Skip to content

Commit

Permalink
Add allowedOriginPatterns to WebSocketHandlerRegistration
Browse files Browse the repository at this point in the history
Closes gh-26593
  • Loading branch information
rstoyanchev committed Feb 24, 2021
1 parent ec5774e commit 0fd774e
Show file tree
Hide file tree
Showing 3 changed files with 45 additions and 7 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2018 the original author or authors.
* Copyright 2002-2021 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -54,6 +54,8 @@ public abstract class AbstractWebSocketHandlerRegistration<M> implements WebSock

private final List<String> allowedOrigins = new ArrayList<>();

private final List<String> allowedOriginPatterns = new ArrayList<>();

@Nullable
private SockJsServiceRegistration sockJsServiceRegistration;

Expand Down Expand Up @@ -94,6 +96,15 @@ public WebSocketHandlerRegistration setAllowedOrigins(String... allowedOrigins)
return this;
}

@Override
public WebSocketHandlerRegistration setAllowedOriginPatterns(String... allowedOriginPatterns) {
this.allowedOriginPatterns.clear();
if (!ObjectUtils.isEmpty(allowedOriginPatterns)) {
this.allowedOriginPatterns.addAll(Arrays.asList(allowedOriginPatterns));
}
return this;
}

@Override
public SockJsServiceRegistration withSockJS() {
this.sockJsServiceRegistration = new SockJsServiceRegistration();
Expand All @@ -108,13 +119,21 @@ public SockJsServiceRegistration withSockJS() {
if (!this.allowedOrigins.isEmpty()) {
this.sockJsServiceRegistration.setAllowedOrigins(StringUtils.toStringArray(this.allowedOrigins));
}
if (!this.allowedOriginPatterns.isEmpty()) {
this.sockJsServiceRegistration.setAllowedOriginPatterns(
StringUtils.toStringArray(this.allowedOriginPatterns));
}
return this.sockJsServiceRegistration;
}

protected HandshakeInterceptor[] getInterceptors() {
List<HandshakeInterceptor> interceptors = new ArrayList<>(this.interceptors.size() + 1);
interceptors.addAll(this.interceptors);
interceptors.add(new OriginHandshakeInterceptor(this.allowedOrigins));
OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(this.allowedOrigins);
if (!ObjectUtils.isEmpty(this.allowedOriginPatterns)) {
interceptor.setAllowedOriginPatterns(this.allowedOriginPatterns);
}
interceptors.add(interceptor);
return interceptors.toArray(new HandshakeInterceptor[0]);
}

Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2018 the original author or authors.
* Copyright 2002-2021 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -63,6 +63,15 @@ public interface WebSocketHandlerRegistration {
*/
WebSocketHandlerRegistration setAllowedOrigins(String... origins);

/**
* A variant of {@link #setAllowedOrigins(String...)} that accepts flexible
* domain patterns, e.g. {@code "https://*.domain1.com"}. Furthermore it
* always sets the {@code Access-Control-Allow-Origin} response header to
* the matched origin and never to {@code "*"}, nor to any other pattern.
* @since 5.3.5
*/
WebSocketHandlerRegistration setAllowedOriginPatterns(String... originPatterns);

/**
* Enable SockJS fallback options.
*/
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2002-2019 the original author or authors.
* Copyright 2002-2021 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -115,7 +115,10 @@ public void interceptorsWithAllowedOrigins() {
WebSocketHandler handler = new TextWebSocketHandler();
HttpSessionHandshakeInterceptor interceptor = new HttpSessionHandshakeInterceptor();

this.registration.addHandler(handler, "/foo").addInterceptors(interceptor).setAllowedOrigins("https://mydomain1.example");
this.registration.addHandler(handler, "/foo")
.addInterceptors(interceptor)
.setAllowedOrigins("https://mydomain1.example")
.setAllowedOriginPatterns("https://*.abc.com");

List<Mapping> mappings = this.registration.getMappings();
assertThat(mappings.size()).isEqualTo(1);
Expand All @@ -126,7 +129,10 @@ public void interceptorsWithAllowedOrigins() {
assertThat(mapping.interceptors).isNotNull();
assertThat(mapping.interceptors.length).isEqualTo(2);
assertThat(mapping.interceptors[0]).isEqualTo(interceptor);
assertThat(mapping.interceptors[1].getClass()).isEqualTo(OriginHandshakeInterceptor.class);

OriginHandshakeInterceptor originInterceptor = (OriginHandshakeInterceptor) mapping.interceptors[1];
assertThat(originInterceptor.getAllowedOrigins()).containsExactly("https://mydomain1.example");
assertThat(originInterceptor.getAllowedOriginPatterns()).containsExactly("https://*.abc.com");
}

@Test
Expand All @@ -137,6 +143,7 @@ public void interceptorsPassedToSockJsRegistration() {
this.registration.addHandler(handler, "/foo")
.addInterceptors(interceptor)
.setAllowedOrigins("https://mydomain1.example")
.setAllowedOriginPatterns("https://*.abc.com")
.withSockJS();

this.registration.getSockJsServiceRegistration().setTaskScheduler(this.taskScheduler);
Expand All @@ -151,7 +158,10 @@ public void interceptorsPassedToSockJsRegistration() {
assertThat(mapping.sockJsService.getAllowedOrigins().contains("https://mydomain1.example")).isTrue();
List<HandshakeInterceptor> interceptors = mapping.sockJsService.getHandshakeInterceptors();
assertThat(interceptors.get(0)).isEqualTo(interceptor);
assertThat(interceptors.get(1).getClass()).isEqualTo(OriginHandshakeInterceptor.class);

OriginHandshakeInterceptor originInterceptor = (OriginHandshakeInterceptor) interceptors.get(1);
assertThat(originInterceptor.getAllowedOrigins()).containsExactly("https://mydomain1.example");
assertThat(originInterceptor.getAllowedOriginPatterns()).containsExactly("https://*.abc.com");
}

@Test
Expand Down

0 comments on commit 0fd774e

Please sign in to comment.