root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Allow WebSocket over HTTP CONNECT 

Closes gh-34044
This commit is contained in:
rstoyanchev 2025-02-03 15:28:27 +00:00
parent 1cea1fe962
commit f477c1653d
2 changed files with 16 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
spring-webflux/src/main/java/org/springframework/web/reactive/socket/server/support/HandshakeWebSocketService.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2023 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -22,6 +22,7 @@ import java.security.Principal;
import java.util.Collections; import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set;
import java.util.function.Predicate; import java.util.function.Predicate;
import java.util.stream.Collectors; import java.util.stream.Collectors;
@ -66,6 +67,9 @@ import org.springframework.web.server.ServerWebInputException;
*/ */
public class HandshakeWebSocketService implements WebSocketService, Lifecycle { public class HandshakeWebSocketService implements WebSocketService, Lifecycle {
// For WebSocket upgrades in HTTP/2 (see RFC 8441)
private static final HttpMethod CONNECT_METHOD = HttpMethod.valueOf("CONNECT");
private static final String SEC_WEBSOCKET_KEY = "Sec-WebSocket-Key"; private static final String SEC_WEBSOCKET_KEY = "Sec-WebSocket-Key";
private static final String SEC_WEBSOCKET_PROTOCOL = "Sec-WebSocket-Protocol"; private static final String SEC_WEBSOCKET_PROTOCOL = "Sec-WebSocket-Protocol";
@ -201,9 +205,9 @@ public class HandshakeWebSocketService implements WebSocketService, Lifecycle {
HttpMethod method = request.getMethod(); HttpMethod method = request.getMethod();
HttpHeaders headers = request.getHeaders(); HttpHeaders headers = request.getHeaders();
if (HttpMethod.GET != method) { if (HttpMethod.GET != method && CONNECT_METHOD != method) {
return Mono.error(new MethodNotAllowedException( return Mono.error(new MethodNotAllowedException(
request.getMethod(), Collections.singleton(HttpMethod.GET))); request.getMethod(), Set.of(HttpMethod.GET, CONNECT_METHOD)));
} }
if (!"WebSocket".equalsIgnoreCase(headers.getUpgrade())) { if (!"WebSocket".equalsIgnoreCase(headers.getUpgrade())) {

13
spring-websocket/src/main/java/org/springframework/web/socket/server/support/AbstractHandshakeHandler.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -25,6 +25,7 @@ import java.util.Collections;
import java.util.List; import java.util.List;
import java.util.Locale; import java.util.Locale;
import java.util.Map; import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
@ -77,6 +78,9 @@ import org.springframework.web.socket.server.standard.WebSphereRequestUpgradeStr
*/ */
public abstract class AbstractHandshakeHandler implements HandshakeHandler, Lifecycle { public abstract class AbstractHandshakeHandler implements HandshakeHandler, Lifecycle {
// For WebSocket upgrades in HTTP/2 (see RFC 8441)
private static final HttpMethod CONNECT_METHOD = HttpMethod.valueOf("CONNECT");
private static final boolean tomcatWsPresent; private static final boolean tomcatWsPresent;
private static final boolean jettyWsPresent; private static final boolean jettyWsPresent;
@ -210,11 +214,12 @@ public abstract class AbstractHandshakeHandler implements HandshakeHandler, Life
logger.trace("Processing request " + request.getURI() + " with headers=" + headers); logger.trace("Processing request " + request.getURI() + " with headers=" + headers);
} }
try { try {
if (HttpMethod.GET != request.getMethod()) { HttpMethod httpMethod = request.getMethod();
if (HttpMethod.GET != httpMethod && CONNECT_METHOD != httpMethod) {
response.setStatusCode(HttpStatus.METHOD_NOT_ALLOWED); response.setStatusCode(HttpStatus.METHOD_NOT_ALLOWED);
response.getHeaders().setAllow(Collections.singleton(HttpMethod.GET)); response.getHeaders().setAllow(Set.of(HttpMethod.GET, CONNECT_METHOD));
if (logger.isErrorEnabled()) { if (logger.isErrorEnabled()) {
logger.error("Handshake failed due to unexpected HTTP method: " + request.getMethod()); logger.error("Handshake failed due to unexpected HTTP method: " + httpMethod);
} }
return false; return false;
} }