org.springframework.web.socket.server.support

Class OriginHandshakeInterceptor

  • java.lang.Object
    • org.springframework.web.socket.server.support.OriginHandshakeInterceptor
  • All Implemented Interfaces:
    HandshakeInterceptor


    public class OriginHandshakeInterceptor
    extends java.lang.Object
    implements HandshakeInterceptor
    An interceptor to check request Origin header value against a collection of allowed origins.
    Since:
    4.1.2
    Author:
    Sebastien Deleuze
    • Field Detail

      • logger

        protected final Log logger
    • Constructor Detail

      • OriginHandshakeInterceptor

        public OriginHandshakeInterceptor()
        Default constructor with only same origin requests allowed.
      • OriginHandshakeInterceptor

        public OriginHandshakeInterceptor(java.util.Collection<java.lang.String> allowedOrigins)
        Constructor using the specified allowed origin values.
        See Also:
        setAllowedOrigins(Collection)
    • Method Detail

      • setAllowedOrigins

        public void setAllowedOrigins(java.util.Collection<java.lang.String> allowedOrigins)
        Configure allowed Origin header values. This check is mostly designed for browsers. There is nothing preventing other types of client to modify the Origin header value.

        Each provided allowed origin must have a scheme, and optionally a port (e.g. "http://example.org", "http://example.org:9090"). An allowed origin string may also be "*" in which case all origins are allowed.

        See Also:
        RFC 6454: The Web Origin Concept
      • beforeHandshake

        public boolean beforeHandshake(ServerHttpRequest request,
                                       ServerHttpResponse response,
                                       WebSocketHandler wsHandler,
                                       java.util.Map<java.lang.String,java.lang.Object> attributes)
                                throws java.lang.Exception
        Description copied from interface: HandshakeInterceptor
        Invoked before the handshake is processed.
        Specified by:
        beforeHandshake in interface HandshakeInterceptor
        Parameters:
        request - the current request
        response - the current response
        wsHandler - the target WebSocket handler
        attributes - attributes from the HTTP handshake to associate with the WebSocket session; the provided attributes are copied, the original map is not used.
        Returns:
        whether to proceed with the handshake (true) or abort (false)
        Throws:
        java.lang.Exception
      • afterHandshake

        public void afterHandshake(ServerHttpRequest request,
                                   ServerHttpResponse response,
                                   WebSocketHandler wsHandler,
                                   @Nullable
                                   java.lang.Exception exception)
        Description copied from interface: HandshakeInterceptor
        Invoked after the handshake is done. The response status and headers indicate the results of the handshake, i.e. whether it was successful or not.
        Specified by:
        afterHandshake in interface HandshakeInterceptor
        Parameters:
        request - the current request
        response - the current response
        wsHandler - the target WebSocket handler
        exception - an exception raised during the handshake, or null if none