Commit Graph

268 Commits

Author SHA1 Message Date
Juergen Hoeller
85675fbe2e Consistent SmartLifecycle implementations
Issue: SPR-14233
(cherry picked from commit f83cbff)
2016-05-02 14:07:32 +02:00
Rossen Stoyanchev
f053cdec51 Improve close in ConcurrentWebSocketSessionDecorator
Before this commit the concurrent session wrapper mainly protected the
sending of messages. The close itself however may also cause a message
to be sent as is the case of the SockJS protocol.

This change protects the close and checks if the session has exceeded
send time or buffer limits in which case the close status is changed
to SESSION_NOT_RELIABLE (introduced in commit cbd5af3a) which in turn
signals that extra care should be exercised when closing the session.

Issue: SPR-13904
2016-02-04 17:22:36 -05:00
Rossen Stoyanchev
33112df237 Fix second failing test 2016-01-20 23:13:34 -05:00
Juergen Hoeller
9973694ed2 Polishing 2015-12-04 20:43:20 +01:00
Juergen Hoeller
3d1ae9c604 Efficient and consistent setAllowedOrigins collection type
Issue: SPR-13761
2015-12-04 16:21:53 +01:00
Rossen Stoyanchev
f5e681e6e6 lastSessionCheckTime updated after session check
Issue: SPR-13745
2015-12-02 15:07:52 -05:00
Rossen Stoyanchev
2bd1daa75e Protect against RFD exploits
Issue: SPR-13548
2015-10-15 10:33:27 +02:00
Juergen Hoeller
966f95b9b5 Revised TransportHandlingSockJsService for defensive transport checking and consistent logging
Issue: SPR-13545
2015-10-07 13:25:52 +02:00
Sebastien Deleuze
299b7766fe Allow same-origin WebSocket/SockJS requests once origin is set
Issue: SPR-13464
2015-09-21 17:08:58 +02:00
Brian Clozel
42588cb03e Prepare Undertow 1.3.0 compatibility
Xnio 3.4.0 will introduce a new source of ByteBuffers: ByteBufferPool.
Previously this feature was offered by Pooled/Pool/ByteBufferSlicePool;
those classes are now marked as deprecated.

As of 1.3.0.Beta9, Undertow still implements the following method in its
ClientConnection interface, using those deprecated types:

    Pool<ByteBuffer> getBufferPool();

This commit prepares compatibility by suppressing warnings in order to
avoid build failures in our build. Once appropriate changes are made in
Undertow, a specific implementation with new types could be introduced.

Issue: SPR-13366
2015-08-26 14:33:25 +02:00
Sam Brannen
2df3646e90 Let Jetty pick its own available port
In an attempt to make our Jetty-based integration tests more robust,
this commit discontinues use of SocketUtils for picking a random,
available port and instead lets the Jetty Server pick its own port.
2015-08-22 18:58:55 +02:00
Sam Brannen
914ba483b2 Clean up warnings in spring-websocket 2015-08-22 15:15:42 +02:00
Sam Brannen
732a655f82 Reinstate performance test group assumption in SockJS tests 2015-08-22 15:02:18 +02:00
Rossen Stoyanchev
27899abcb6 Publish events only after successful channel send
The StompSubProtcolHandler now checks the outcome of the send to the
inbound client channel. If the message was prevented from being sent,
e.g. as part of authorization, events are not published

Issue: SPR-13339
2015-08-21 10:46:54 -04:00
Sam Brannen
1d3da12204 Clean up warnings 2015-08-15 21:30:32 +02:00
Sam Brannen
c572d0c469 Increase timeout in StompWebSocketIntegrationTests
... with hope of reducing the fragility of these tests on the CI server.
2015-08-15 21:30:17 +02:00
Juergen Hoeller
b1d6ae77e1 Polishing 2015-07-30 00:08:36 +02:00
Rossen Stoyanchev
b7bdd724b2 Simplify use of headers for SockJsClient requests
Before this change, XhrTransport implementations had to be configured
with the headers to use for HTTP requests other than the initial
handshake.

After this change the handshake headers passed to SockJsClient by
default are used for all other HTTP requests related to the SockJS
connection (e.g. info request, xhr send/receive). A property on
SockJsClient allows restricting the headers to use for other HTTP
requests to a subset of the handshake headers.

Issue: SPR-13254
2015-07-28 14:22:33 -04:00
Rossen Stoyanchev
9f557cf930 Polish SockJS client 2015-07-28 14:22:33 -04:00
Sam Brannen
24ff4f56e1 Introduce logging in TomcatWebSocketTestServer
This commit replaces calls to System.out.println() with explicit logging.
2015-07-20 17:03:44 +02:00
Rossen Stoyanchev
05f163b37d Avoid duplicates from <websocket:decorator-factory>
Before this change <websocket:decorator-factory> decorated to
the SubProtocolWebSocketHandler RootBeanDefinition rather than
using a RuntimeBeanReference, which led to a separate instance
of SubProtocolWebSocketHandler to be created.

Issue: SPR-13190
2015-07-02 16:09:39 -04:00
Sebastien Deleuze
79c7e30832 Fix SockJsServiceTests
Issue: SPR-12422
2015-07-02 16:35:32 +02:00
Sam Brannen
e8c8d2a6ad Refactor WebSocket int. tests to work w/ Jetty 9.3
Recent builds of Jetty 9.3 require that Jetty's own ServletContext
implementation be supplied to WebSocketServerFactory's init() method.
Otherwise, the Jetty server will fail to start with the exception
message: "Not running on Jetty, WebSocket support unavailable".

This commit refactors AbstractWebSocketIntegrationTests,
AbstractSockJsIntegrationTests, and all WebSocketTestServer
implementations in order to support this new requirement.

Specifically:

- WebSocketTestServer defines a new getServletContext() method;
  TomcatWebSocketTestServer, UndertowTestServer, and
  JettyWebSocketTestServer have all been updated to return the
  ServletContext created by the embedded server.

- The setup() methods in AbstractWebSocketIntegrationTests and
  AbstractSockJsIntegrationTests have been updated so that the
  WebApplicationContext is supplied the appropriate ServletContext,
  after deployConfig() has been invoked on the WebSocketTestServer but
  before the WebApplicationContext is refreshed.

Issue: SPR-13162
2015-06-24 20:16:25 +02:00
Rossen Stoyanchev
8b50750511 Fix failure in performance build
The JettySockJsIntegrationTests are enabled in the performance build
only. Following the upgrade to Jetty 9.3 where the
JettyRequestUpgradeStrategy is now Lifecycle as wel as
ServletContextAware, we need to make sure the ApplicationContext
refresh occurs after the ServletContext has been set. This change
removes the explicit .refresh() call in the test setup and instead
relies on the DispatcherServlet to do that, which ensures that the
ServletContext with which it is initialized by Jetty has been set
on the ApplicationContext before that.
2015-06-24 10:46:45 -04:00
Rossen Stoyanchev
e083683f4f Update WebSocket support for Jetty 9.3
Issue: SPR-13140
2015-06-22 22:30:44 -04:00
Rossen Stoyanchev
d1cc8bac5c Add config option for StompSubProtocolErrorHandler
Issue: SPR-13142
2015-06-22 22:30:44 -04:00
Rossen Stoyanchev
c48e8708a7 Fix NPE in DefaultSimpUserRegistry 2015-05-22 13:44:09 -04:00
Rossen Stoyanchev
92bd7bba50 Restore userSessionRegistry field in StompSubProtocolHandler
This change ensures that the deprecated UserSessionRegistry is still
used if configured.
2015-05-22 13:44:09 -04:00
Stephane Nicoll
cf391f5ce1 polish
Remove unused imports
2015-05-19 08:49:01 +02:00
Rossen Stoyanchev
696a010e81 Add SubProtocolErrorHandler
Issue: SPR-12732
2015-05-15 18:18:05 -04:00
Rossen Stoyanchev
281588d7bb Add SimpUserRegistry with multi-server support
This change introduces SimpUserRegistry exposing an API to access
information about connected users, their sessions, and subscriptions
with STOMP/WebSocket messaging. Provides are methods to access users
as well as a method to find subscriptions given a Matcher strategy.

The DefaultSimpUserRegistry implementation is also a
SmartApplicationListener which listesn for ApplicationContext events
when users connect, disconnect, subscribe, and unsubscribe to
destinations.

The MultiServerUserRegistry implementation is a composite that
aggregates user information from the local SimpUserRegistry as well
as snapshots of user  on remote application servers.

UserRegistryMessageHandler is used with MultiServerUserRegistry. It
broadcats user registry information through the broker and listens
for similar broadcasts from other servers. This must be enabled
explicitly when configuring the STOMP broker relay.

The existing UserSessionRegistry which was primiarly used internally
to resolve a user name to session id's has been deprecated and is no
longer used. If an application configures a custom UserSessionRegistr
still, it will be adapted accordingly to SimpUserRegistry but the
effect is rather limited (comparable to pre-existing functionality)
and will not work in multi-server scenarios.

Issue: SPR-12029
2015-05-12 15:29:12 -04:00
Brian Clozel
4b07bc39da Always set heart-beat header in STOMP CONNECTED frames
Since SPR-10954, the SimpleBrokerMessageHandler supports `heart-beats`.

Even if the STOMP spec states that the `heart-beat` header is OPTIONAL,
and if absent considered as `heart-beat: 0,0`,
some clients rely on this to be set in CONNECTED frames.

This commit adds this header information even if no task
scheduler/heart-beat have been configured.

See: https://stomp.github.io/stomp-specification-1.2.html#Heart-beating

Issue: SPR-10954
2015-05-05 16:09:42 +02:00
Sam Brannen
572cbb0821 Consistently supply test name to @Parameters 2015-05-05 14:07:00 +02:00
Sebastien Deleuze
83f269b512 Make DefaultCorsProcessor Servlet 2.5 compliant
This commit adds CORS related headers to HttpHeaders
and update DefaultCorsProcessor implementation to
use ServerHttpRequest and ServerHttpResponse instead
of HttpServletRequest and HttpServletResponse. Usage
of ServerHttpResponse allows to avoid using Servlet 3.0
specific methods in order keep CORS support Servlet 2.5
compliant.

Issue: SPR-12885
2015-05-05 09:31:41 +02:00
Rossen Stoyanchev
68ecb92d1f Allow "ws" and "wss" for isValidCorsOrigin checks
Issue: SPR-12956
2015-05-04 06:08:25 -04:00
Rossen Stoyanchev
222f6998e4 Add userProperties to StandardWebSocketClient
Issue: SPR-12955
2015-05-04 06:08:25 -04:00
Rossen Stoyanchev
c29eae3307 Support user destinations with multiple app servers
This change adds support for broadcasting messages with unresolved
user destinations so that other servers can try to resolve it.
That enables sending messages to users who may be connected to a
different server.

Issue: SPR-11620
2015-04-17 11:55:44 -04:00
Rossen Stoyanchev
a3df66931f Add path-helper attribute for websocket namespace
Issue: SPR-11771
2015-04-13 22:39:50 -04:00
Rossen Stoyanchev
de9675bf5a Support heartbeat in SimpleBrokerMessageHandler
Issue: SPR-10954
2015-04-06 16:57:23 -04:00
Sebastien Deleuze
b0e1e66b7f Add CORS support
This commit introduces support for CORS in Spring Framework.

Cross-origin resource sharing (CORS) is a mechanism that allows
many resources (e.g. fonts, JavaScript, etc.) on a web page to
be requested from another domain outside the domain from which
the resource originated. It is defined by the CORS W3C
recommandation (http://www.w3.org/TR/cors/).

A new annotation @CrossOrigin allows to enable CORS support
on Controller type or method level. By default all origins
("*") are allowed.

@RestController
public class SampleController {

	@CrossOrigin
	@RequestMapping("/foo")
	public String foo() {
		// ...
	}
}

Various @CrossOrigin attributes allow to customize the CORS configuration.

@RestController
public class SampleController {

	@CrossOrigin(origin = { "http://site1.com", "http://site2.com" },
				 allowedHeaders = { "header1", "header2" },
				 exposedHeaders = { "header1", "header2" },
				 method = RequestMethod.DELETE,
				 maxAge = 123, allowCredentials = "true")
	@RequestMapping(value = "/foo", method = { RequestMethod.GET, RequestMethod.POST} )
	public String foo() {
		// ...
	}
}

A CorsConfigurationSource interface can be implemented by HTTP request
handlers that want to support CORS by providing a CorsConfiguration
that will be detected at AbstractHandlerMapping level. See for
example ResourceHttpRequestHandler that implements this interface.

Global CORS configuration should be supported through ControllerAdvice
(with type level @CrossOrigin annotated class or class implementing
CorsConfigurationSource), or with XML namespace and JavaConfig
configuration, but this is not implemented yet.

Issue: SPR-9278
2015-04-02 16:12:11 +02:00
Brian Clozel
100d75da26 Fix client-library-url ignored in MVC namespace
Prior to this commit, the `client-library-url` XML attribute was not
effective in the MVC namespace, leaving the default value configured:

```xml
<websocket:sockjs client-library-url="/js/sockjs.js" />
```

This commit fixes the sockjs namespace handler and makes sure that this
attribute is configured on the `SockJsService` Bean to be created.

Issue: SPR-12874
2015-04-01 14:44:12 +02:00
Rossen Stoyanchev
0c9cd4cc32 SubProtocolWebSocketHandler checks if session is open
Issue: SPR-12812
2015-03-20 17:45:27 -04:00
Rossen Stoyanchev
41e437066e Support @MessageExceptionHandler w/ @ControllerAdvice
This change adds support for global @MessageExceptionHandler methods
with STOMP over WebSocket messages. Such methods can be added to
@ControllerAdvice annotated components, much like @ExceptionHandler
methods for Spring MVC.

Issue: SPR-12696
2015-03-19 14:21:24 -04:00
Sam Brannen
8ee0e98540 Ensure WebSocketStompClientTests compiles in Gradle build as well 2015-03-17 18:47:24 +01:00
Sam Brannen
9930a8715f Clean up & suppress warnings in spring-messaging 2015-03-17 17:58:32 +01:00
Sam Brannen
03739c25d3 Ensure WebSocketStompClientTests compiles in STS 3.6.4 2015-03-17 17:46:46 +01:00
Rossen Stoyanchev
d30b3eaf55 Add STOMP client
WebSocketStompClient can be used with any implementation of
org.springframework.web.socket.client.WebSocketClient, which includes
org.springframework.web.socket.sockjs.client.SockJsClient.

Reactor11TcpStompClient can be used with reactor-net and provides STOMP
over TCP. It's also possible to adapt other WebSocket and TCP client
libraries (see StompClientSupport for more details).

For example usage see WebSocketStompClientIntegrationTests.

Issue: SPR-11588
2015-03-12 21:48:29 -04:00
Rossen Stoyanchev
1f990c3df6 Fix handling of empty payload Pong message on Jetty
Issue: SPR-12727
2015-02-18 11:36:22 -05:00
Sebastien Deleuze
6062e15572 Change SockJS and Websocket default allowedOrigins to same origin
This commit adds support for a same origin check that compares
Origin header to Host header. It also changes the default setting
from all origins allowed to only same origin allowed.

Issues: SPR-12697, SPR-12685
2015-02-18 09:30:15 +01:00
Stephane Nicoll
f0fca890bb Annotation-based event listeners
Add support for annotation-based event listeners. Enabled automatically
when using Java configuration or can be enabled explicitly via the
regular <context:annotation-driven/> XML element. Detect methods of
managed beans annotated with @EventListener, either directly or through
a meta-annotation.

Annotated methods must define the event type they listen to as a single
parameter argument. Events are automatically filtered out according to
the method signature. When additional runtime filtering is required, one
can specify the `condition` attribute of the annotation that defines a
SpEL expression that should match to actually invoke the method for a
particular event. The root context exposes the actual `event`
(`#root.event`) and method arguments (`#root.args`). Individual method
arguments are also exposed via either the `a` or `p` alias (`#a0` refers
to the first method argument). Finally, methods arguments are exposed via
their names if that information can be discovered.

Events can be either an ApplicationEvent or any arbitrary payload. Such
payload is wrapped automatically in a PayloadApplicationEvent and managed
explicitly internally. As a result, users can now publish and listen
for arbitrary objects.

If an annotated method has a return value, an non null result is actually
published as a new event, something like:

@EventListener
public FooEvent handle(BarEvent event) { ... }

Events can be handled in an aynchronous manner by adding `@Async` to the
event method declaration and enabling such infrastructure. Events can
also be ordered by adding an `@Order` annotation to the event method.

Issue: SPR-11622
2015-02-10 09:13:02 +01:00