Class AbstractSockJsService

All Implemented Interfaces:
CorsConfigurationSource, SockJsService
Direct Known Subclasses:

public abstract class AbstractSockJsService extends Object implements SockJsService, CorsConfigurationSource
An abstract base class for SockJsService implementations that provides SockJS path resolution and handling of static SockJS requests (e.g. "/info", "/iframe.html", etc). Sub-classes must handle session URLs (i.e. transport-specific requests).

By default, only same origin requests are allowed. Use setAllowedOrigins(java.util.Collection<java.lang.String>) to specify a list of allowed origins (a list containing "*" will allow all origins).

Rossen Stoyanchev, Sebastien Deleuze
  • Field Details

    • logger

      protected final Log logger
    • corsConfiguration

      protected final CorsConfiguration corsConfiguration
  • Constructor Details

    • AbstractSockJsService

      public AbstractSockJsService(TaskScheduler scheduler)
  • Method Details

    • getTaskScheduler

      public TaskScheduler getTaskScheduler()
      A scheduler instance to use for scheduling heart-beat messages.
    • setName

      public void setName(String name)
      Set a unique name for this service (mainly for logging purposes).
    • getName

      public String getName()
      Return the unique name associated with this service.
    • setSockJsClientLibraryUrl

      public void setSockJsClientLibraryUrl(String clientLibraryUrl)
      Transports with no native cross-domain communication (e.g. "eventsource", "htmlfile") must get a simple page from the "foreign" domain in an invisible iframe so that code in the iframe can run from a domain local to the SockJS server. Since the iframe needs to load the SockJS JavaScript client library, this property allows specifying where to load it from.

      By default this is set to point to "". However, it can also be set to point to a URL served by the application.

      Note that it's possible to specify a relative URL in which case the URL must be relative to the iframe URL. For example assuming a SockJS endpoint mapped to "/sockjs", and resulting iframe URL "/sockjs/iframe.html", then the relative URL must start with "../../" to traverse up to the location above the SockJS mapping. In case of a prefix-based Servlet mapping one more traversals may be needed.

    • getSockJsClientLibraryUrl

      public String getSockJsClientLibraryUrl()
      Return he URL to the SockJS JavaScript client library.
    • setStreamBytesLimit

      public void setStreamBytesLimit(int streamBytesLimit)
      Streaming transports save responses on the client side and don't free memory used by delivered messages. Such transports need to recycle the connection once in a while. This property sets a minimum number of bytes that can be sent over a single HTTP streaming request before it will be closed. After that client will open a new request. Setting this value to one effectively disables streaming and will make streaming transports to behave like polling transports.

      The default value is 128K (i.e. 128 * 1024).

    • getStreamBytesLimit

      public int getStreamBytesLimit()
      Return the minimum number of bytes that can be sent over a single HTTP streaming request before it will be closed.
    • setSessionCookieNeeded

      public void setSessionCookieNeeded(boolean sessionCookieNeeded)
      The SockJS protocol requires a server to respond to an initial "/info" request from clients with a "cookie_needed" boolean property that indicates whether the use of a JSESSIONID cookie is required for the application to function correctly, e.g. for load balancing or in Java Servlet containers for the use of an HTTP session.

      This is especially important for IE 8,9 that support XDomainRequest -- a modified AJAX/XHR -- that can do requests across domains but does not send any cookies. In those cases, the SockJS client prefers the "iframe-htmlfile" transport over "xdr-streaming" in order to be able to send cookies.

      The SockJS protocol also expects a SockJS service to echo back the JSESSIONID cookie when this property is set to true. However, when running in a Servlet container this is not necessary since the container takes care of it.

      The default value is "true" to maximize the chance for applications to work correctly in IE 8,9 with support for cookies (and the JSESSIONID cookie in particular). However, an application can choose to set this to "false" if the use of cookies (and HTTP session) is not required.

    • isSessionCookieNeeded

      public boolean isSessionCookieNeeded()
      Return whether the JSESSIONID cookie is required for the application to function.
    • setHeartbeatTime

      public void setHeartbeatTime(long heartbeatTime)
      Specify the amount of time in milliseconds when the server has not sent any messages and after which the server should send a heartbeat frame to the client in order to keep the connection from breaking.

      The default value is 25,000 (25 seconds).

    • getHeartbeatTime

      public long getHeartbeatTime()
      Return the amount of time in milliseconds when the server has not sent any messages.
    • setDisconnectDelay

      public void setDisconnectDelay(long disconnectDelay)
      The amount of time in milliseconds before a client is considered disconnected after not having a receiving connection, i.e. an active connection over which the server can send data to the client.

      The default value is 5000.

    • getDisconnectDelay

      public long getDisconnectDelay()
      Return the amount of time in milliseconds before a client is considered disconnected.
    • setHttpMessageCacheSize

      public void setHttpMessageCacheSize(int httpMessageCacheSize)
      The number of server-to-client messages that a session can cache while waiting for the next HTTP polling request from the client. All HTTP transports use this property since even streaming transports recycle HTTP requests periodically.

      The amount of time between HTTP requests should be relatively brief and will not exceed the allows disconnect delay (see setDisconnectDelay(long)); 5 seconds by default.

      The default size is 100.

    • getHttpMessageCacheSize

      public int getHttpMessageCacheSize()
      Return the size of the HTTP message cache.
    • setWebSocketEnabled

      public void setWebSocketEnabled(boolean webSocketEnabled)
      Some load balancers do not support WebSocket. This option can be used to disable the WebSocket transport on the server side.

      The default value is "true".

    • isWebSocketEnabled

      public boolean isWebSocketEnabled()
      Return whether WebSocket transport is enabled.
    • setSuppressCors

      public void setSuppressCors(boolean suppressCors)
      This option can be used to disable automatic addition of CORS headers for SockJS requests.

      The default value is "false".

    • shouldSuppressCors

      public boolean shouldSuppressCors()
      Return if automatic addition of CORS headers has been disabled.
      See Also:
    • setAllowedOrigins

      public void setAllowedOrigins(Collection<String> allowedOrigins)
      Set the origins for which cross-origin requests are allowed from a browser. Please, refer to CorsConfiguration.setAllowedOrigins(List) for format details and considerations, and keep in mind that the CORS spec does not allow use of "*" with allowCredentials=true. For more flexible origin patterns use setAllowedOriginPatterns(java.util.Collection<java.lang.String>) instead.

      By default, no origins are allowed. When allowedOriginPatterns is also set, then that takes precedence over this property.

      Note when SockJS is enabled and origins are restricted, transport types that do not allow to check request origin (Iframe based transports) are disabled. As a consequence, IE 6 to 9 are not supported when origins are restricted.

      See Also:
    • getAllowedOrigins

      @Nullable public Collection<String> getAllowedOrigins()
      Return the configured allowed origins.
    • setAllowedOriginPatterns

      public void setAllowedOriginPatterns(Collection<String> allowedOriginPatterns)
      Alternative to setAllowedOrigins(Collection) that supports more flexible patterns for specifying the origins for which cross-origin requests are allowed from a browser. Please, refer to CorsConfiguration.setAllowedOriginPatterns(List) for format details and other considerations.

      By default this is not set.

    • getAllowedOriginPatterns

      @Nullable public Collection<String> getAllowedOriginPatterns()
      Return configured origin patterns.
    • handleRequest

      public final void handleRequest(ServerHttpRequest request, ServerHttpResponse response, @Nullable String sockJsPath, WebSocketHandler wsHandler) throws SockJsException
      This method determines the SockJS path and handles SockJS static URLs. Session URLs and raw WebSocket requests are delegated to abstract methods.
      Specified by:
      handleRequest in interface SockJsService
      request - the current request
      response - the current response
      sockJsPath - the remainder of the path within the SockJS service prefix
      wsHandler - the handler that will exchange messages with the SockJS client
      SockJsException - raised when request processing fails; generally, failed attempts to send messages to clients automatically close the SockJS session and raise SockJsTransportFailureException; failed attempts to read messages from clients do not automatically close the session and may result in SockJsMessageDeliveryException or SockJsException; exceptions from the WebSocketHandler can be handled internally or through ExceptionWebSocketHandlerDecorator or some alternative decorator. The former is automatically added when using SockJsHttpRequestHandler.
    • validateRequest

      protected boolean validateRequest(String serverId, String sessionId, String transport)
    • checkOrigin

      protected boolean checkOrigin(ServerHttpRequest request, ServerHttpResponse response, HttpMethod... httpMethods) throws IOException
    • getCorsConfiguration

      @Nullable public CorsConfiguration getCorsConfiguration(HttpServletRequest request)
      Description copied from interface: CorsConfigurationSource
      Return a CorsConfiguration based on the incoming request.
      Specified by:
      getCorsConfiguration in interface CorsConfigurationSource
      the associated CorsConfiguration, or null if none
    • addCacheHeaders

      protected void addCacheHeaders(ServerHttpResponse response)
    • addNoCacheHeaders

      protected void addNoCacheHeaders(ServerHttpResponse response)
    • sendMethodNotAllowed

      protected void sendMethodNotAllowed(ServerHttpResponse response, HttpMethod... httpMethods)
    • handleRawWebSocketRequest

      protected abstract void handleRawWebSocketRequest(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler webSocketHandler) throws IOException
      Handle request for raw WebSocket communication, i.e. without any SockJS message framing.
    • handleTransportRequest

      protected abstract void handleTransportRequest(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler webSocketHandler, String sessionId, String transport) throws SockJsException
      Handle a SockJS session URL (i.e. transport-specific request).