor
Invoked before the handshake is processed.- Specified by:
beforeHandshake
in interfaceHandshakeInterceptor
- Parameters:
request
- the current requestresponse
- the current responsewsHandler
- the target WebSocket handlerattributes
- attributes from the HTTP handshake to associate with the WebSocket session; the provided attributes are copied, the original map is not used.- Returns:
- whether to proceed with the handshake (
true
) or abort (false
) - Throws:
Exception
afterHandshake
public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Exception exception)
Description copied from interface:HandshakeInterceptor
Invoked after the handshake is done. The response status and headers indicate the results of the handshake, i.e. whether it was successful or not.- Specified by:
afterHandshake
in interfaceHandshakeInterceptor
- Parameters:
request
- the current requestresponse
- the current responsewsHandler
- the target WebSocket handlerexception
- an exception raised during the handshake, ornull
if none