public class OriginHandshakeInterceptor extends java.lang.Object implements HandshakeInterceptor
Origin
header value against a collection of
allowed origins.Modifier and Type | Field and Description |
---|---|
private java.util.List<java.lang.String> |
allowedOrigins |
protected Log |
logger |
Constructor and Description |
---|
OriginHandshakeInterceptor()
Default constructor with only same origin requests allowed.
|
OriginHandshakeInterceptor(java.util.Collection<java.lang.String> allowedOrigins)
Constructor using the specified allowed origin values.
|
Modifier and Type | Method and Description |
---|---|
void |
afterHandshake(ServerHttpRequest request,
ServerHttpResponse response,
WebSocketHandler wsHandler,
java.lang.Exception exception)
Invoked after the handshake is done.
|
boolean |
beforeHandshake(ServerHttpRequest request,
ServerHttpResponse response,
WebSocketHandler wsHandler,
java.util.Map<java.lang.String,java.lang.Object> attributes)
Invoked before the handshake is processed.
|
java.util.Collection<java.lang.String> |
getAllowedOrigins() |
void |
setAllowedOrigins(java.util.Collection<java.lang.String> allowedOrigins)
Configure allowed
Origin header values. |
protected Log logger
private final java.util.List<java.lang.String> allowedOrigins
public OriginHandshakeInterceptor()
public OriginHandshakeInterceptor(java.util.Collection<java.lang.String> allowedOrigins)
setAllowedOrigins(Collection)
public void setAllowedOrigins(java.util.Collection<java.lang.String> allowedOrigins)
Origin
header values. This check is mostly designed for
browser clients. There is nothing preventing other types of client to modify the
Origin
header value.
Each provided allowed origin must start by "http://", "https://" or be "*" (means that all origins are allowed).
public java.util.Collection<java.lang.String> getAllowedOrigins()
setAllowedOrigins(Collection)
public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, java.util.Map<java.lang.String,java.lang.Object> attributes) throws java.lang.Exception
HandshakeInterceptor
beforeHandshake
in interface HandshakeInterceptor
request
- the current requestresponse
- the current responsewsHandler
- the target WebSocket handlerattributes
- attributes from the HTTP handshake to associate with the WebSocket
session; the provided attributes are copied, the original map is not used.true
) or abort (false
)java.lang.Exception
public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, java.lang.Exception exception)
HandshakeInterceptor
afterHandshake
in interface HandshakeInterceptor
request
- the current requestresponse
- the current responsewsHandler
- the target WebSocket handlerexception
- an exception raised during the handshake, or null
if none