Class CsrfTokenHandshakeInterceptor
java.lang.Object
org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor
- All Implemented Interfaces:
org.springframework.web.socket.server.HandshakeInterceptor
public final class CsrfTokenHandshakeInterceptor
extends Object
implements org.springframework.web.socket.server.HandshakeInterceptor
Loads a CsrfToken from the HttpServletRequest and HttpServletResponse to populate the
WebSocket attributes. This is used as the expected CsrfToken when validating connection
requests to ensure only the same origin connects.
- Since:
- 4.0
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
afterHandshake
(org.springframework.http.server.ServerHttpRequest request, org.springframework.http.server.ServerHttpResponse response, org.springframework.web.socket.WebSocketHandler wsHandler, Exception exception) boolean
beforeHandshake
(org.springframework.http.server.ServerHttpRequest request, org.springframework.http.server.ServerHttpResponse response, org.springframework.web.socket.WebSocketHandler wsHandler, Map<String, Object> attributes)
-
Constructor Details
-
CsrfTokenHandshakeInterceptor
public CsrfTokenHandshakeInterceptor()
-
-
Method Details
-
beforeHandshake
public boolean beforeHandshake(org.springframework.http.server.ServerHttpRequest request, org.springframework.http.server.ServerHttpResponse response, org.springframework.web.socket.WebSocketHandler wsHandler, Map<String, Object> attributes) - Specified by:
beforeHandshake
in interfaceorg.springframework.web.socket.server.HandshakeInterceptor
-
afterHandshake
public void afterHandshake(org.springframework.http.server.ServerHttpRequest request, org.springframework.http.server.ServerHttpResponse response, org.springframework.web.socket.WebSocketHandler wsHandler, Exception exception) - Specified by:
afterHandshake
in interfaceorg.springframework.web.socket.server.HandshakeInterceptor
-