Class OriginHandshakeInterceptor
java.lang.Object
org.springframework.web.socket.server.support.OriginHandshakeInterceptor
- All Implemented Interfaces:
HandshakeInterceptor
An interceptor to check request
Origin
header value against a
collection of allowed origins.- Since:
- 4.1.2
- Author:
- Sebastien Deleuze
-
Field Summary
-
Constructor Summary
ConstructorDescriptionDefault constructor with only same origin requests allowed.OriginHandshakeInterceptor
(Collection<String> allowedOrigins) Constructor using the specified allowed origin values. -
Method Summary
Modifier and TypeMethodDescriptionvoid
afterHandshake
(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Exception exception) Invoked after the handshake is done.boolean
beforeHandshake
(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Map<String, Object> attributes) Invoked before the handshake is processed.Return theconfigured
allowed origin patterns.Return theconfigured
allowed origins.void
setAllowedOriginPatterns
(Collection<String> allowedOriginPatterns) Alternative tosetAllowedOrigins(Collection)
that supports more flexible patterns for specifying the origins for which cross-origin requests are allowed from a browser.void
setAllowedOrigins
(Collection<String> allowedOrigins) Set the origins for which cross-origin requests are allowed from a browser.
-
Field Details
-
logger
-
-
Constructor Details
-
OriginHandshakeInterceptor
public OriginHandshakeInterceptor()Default constructor with only same origin requests allowed. -
OriginHandshakeInterceptor
Constructor using the specified allowed origin values.- See Also:
-
-
Method Details
-
setAllowedOrigins
Set the origins for which cross-origin requests are allowed from a browser. Please, refer toCorsConfiguration.setAllowedOrigins(List)
for format details and considerations, and keep in mind that the CORS spec does not allow use of"*"
withallowCredentials=true
. For more flexible origin patterns usesetAllowedOriginPatterns(java.util.Collection<java.lang.String>)
instead.By default, no origins are allowed. When
allowedOriginPatterns
is also set, then that takes precedence over this property.Note when SockJS is enabled and origins are restricted, transport types that do not allow to check request origin (Iframe based transports) are disabled. As a consequence, IE 6 to 9 are not supported when origins are restricted.
-
getAllowedOrigins
Return theconfigured
allowed origins.- Since:
- 4.1.5
-
setAllowedOriginPatterns
Alternative tosetAllowedOrigins(Collection)
that supports more flexible patterns for specifying the origins for which cross-origin requests are allowed from a browser. Please, refer toCorsConfiguration.setAllowedOriginPatterns(List)
for format details and other considerations.By default this is not set.
- Since:
- 5.3.2
-
getAllowedOriginPatterns
Return theconfigured
allowed origin patterns.- Since:
- 5.3.2
-
beforeHandshake
public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Map<String, Object> attributes) throws ExceptionDescription copied from interface:HandshakeInterceptor
Invoked before the handshake is processed.- Specified by:
beforeHandshake
in interfaceHandshakeInterceptor
- Parameters:
request
- the current requestresponse
- the current responsewsHandler
- the target WebSocket handlerattributes
- the attributes from the HTTP handshake to associate with the WebSocket session; the provided attributes are copied, the original map is not used.- Returns:
- whether to proceed with the handshake (
true
) or abort (false
) - Throws:
Exception
-
afterHandshake
public void afterHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, @Nullable Exception exception) Description copied from interface:HandshakeInterceptor
Invoked after the handshake is done. The response status and headers indicate the results of the handshake, i.e. whether it was successful or not.- Specified by:
afterHandshake
in interfaceHandshakeInterceptor
- Parameters:
request
- the current requestresponse
- the current responsewsHandler
- the target WebSocket handlerexception
- an exception raised during the handshake, ornull
if none
-