Class OriginHandshakeInterceptor
- java.lang.Object
- org.springframework.web.socket.server.support.OriginHandshakeInterceptor
- All Implemented Interfaces:
HandshakeInterceptor
public class OriginHandshakeInterceptor extends Object implements HandshakeInterceptor
An interceptor to check requestOriginheader value against a collection of allowed origins.- Since:
- 4.1.2
- Author:
- Sebastien Deleuze
Constructor Summary
Constructors Constructor Description OriginHandshakeInterceptor()Default constructor with only same origin requests allowed.OriginHandshakeInterceptor(Collection<String> allowedOrigins)Constructor using the specified allowed origin values.
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidafterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Exception exception)Invoked after the handshake is done.booleanbeforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Map<String,Object> attributes)Invoked before the handshake is processed.Collection<String>getAllowedOrigins()Return the allowedOriginheader values.voidsetAllowedOrigins(Collection<String> allowedOrigins)Configure allowedOriginheader values.
Constructor Detail
OriginHandshakeInterceptor
public OriginHandshakeInterceptor()
Default constructor with only same origin requests allowed.
OriginHandshakeInterceptor
public OriginHandshakeInterceptor(Collection<String> allowedOrigins)
Constructor using the specified allowed origin values.- See Also:
setAllowedOrigins(Collection)
Method Detail
setAllowedOrigins
public void setAllowedOrigins(Collection<String> allowedOrigins)
Configure allowedOriginheader values. This check is mostly designed for browsers. There is nothing preventing other types of client to modify theOriginheader value.Each provided allowed origin must have a scheme, and optionally a port (e.g. "https://example.org", "https://example.org:9090"). An allowed origin string may also be "*" in which case all origins are allowed.
- See Also:
- RFC 6454: The Web Origin Concept
getAllowedOrigins
public Collection<String> getAllowedOrigins()
Return the allowedOriginheader values.- Since:
- 4.1.5
- See Also:
setAllowedOrigins(java.util.Collection<java.lang.String>)
beforeHandshake
public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Map<String,Object> attributes) throws Exception
Description copied from interface:HandshakeInterceptorInvoked before the handshake is processed.- Specified by:
beforeHandshakein interfaceHandshakeInterceptor- Parameters:
request- the current requestresponse- the current responsewsHandler- the target WebSocket handlerattributes- attributes from the HTTP handshake to associate with the WebSocket session; the provided attributes are copied, the original map is not used.- Returns:
- whether to proceed with the handshake (
true) or abort (false) - Throws:
Exception
afterHandshake
public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Exception exception)
Description copied from interface:HandshakeInterceptorInvoked after the handshake is done. The response status and headers indicate the results of the handshake, i.e. whether it was successful or not.- Specified by:
afterHandshakein interfaceHandshakeInterceptor- Parameters:
request- the current requestresponse- the current responsewsHandler- the target WebSocket handlerexception- an exception raised during the handshake, ornullif none