Class AbstractSockJsService
- All Implemented Interfaces:
CorsConfigurationSource
,SockJsService
- Direct Known Subclasses:
TransportHandlingSockJsService
SockJsService
implementations that provides SockJS
path resolution and handling of static SockJS requests (e.g. "/info", "/iframe.html",
etc). Sub-classes must handle session URLs (i.e. transport-specific requests).
By default, only same origin requests are allowed. Use setAllowedOrigins(java.util.Collection<java.lang.String>)
to specify a list of allowed origins (a list containing "*" will allow all origins).
- Since:
- 4.0
- Author:
- Rossen Stoyanchev, Sebastien Deleuze
-
Field Summary
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected void
addCacheHeaders
(ServerHttpResponse response) protected void
addNoCacheHeaders
(ServerHttpResponse response) protected boolean
checkOrigin
(ServerHttpRequest request, ServerHttpResponse response, HttpMethod... httpMethods) Returnconfigured
origin patterns.Return theconfigured
allowed origins.getCorsConfiguration
(HttpServletRequest request) Return aCorsConfiguration
based on the incoming request.long
Return the amount of time in milliseconds before a client is considered disconnected.long
Return the amount of time in milliseconds when the server has not sent any messages.int
Return the size of the HTTP message cache.getName()
Return the unique name associated with this service.Return he URL to the SockJS JavaScript client library.int
Return the minimum number of bytes that can be sent over a single HTTP streaming request before it will be closed.A scheduler instance to use for scheduling heart-beat messages.protected abstract void
handleRawWebSocketRequest
(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler webSocketHandler) Handle request for raw WebSocket communication, i.e.final void
handleRequest
(ServerHttpRequest request, ServerHttpResponse response, String sockJsPath, WebSocketHandler wsHandler) This method determines the SockJS path and handles SockJS static URLs.protected abstract void
handleTransportRequest
(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler webSocketHandler, String sessionId, String transport) Handle a SockJS session URL (i.e.boolean
Return whether the JSESSIONID cookie is required for the application to function.boolean
Return whether WebSocket transport is enabled.protected void
sendMethodNotAllowed
(ServerHttpResponse response, HttpMethod... httpMethods) void
setAllowedOriginPatterns
(Collection<String> allowedOriginPatterns) Alternative tosetAllowedOrigins(Collection)
that supports more flexible patterns for specifying the origins for which cross-origin requests are allowed from a browser.void
setAllowedOrigins
(Collection<String> allowedOrigins) Set the origins for which cross-origin requests are allowed from a browser.void
setDisconnectDelay
(long disconnectDelay) The amount of time in milliseconds before a client is considered disconnected after not having a receiving connection, i.e.void
setHeartbeatTime
(long heartbeatTime) Specify the amount of time in milliseconds when the server has not sent any messages and after which the server should send a heartbeat frame to the client in order to keep the connection from breaking.void
setHttpMessageCacheSize
(int httpMessageCacheSize) The number of server-to-client messages that a session can cache while waiting for the next HTTP polling request from the client.void
Set a unique name for this service (mainly for logging purposes).void
setSessionCookieNeeded
(boolean sessionCookieNeeded) The SockJS protocol requires a server to respond to an initial "/info" request from clients with a "cookie_needed" boolean property that indicates whether the use of a JSESSIONID cookie is required for the application to function correctly, e.g.void
setSockJsClientLibraryUrl
(String clientLibraryUrl) Transports with no native cross-domain communication (e.g.void
setStreamBytesLimit
(int streamBytesLimit) Streaming transports save responses on the client side and don't free memory used by delivered messages.void
setSuppressCors
(boolean suppressCors) This option can be used to disable automatic addition of CORS headers for SockJS requests.void
setWebSocketEnabled
(boolean webSocketEnabled) Some load balancers do not support WebSocket.boolean
Return if automatic addition of CORS headers has been disabled.protected boolean
validateRequest
(String serverId, String sessionId, String transport)
-
Field Details
-
logger
-
corsConfiguration
-
-
Constructor Details
-
AbstractSockJsService
-
-
Method Details
-
getTaskScheduler
A scheduler instance to use for scheduling heart-beat messages. -
setName
Set a unique name for this service (mainly for logging purposes). -
getName
Return the unique name associated with this service. -
setSockJsClientLibraryUrl
Transports with no native cross-domain communication (e.g. "eventsource", "htmlfile") must get a simple page from the "foreign" domain in an invisibleiframe
so that code in theiframe
can run from a domain local to the SockJS server. Since theiframe
needs to load the SockJS JavaScript client library, this property allows specifying where to load it from.By default this is set to point to "https://cdn.jsdelivr.net/sockjs/1.0.0/sockjs.min.js". However, it can also be set to point to a URL served by the application.
Note that it's possible to specify a relative URL in which case the URL must be relative to the
iframe
URL. For example assuming a SockJS endpoint mapped to "/sockjs", and resultingiframe
URL "/sockjs/iframe.html", then the relative URL must start with "../../" to traverse up to the location above the SockJS mapping. In case of a prefix-based Servlet mapping one more traversals may be needed. -
getSockJsClientLibraryUrl
Return he URL to the SockJS JavaScript client library. -
setStreamBytesLimit
public void setStreamBytesLimit(int streamBytesLimit) Streaming transports save responses on the client side and don't free memory used by delivered messages. Such transports need to recycle the connection once in a while. This property sets a minimum number of bytes that can be sent over a single HTTP streaming request before it will be closed. After that client will open a new request. Setting this value to one effectively disables streaming and will make streaming transports to behave like polling transports.The default value is 128K (i.e. 128 * 1024).
-
getStreamBytesLimit
public int getStreamBytesLimit()Return the minimum number of bytes that can be sent over a single HTTP streaming request before it will be closed. -
setSessionCookieNeeded
public void setSessionCookieNeeded(boolean sessionCookieNeeded) The SockJS protocol requires a server to respond to an initial "/info" request from clients with a "cookie_needed" boolean property that indicates whether the use of a JSESSIONID cookie is required for the application to function correctly, e.g. for load balancing or in Java Servlet containers for the use of an HTTP session.This is especially important for IE 8,9 that support XDomainRequest -- a modified AJAX/XHR -- that can do requests across domains but does not send any cookies. In those cases, the SockJS client prefers the "iframe-htmlfile" transport over "xdr-streaming" in order to be able to send cookies.
The SockJS protocol also expects a SockJS service to echo back the JSESSIONID cookie when this property is set to true. However, when running in a Servlet container this is not necessary since the container takes care of it.
The default value is "true" to maximize the chance for applications to work correctly in IE 8,9 with support for cookies (and the JSESSIONID cookie in particular). However, an application can choose to set this to "false" if the use of cookies (and HTTP session) is not required.
-
isSessionCookieNeeded
public boolean isSessionCookieNeeded()Return whether the JSESSIONID cookie is required for the application to function. -
setHeartbeatTime
public void setHeartbeatTime(long heartbeatTime) Specify the amount of time in milliseconds when the server has not sent any messages and after which the server should send a heartbeat frame to the client in order to keep the connection from breaking.The default value is 25,000 (25 seconds).
-
getHeartbeatTime
public long getHeartbeatTime()Return the amount of time in milliseconds when the server has not sent any messages. -
setDisconnectDelay
public void setDisconnectDelay(long disconnectDelay) The amount of time in milliseconds before a client is considered disconnected after not having a receiving connection, i.e. an active connection over which the server can send data to the client.The default value is 5000.
-
getDisconnectDelay
public long getDisconnectDelay()Return the amount of time in milliseconds before a client is considered disconnected. -
setHttpMessageCacheSize
public void setHttpMessageCacheSize(int httpMessageCacheSize) The number of server-to-client messages that a session can cache while waiting for the next HTTP polling request from the client. All HTTP transports use this property since even streaming transports recycle HTTP requests periodically.The amount of time between HTTP requests should be relatively brief and will not exceed the allows disconnect delay (see
setDisconnectDelay(long)
); 5 seconds by default.The default size is 100.
-
getHttpMessageCacheSize
public int getHttpMessageCacheSize()Return the size of the HTTP message cache. -
setWebSocketEnabled
public void setWebSocketEnabled(boolean webSocketEnabled) Some load balancers do not support WebSocket. This option can be used to disable the WebSocket transport on the server side.The default value is "true".
-
isWebSocketEnabled
public boolean isWebSocketEnabled()Return whether WebSocket transport is enabled. -
setSuppressCors
public void setSuppressCors(boolean suppressCors) This option can be used to disable automatic addition of CORS headers for SockJS requests.The default value is "false".
- Since:
- 4.1.2
-
shouldSuppressCors
public boolean shouldSuppressCors()Return if automatic addition of CORS headers has been disabled.- Since:
- 4.1.2
- See Also:
-
setAllowedOrigins
Set the origins for which cross-origin requests are allowed from a browser. Please, refer toCorsConfiguration.setAllowedOrigins(List)
for format details and considerations, and keep in mind that the CORS spec does not allow use of"*"
withallowCredentials=true
. For more flexible origin patterns usesetAllowedOriginPatterns(java.util.Collection<java.lang.String>)
instead.By default, no origins are allowed. When
allowedOriginPatterns
is also set, then that takes precedence over this property.Note when SockJS is enabled and origins are restricted, transport types that do not allow to check request origin (Iframe based transports) are disabled. As a consequence, IE 6 to 9 are not supported when origins are restricted.
-
getAllowedOrigins
Return theconfigured
allowed origins.- Since:
- 4.1.2
-
setAllowedOriginPatterns
Alternative tosetAllowedOrigins(Collection)
that supports more flexible patterns for specifying the origins for which cross-origin requests are allowed from a browser. Please, refer toCorsConfiguration.setAllowedOriginPatterns(List)
for format details and other considerations.By default this is not set.
- Since:
- 5.2.3
-
getAllowedOriginPatterns
Returnconfigured
origin patterns.- Since:
- 5.3.2
-
handleRequest
public final void handleRequest(ServerHttpRequest request, ServerHttpResponse response, @Nullable String sockJsPath, WebSocketHandler wsHandler) throws SockJsException This method determines the SockJS path and handles SockJS static URLs. Session URLs and raw WebSocket requests are delegated to abstract methods.- Specified by:
handleRequest
in interfaceSockJsService
- Parameters:
request
- the current requestresponse
- the current responsesockJsPath
- the remainder of the path within the SockJS service prefixwsHandler
- the handler that will exchange messages with the SockJS client- Throws:
SockJsException
- raised when request processing fails; generally, failed attempts to send messages to clients automatically close the SockJS session and raiseSockJsTransportFailureException
; failed attempts to read messages from clients do not automatically close the session and may result inSockJsMessageDeliveryException
orSockJsException
; exceptions from the WebSocketHandler can be handled internally or throughExceptionWebSocketHandlerDecorator
or some alternative decorator. The former is automatically added when usingSockJsHttpRequestHandler
.
-
validateRequest
-
checkOrigin
protected boolean checkOrigin(ServerHttpRequest request, ServerHttpResponse response, HttpMethod... httpMethods) throws IOException - Throws:
IOException
-
getCorsConfiguration
Description copied from interface:CorsConfigurationSource
Return aCorsConfiguration
based on the incoming request.- Specified by:
getCorsConfiguration
in interfaceCorsConfigurationSource
- Returns:
- the associated
CorsConfiguration
, ornull
if none
-
addCacheHeaders
-
addNoCacheHeaders
-
sendMethodNotAllowed
-
handleRawWebSocketRequest
protected abstract void handleRawWebSocketRequest(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler webSocketHandler) throws IOException Handle request for raw WebSocket communication, i.e. without any SockJS message framing.- Throws:
IOException
-
handleTransportRequest
protected abstract void handleTransportRequest(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler webSocketHandler, String sessionId, String transport) throws SockJsException Handle a SockJS session URL (i.e. transport-specific request).- Throws:
SockJsException
-