root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Add allowedOriginPatterns to WebSocketHandlerRegistration 

Closes gh-26593
This commit is contained in:
Rossen Stoyanchev 2021-02-23 18:03:18 +00:00
parent ec5774e748
commit 0fd774e69f
3 changed files with 45 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
spring-websocket/src/main/java/org/springframework/web/socket/config/annotation/AbstractWebSocketHandlerRegistration.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2018 the original author or authors. * Copyright 2002-2021 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -54,6 +54,8 @@ public abstract class AbstractWebSocketHandlerRegistration<M> implements WebSock
private final List<String> allowedOrigins = new ArrayList<>(); private final List<String> allowedOrigins = new ArrayList<>();
private final List<String> allowedOriginPatterns = new ArrayList<>();
@Nullable @Nullable
private SockJsServiceRegistration sockJsServiceRegistration; private SockJsServiceRegistration sockJsServiceRegistration;
@ -94,6 +96,15 @@ public abstract class AbstractWebSocketHandlerRegistration<M> implements WebSock
return this; return this;
} }
@Override
public WebSocketHandlerRegistration setAllowedOriginPatterns(String... allowedOriginPatterns) {
this.allowedOriginPatterns.clear();
if (!ObjectUtils.isEmpty(allowedOriginPatterns)) {
this.allowedOriginPatterns.addAll(Arrays.asList(allowedOriginPatterns));
}
return this;
}
@Override @Override
public SockJsServiceRegistration withSockJS() { public SockJsServiceRegistration withSockJS() {
this.sockJsServiceRegistration = new SockJsServiceRegistration(); this.sockJsServiceRegistration = new SockJsServiceRegistration();
@ -108,13 +119,21 @@ public abstract class AbstractWebSocketHandlerRegistration<M> implements WebSock
if (!this.allowedOrigins.isEmpty()) { if (!this.allowedOrigins.isEmpty()) {
this.sockJsServiceRegistration.setAllowedOrigins(StringUtils.toStringArray(this.allowedOrigins)); this.sockJsServiceRegistration.setAllowedOrigins(StringUtils.toStringArray(this.allowedOrigins));
} }
if (!this.allowedOriginPatterns.isEmpty()) {
this.sockJsServiceRegistration.setAllowedOriginPatterns(
StringUtils.toStringArray(this.allowedOriginPatterns));
}
return this.sockJsServiceRegistration; return this.sockJsServiceRegistration;
} }
protected HandshakeInterceptor[] getInterceptors() { protected HandshakeInterceptor[] getInterceptors() {
List<HandshakeInterceptor> interceptors = new ArrayList<>(this.interceptors.size() + 1); List<HandshakeInterceptor> interceptors = new ArrayList<>(this.interceptors.size() + 1);
interceptors.addAll(this.interceptors); interceptors.addAll(this.interceptors);
interceptors.add(new OriginHandshakeInterceptor(this.allowedOrigins)); OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(this.allowedOrigins);
if (!ObjectUtils.isEmpty(this.allowedOriginPatterns)) {
interceptor.setAllowedOriginPatterns(this.allowedOriginPatterns);
}
interceptors.add(interceptor);
return interceptors.toArray(new HandshakeInterceptor[0]); return interceptors.toArray(new HandshakeInterceptor[0]);
} }

11
spring-websocket/src/main/java/org/springframework/web/socket/config/annotation/WebSocketHandlerRegistration.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2018 the original author or authors. * Copyright 2002-2021 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -63,6 +63,15 @@ public interface WebSocketHandlerRegistration {
*/ */
WebSocketHandlerRegistration setAllowedOrigins(String... origins); WebSocketHandlerRegistration setAllowedOrigins(String... origins);
/**
* A variant of {@link #setAllowedOrigins(String...)} that accepts flexible
* domain patterns, e.g. {@code "https://*.domain1.com"}. Furthermore it
* always sets the {@code Access-Control-Allow-Origin} response header to
* the matched origin and never to {@code "*"}, nor to any other pattern.
* @since 5.3.5
*/
WebSocketHandlerRegistration setAllowedOriginPatterns(String... originPatterns);
/** /**
* Enable SockJS fallback options. * Enable SockJS fallback options.
*/ */

18
spring-websocket/src/test/java/org/springframework/web/socket/config/annotation/WebSocketHandlerRegistrationTests.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2019 the original author or authors. * Copyright 2002-2021 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -115,7 +115,10 @@ public class WebSocketHandlerRegistrationTests {
WebSocketHandler handler = new TextWebSocketHandler(); WebSocketHandler handler = new TextWebSocketHandler();
HttpSessionHandshakeInterceptor interceptor = new HttpSessionHandshakeInterceptor(); HttpSessionHandshakeInterceptor interceptor = new HttpSessionHandshakeInterceptor();
this.registration.addHandler(handler, "/foo").addInterceptors(interceptor).setAllowedOrigins("https://mydomain1.example"); this.registration.addHandler(handler, "/foo")
.addInterceptors(interceptor)
.setAllowedOrigins("https://mydomain1.example")
.setAllowedOriginPatterns("https://*.abc.com");
List<Mapping> mappings = this.registration.getMappings(); List<Mapping> mappings = this.registration.getMappings();
assertThat(mappings.size()).isEqualTo(1); assertThat(mappings.size()).isEqualTo(1);
@ -126,7 +129,10 @@ public class WebSocketHandlerRegistrationTests {
assertThat(mapping.interceptors).isNotNull(); assertThat(mapping.interceptors).isNotNull();
assertThat(mapping.interceptors.length).isEqualTo(2); assertThat(mapping.interceptors.length).isEqualTo(2);
assertThat(mapping.interceptors[0]).isEqualTo(interceptor); assertThat(mapping.interceptors[0]).isEqualTo(interceptor);
assertThat(mapping.interceptors[1].getClass()).isEqualTo(OriginHandshakeInterceptor.class);
OriginHandshakeInterceptor originInterceptor = (OriginHandshakeInterceptor) mapping.interceptors[1];
assertThat(originInterceptor.getAllowedOrigins()).containsExactly("https://mydomain1.example");
assertThat(originInterceptor.getAllowedOriginPatterns()).containsExactly("https://*.abc.com");
} }
@Test @Test
@ -137,6 +143,7 @@ public class WebSocketHandlerRegistrationTests {
this.registration.addHandler(handler, "/foo") this.registration.addHandler(handler, "/foo")
.addInterceptors(interceptor) .addInterceptors(interceptor)
.setAllowedOrigins("https://mydomain1.example") .setAllowedOrigins("https://mydomain1.example")
.setAllowedOriginPatterns("https://*.abc.com")
.withSockJS(); .withSockJS();
this.registration.getSockJsServiceRegistration().setTaskScheduler(this.taskScheduler); this.registration.getSockJsServiceRegistration().setTaskScheduler(this.taskScheduler);
@ -151,7 +158,10 @@ public class WebSocketHandlerRegistrationTests {
assertThat(mapping.sockJsService.getAllowedOrigins().contains("https://mydomain1.example")).isTrue(); assertThat(mapping.sockJsService.getAllowedOrigins().contains("https://mydomain1.example")).isTrue();
List<HandshakeInterceptor> interceptors = mapping.sockJsService.getHandshakeInterceptors(); List<HandshakeInterceptor> interceptors = mapping.sockJsService.getHandshakeInterceptors();
assertThat(interceptors.get(0)).isEqualTo(interceptor); assertThat(interceptors.get(0)).isEqualTo(interceptor);
assertThat(interceptors.get(1).getClass()).isEqualTo(OriginHandshakeInterceptor.class);
OriginHandshakeInterceptor originInterceptor = (OriginHandshakeInterceptor) interceptors.get(1);
assertThat(originInterceptor.getAllowedOrigins()).containsExactly("https://mydomain1.example");
assertThat(originInterceptor.getAllowedOriginPatterns()).containsExactly("https://*.abc.com");
} }
@Test @Test