public abstract class AbstractSockJsService extends Object implements SockJsService, CorsConfigurationSource
SockJsService
implementations that provides SockJS
path resolution and handling of static SockJS requests (e.g. "/info", "/iframe.html",
etc). Sub-classes must handle session URLs (i.e. transport-specific requests).
By default, only same origin requests are allowed. Use setAllowedOrigins(java.util.Collection<java.lang.String>)
to specify a list of allowed origins (a list containing "*" will allow all origins).Modifier and Type | Field and Description |
---|---|
protected CorsConfiguration |
corsConfiguration |
protected Log |
logger |
Constructor and Description |
---|
AbstractSockJsService(TaskScheduler scheduler) |
Modifier and Type | Method and Description |
---|---|
protected void |
addCacheHeaders(ServerHttpResponse response) |
protected void |
addNoCacheHeaders(ServerHttpResponse response) |
protected boolean |
checkOrigin(ServerHttpRequest request,
ServerHttpResponse response,
HttpMethod... httpMethods) |
Collection<String> |
getAllowedOriginPatterns()
Return
configured origin patterns. |
Collection<String> |
getAllowedOrigins()
Return the
configured allowed origins. |
CorsConfiguration |
getCorsConfiguration(HttpServletRequest request)
Return a
CorsConfiguration based on the incoming request. |
long |
getDisconnectDelay()
Return the amount of time in milliseconds before a client is considered disconnected.
|
long |
getHeartbeatTime()
Return the amount of time in milliseconds when the server has not sent
any messages.
|
int |
getHttpMessageCacheSize()
Return the size of the HTTP message cache.
|
String |
getName()
Return the unique name associated with this service.
|
String |
getSockJsClientLibraryUrl()
Return he URL to the SockJS JavaScript client library.
|
int |
getStreamBytesLimit()
Return the minimum number of bytes that can be sent over a single HTTP
streaming request before it will be closed.
|
TaskScheduler |
getTaskScheduler()
A scheduler instance to use for scheduling heart-beat messages.
|
protected abstract void |
handleRawWebSocketRequest(ServerHttpRequest request,
ServerHttpResponse response,
WebSocketHandler webSocketHandler)
Handle request for raw WebSocket communication, i.e.
|
void |
handleRequest(ServerHttpRequest request,
ServerHttpResponse response,
String sockJsPath,
WebSocketHandler wsHandler)
This method determines the SockJS path and handles SockJS static URLs.
|
protected abstract void |
handleTransportRequest(ServerHttpRequest request,
ServerHttpResponse response,
WebSocketHandler webSocketHandler,
String sessionId,
String transport)
Handle a SockJS session URL (i.e.
|
boolean |
isSessionCookieNeeded()
Return whether the JSESSIONID cookie is required for the application to function.
|
boolean |
isWebSocketEnabled()
Return whether WebSocket transport is enabled.
|
protected void |
sendMethodNotAllowed(ServerHttpResponse response,
HttpMethod... httpMethods) |
void |
setAllowedOriginPatterns(Collection<String> allowedOriginPatterns)
Alternative to
setAllowedOrigins(Collection) that supports more
flexible patterns for specifying the origins for which cross-origin
requests are allowed from a browser. |
void |
setAllowedOrigins(Collection<String> allowedOrigins)
Set the origins for which cross-origin requests are allowed from a browser.
|
void |
setDisconnectDelay(long disconnectDelay)
The amount of time in milliseconds before a client is considered
disconnected after not having a receiving connection, i.e.
|
void |
setHeartbeatTime(long heartbeatTime)
Specify the amount of time in milliseconds when the server has not sent
any messages and after which the server should send a heartbeat frame
to the client in order to keep the connection from breaking.
|
void |
setHttpMessageCacheSize(int httpMessageCacheSize)
The number of server-to-client messages that a session can cache while waiting
for the next HTTP polling request from the client.
|
void |
setName(String name)
Set a unique name for this service (mainly for logging purposes).
|
void |
setSessionCookieNeeded(boolean sessionCookieNeeded)
The SockJS protocol requires a server to respond to an initial "/info" request from
clients with a "cookie_needed" boolean property that indicates whether the use of a
JSESSIONID cookie is required for the application to function correctly, e.g.
|
void |
setSockJsClientLibraryUrl(String clientLibraryUrl)
Transports with no native cross-domain communication (e.g.
|
void |
setStreamBytesLimit(int streamBytesLimit)
Streaming transports save responses on the client side and don't free
memory used by delivered messages.
|
void |
setSuppressCors(boolean suppressCors)
This option can be used to disable automatic addition of CORS headers for
SockJS requests.
|
void |
setWebSocketEnabled(boolean webSocketEnabled)
Some load balancers do not support WebSocket.
|
boolean |
shouldSuppressCors()
Return if automatic addition of CORS headers has been disabled.
|
protected boolean |
validateRequest(String serverId,
String sessionId,
String transport) |
protected final Log logger
protected final CorsConfiguration corsConfiguration
public AbstractSockJsService(TaskScheduler scheduler)
public TaskScheduler getTaskScheduler()
public void setName(String name)
public String getName()
public void setSockJsClientLibraryUrl(String clientLibraryUrl)
By default this is set to point to "https://cdn.jsdelivr.net/sockjs/1.0.0/sockjs.min.js". However, it can also be set to point to a URL served by the application.
Note that it's possible to specify a relative URL in which case the URL must be relative to the iframe URL. For example assuming a SockJS endpoint mapped to "/sockjs", and resulting iframe URL "/sockjs/iframe.html", then the the relative URL must start with "../../" to traverse up to the location above the SockJS mapping. In case of a prefix-based Servlet mapping one more traversal may be needed.
public String getSockJsClientLibraryUrl()
public void setStreamBytesLimit(int streamBytesLimit)
The default value is 128K (i.e. 128 * 1024).
public int getStreamBytesLimit()
public void setSessionCookieNeeded(boolean sessionCookieNeeded)
This is especially important for IE 8,9 that support XDomainRequest -- a modified AJAX/XHR -- that can do requests across domains but does not send any cookies. In those cases, the SockJS client prefers the "iframe-htmlfile" transport over "xdr-streaming" in order to be able to send cookies.
The SockJS protocol also expects a SockJS service to echo back the JSESSIONID cookie when this property is set to true. However, when running in a Servlet container this is not necessary since the container takes care of it.
The default value is "true" to maximize the chance for applications to work correctly in IE 8,9 with support for cookies (and the JSESSIONID cookie in particular). However, an application can choose to set this to "false" if the use of cookies (and HTTP session) is not required.
public boolean isSessionCookieNeeded()
public void setHeartbeatTime(long heartbeatTime)
The default value is 25,000 (25 seconds).
public long getHeartbeatTime()
public void setDisconnectDelay(long disconnectDelay)
The default value is 5000.
public long getDisconnectDelay()
public void setHttpMessageCacheSize(int httpMessageCacheSize)
The amount of time between HTTP requests should be relatively brief and will
not exceed the allows disconnect delay (see setDisconnectDelay(long)
);
5 seconds by default.
The default size is 100.
public int getHttpMessageCacheSize()
public void setWebSocketEnabled(boolean webSocketEnabled)
The default value is "true".
public boolean isWebSocketEnabled()
public void setSuppressCors(boolean suppressCors)
The default value is "false".
public boolean shouldSuppressCors()
setSuppressCors(boolean)
public void setAllowedOrigins(Collection<String> allowedOrigins)
CorsConfiguration.setAllowedOrigins(List)
for
format details and considerations, and keep in mind that the CORS spec
does not allow use of "*"
with allowCredentials=true
.
For more flexible origin patterns use setAllowedOriginPatterns(java.util.Collection<java.lang.String>)
instead.
By default, no origins are allowed. When
allowedOriginPatterns
is also
set, then that takes precedence over this property.
Note when SockJS is enabled and origins are restricted, transport types that do not allow to check request origin (Iframe based transports) are disabled. As a consequence, IE 6 to 9 are not supported when origins are restricted.
setAllowedOriginPatterns(Collection)
,
RFC 6454: The Web Origin Concept,
SockJS supported transports by browserpublic Collection<String> getAllowedOrigins()
configured
allowed origins.public void setAllowedOriginPatterns(Collection<String> allowedOriginPatterns)
setAllowedOrigins(Collection)
that supports more
flexible patterns for specifying the origins for which cross-origin
requests are allowed from a browser. Please, refer to
CorsConfiguration.setAllowedOriginPatterns(List)
for format
details and other considerations.
By default this is not set.
public Collection<String> getAllowedOriginPatterns()
configured
origin patterns.public final void handleRequest(ServerHttpRequest request, ServerHttpResponse response, @Nullable String sockJsPath, WebSocketHandler wsHandler) throws SockJsException
handleRequest
in interface SockJsService
request
- the current requestresponse
- the current responsesockJsPath
- the remainder of the path within the SockJS service prefixwsHandler
- the handler that will exchange messages with the SockJS clientSockJsException
- raised when request processing fails; generally, failed
attempts to send messages to clients automatically close the SockJS session
and raise SockJsTransportFailureException
; failed attempts to read
messages from clients do not automatically close the session and may result
in SockJsMessageDeliveryException
or SockJsException
;
exceptions from the WebSocketHandler can be handled internally or through
ExceptionWebSocketHandlerDecorator
or some alternative decorator.
The former is automatically added when using
SockJsHttpRequestHandler
.protected boolean validateRequest(String serverId, String sessionId, String transport)
protected boolean checkOrigin(ServerHttpRequest request, ServerHttpResponse response, HttpMethod... httpMethods) throws IOException
IOException
@Nullable public CorsConfiguration getCorsConfiguration(HttpServletRequest request)
CorsConfigurationSource
CorsConfiguration
based on the incoming request.getCorsConfiguration
in interface CorsConfigurationSource
CorsConfiguration
, or null
if noneprotected void addCacheHeaders(ServerHttpResponse response)
protected void addNoCacheHeaders(ServerHttpResponse response)
protected void sendMethodNotAllowed(ServerHttpResponse response, HttpMethod... httpMethods)
protected abstract void handleRawWebSocketRequest(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler webSocketHandler) throws IOException
IOException
protected abstract void handleTransportRequest(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler webSocketHandler, String sessionId, String transport) throws SockJsException
SockJsException