protected HandshakeInterceptor[] getInterceptors() { List<HandshakeInterceptor> interceptors = new ArrayList<>(this.interceptors.size() + 1); interceptors.addAll(this.interceptors); interceptors.add(new OriginHandshakeInterceptor(this.allowedOrigins)); return interceptors.toArray(new HandshakeInterceptor[0]); }
@Test public void originMatchAll() throws Exception { Map<String, Object> attributes = new HashMap<>(); WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.class); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain1.com"); OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(); interceptor.setAllowedOrigins(Collections.singletonList("*")); assertTrue(interceptor.beforeHandshake(request, response, wsHandler, attributes)); assertNotEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value()); }
@Test public void originValueMatch() throws Exception { Map<String, Object> attributes = new HashMap<>(); WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.class); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain1.com"); List<String> allowed = Collections.singletonList("http://mydomain1.com"); OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(allowed); assertTrue(interceptor.beforeHandshake(request, response, wsHandler, attributes)); assertNotEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value()); }
/** * Constructor using the specified allowed origin values. * @see #setAllowedOrigins(Collection) */ public OriginHandshakeInterceptor(Collection<String> allowedOrigins) { setAllowedOrigins(allowedOrigins); }
@Test public void originValueNoMatch() throws Exception { Map<String, Object> attributes = new HashMap<>(); WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.class); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain1.com"); List<String> allowed = Collections.singletonList("http://mydomain2.com"); OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(allowed); assertFalse(interceptor.beforeHandshake(request, response, wsHandler, attributes)); assertEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value()); }
/** * Constructor using the specified allowed origin values. * @see #setAllowedOrigins(Collection) */ public OriginHandshakeInterceptor(Collection<String> allowedOrigins) { setAllowedOrigins(allowedOrigins); }
protected HandshakeInterceptor[] getInterceptors() { List<HandshakeInterceptor> interceptors = new ArrayList<>(this.interceptors.size() + 1); interceptors.addAll(this.interceptors); interceptors.add(new OriginHandshakeInterceptor(this.allowedOrigins)); return interceptors.toArray(new HandshakeInterceptor[0]); }
@Test public void originListMatch() throws Exception { Map<String, Object> attributes = new HashMap<>(); WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.class); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com"); List<String> allowed = Arrays.asList("http://mydomain1.com", "http://mydomain2.com", "http://mydomain3.com"); OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(allowed); assertTrue(interceptor.beforeHandshake(request, response, wsHandler, attributes)); assertNotEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value()); }
@Test public void originNoMatchWithNullHostileCollection() throws Exception { Map<String, Object> attributes = new HashMap<>(); WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.class); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain4.com"); OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(); Set<String> allowedOrigins = new ConcurrentSkipListSet<>(); allowedOrigins.add("http://mydomain1.com"); interceptor.setAllowedOrigins(allowedOrigins); assertFalse(interceptor.beforeHandshake(request, response, wsHandler, attributes)); assertEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value()); }
/** * Constructor using the specified allowed origin values. * @see #setAllowedOrigins(Collection) */ public OriginHandshakeInterceptor(Collection<String> allowedOrigins) { setAllowedOrigins(allowedOrigins); }
@Test(expected = IllegalArgumentException.class) public void invalidInput() { new OriginHandshakeInterceptor(null); }
@Test public void originListNoMatch() throws Exception { Map<String, Object> attributes = new HashMap<>(); WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.class); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain4.com"); List<String> allowed = Arrays.asList("http://mydomain1.com", "http://mydomain2.com", "http://mydomain3.com"); OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(allowed); assertFalse(interceptor.beforeHandshake(request, response, wsHandler, attributes)); assertEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value()); }
private RuntimeBeanReference registerRequestHandler( Element element, RuntimeBeanReference subProtoHandler, ParserContext ctx, @Nullable Object source) { RootBeanDefinition beanDef; RuntimeBeanReference sockJsService = WebSocketNamespaceUtils.registerSockJsService( element, SCHEDULER_BEAN_NAME, ctx, source); if (sockJsService != null) { ConstructorArgumentValues cargs = new ConstructorArgumentValues(); cargs.addIndexedArgumentValue(0, sockJsService); cargs.addIndexedArgumentValue(1, subProtoHandler); beanDef = new RootBeanDefinition(SockJsHttpRequestHandler.class, cargs, null); // Register alias for backwards compatibility with 4.1 ctx.getRegistry().registerAlias(SCHEDULER_BEAN_NAME, SOCKJS_SCHEDULER_BEAN_NAME); } else { RuntimeBeanReference handler = WebSocketNamespaceUtils.registerHandshakeHandler(element, ctx, source); Element interceptElem = DomUtils.getChildElementByTagName(element, "handshake-interceptors"); ManagedList<Object> interceptors = WebSocketNamespaceUtils.parseBeanSubElements(interceptElem, ctx); String allowedOrigins = element.getAttribute("allowed-origins"); List<String> origins = Arrays.asList(StringUtils.tokenizeToStringArray(allowedOrigins, ",")); interceptors.add(new OriginHandshakeInterceptor(origins)); ConstructorArgumentValues cargs = new ConstructorArgumentValues(); cargs.addIndexedArgumentValue(0, subProtoHandler); cargs.addIndexedArgumentValue(1, handler); beanDef = new RootBeanDefinition(WebSocketHttpRequestHandler.class, cargs, null); beanDef.getPropertyValues().add("handshakeInterceptors", interceptors); } return new RuntimeBeanReference(registerBeanDef(beanDef, ctx, source)); }
@Test public void sameOriginMatchWithEmptyAllowedOrigins() throws Exception { Map<String, Object> attributes = new HashMap<>(); WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.class); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com"); this.servletRequest.setServerName("mydomain2.com"); OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList()); assertTrue(interceptor.beforeHandshake(request, response, wsHandler, attributes)); assertNotEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value()); }
String allowedOrigins = element.getAttribute("allowed-origins"); List<String> origins = Arrays.asList(StringUtils.tokenizeToStringArray(allowedOrigins, ",")); interceptors.add(new OriginHandshakeInterceptor(origins)); strategy = new WebSocketHandlerMappingStrategy(handler, interceptors);
@Test public void sameOriginMatchWithAllowedOrigins() throws Exception { Map<String, Object> attributes = new HashMap<>(); WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.class); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com"); this.servletRequest.setServerName("mydomain2.com"); OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Arrays.asList("http://mydomain1.com")); assertTrue(interceptor.beforeHandshake(request, response, wsHandler, attributes)); assertNotEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value()); }
@Test public void handleTransportRequestWebsocket() throws Exception { TransportHandlingSockJsService wsService = new TransportHandlingSockJsService( this.taskScheduler, this.wsTransportHandler); String sockJsPath = "/websocket"; setRequest("GET", sockJsPrefix + sockJsPath); wsService.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertNotEquals(403, this.servletResponse.getStatus()); resetRequestAndResponse(); List<String> allowed = Collections.singletonList("http://mydomain1.com"); OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(allowed); wsService.setHandshakeInterceptors(Collections.singletonList(interceptor)); setRequest("GET", sockJsPrefix + sockJsPath); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain1.com"); wsService.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertNotEquals(403, this.servletResponse.getStatus()); resetRequestAndResponse(); setRequest("GET", sockJsPrefix + sockJsPath); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain2.com"); wsService.handleRequest(this.request, this.response, sockJsPath, this.wsHandler); assertEquals(403, this.servletResponse.getStatus()); }
@Test public void sameOriginNoMatch() throws Exception { Map<String, Object> attributes = new HashMap<>(); WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.class); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain3.com"); this.servletRequest.setServerName("mydomain2.com"); OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(Collections.emptyList()); assertFalse(interceptor.beforeHandshake(request, response, wsHandler, attributes)); assertEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value()); }
protected HandshakeInterceptor[] getInterceptors() { List<HandshakeInterceptor> interceptors = new ArrayList<>(this.interceptors.size() + 1); interceptors.addAll(this.interceptors); interceptors.add(new OriginHandshakeInterceptor(this.allowedOrigins)); return interceptors.toArray(new HandshakeInterceptor[0]); }
protected HandshakeInterceptor[] getInterceptors() { List<HandshakeInterceptor> interceptors = new ArrayList<>(this.interceptors.size() + 1); interceptors.addAll(this.interceptors); interceptors.add(new OriginHandshakeInterceptor(this.allowedOrigins)); return interceptors.toArray(new HandshakeInterceptor[0]); }