001/* 002 * Copyright 2002-2015 the original author or authors. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * https://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016 017package org.springframework.web.socket.config.annotation; 018 019import org.springframework.web.socket.server.HandshakeHandler; 020import org.springframework.web.socket.server.HandshakeInterceptor; 021 022/** 023 * A contract for configuring a STOMP over WebSocket endpoint. 024 * 025 * @author Rossen Stoyanchev 026 * @since 4.0 027 */ 028public interface StompWebSocketEndpointRegistration { 029 030 /** 031 * Enable SockJS fallback options. 032 */ 033 SockJsServiceRegistration withSockJS(); 034 035 /** 036 * Configure the HandshakeHandler to use. 037 */ 038 StompWebSocketEndpointRegistration setHandshakeHandler(HandshakeHandler handshakeHandler); 039 040 /** 041 * Configure the HandshakeInterceptor's to use. 042 */ 043 StompWebSocketEndpointRegistration addInterceptors(HandshakeInterceptor... interceptors); 044 045 /** 046 * Configure allowed {@code Origin} header values. This check is mostly designed for 047 * browser clients. There is nothing preventing other types of client to modify the 048 * {@code Origin} header value. 049 * 050 * <p>When SockJS is enabled and origins are restricted, transport types that do not 051 * allow to check request origin (JSONP and Iframe based transports) are disabled. 052 * As a consequence, IE 6 to 9 are not supported when origins are restricted. 053 * 054 * <p>Each provided allowed origin must start by "http://", "https://" or be "*" 055 * (means that all origins are allowed). By default, only same origin requests are 056 * allowed (empty list). 057 * 058 * @since 4.1.2 059 * @see <a href="https://tools.ietf.org/html/rfc6454">RFC 6454: The Web Origin Concept</a> 060 * @see <a href="https://github.com/sockjs/sockjs-client#supported-transports-by-browser-html-served-from-http-or-https">SockJS supported transports by browser</a> 061 */ 062 StompWebSocketEndpointRegistration setAllowedOrigins(String... origins); 063 064}