Commit Graph

214 Commits

Author SHA1 Message Date
Rossen Stoyanchev
3eb54cc0b3 Avoid duplicates from <websocket:decorator-factory>
Before this change <websocket:decorator-factory> decorated to
the SubProtocolWebSocketHandler RootBeanDefinition rather than
using a RuntimeBeanReference, which led to a separate instance
of SubProtocolWebSocketHandler to be created.

Issue: SPR-13190
2015-07-06 07:52:12 -04:00
Rossen Stoyanchev
b44044e36f Allow "ws" and "wss" for isValidCorsOrigin checks
Issue: SPR-12956
2015-05-04 11:02:55 -04:00
Brian Clozel
e2a55ced50 Fix client-library-url ignored in MVC namespace
Prior to this commit, the `client-library-url` XML attribute was not
effective in the MVC namespace, leaving the default value configured:

```xml
<websocket:sockjs client-library-url="/js/sockjs.js" />
```

This commit fixes the sockjs namespace handler and makes sure that this
attribute is configured on the `SockJsService` Bean to be created.

Issue: SPR-12874
2015-04-01 15:38:33 +02:00
Rossen Stoyanchev
f1e406c63b Fix handling of empty payload Pong message on Jetty
Issue: SPR-12727
2015-02-18 12:27:13 -05:00
Sebastien Deleuze
23fa37b08b Change SockJS and Websocket default allowedOrigins to same origin
This commit adds support for a same origin check that compares
Origin header to Host header. It also changes the default setting
from all origins allowed to only same origin allowed.

Issues: SPR-12697, SPR-12685
(cherry picked from commit 6062e15)
2015-02-18 17:26:55 +01:00
Sebastien Deleuze
cc78d40c6b Fix SockJS origin check
This commit introduces the following changes:
 - Requests without Origin header are not rejected anymore
 - Disable Iframe when allowedOrigins is not empty and not equals to *
 - The Iframe is not cached anymore in order to have a reliable origin check
 - allowedOrigins must not be null or empty
 - allowedOrigins format is now validated (should be * or start by http(s)://)

Issue: SPR-12660
(cherry picked from commit 9b3319b)
2015-02-18 17:26:44 +01:00
Rossen Stoyanchev
51367dec05 Refine condition to send WebSocket binary messages
The following two refinements have been added:
1) SockJS doesn't support binary messages so don't even try
2) don't bother if payload.length == 0

Issue: SPR-12475
2014-12-29 15:13:09 -05:00
Rossen Stoyanchev
b796c1e87e Synchronize message sending
Issue: SPR-12516
2014-12-07 16:10:40 -05:00
Rossen Stoyanchev
dc5b5ca8ee Check the user of a SockJS request
Issue: SPR-12497
2014-12-02 12:13:35 -05:00
Brian Clozel
1fff631daa Fix SubProtocolHandler duplicate registration
Prior to this change, duplicate SubProtocolHandlers could be registered
when configuring STOMP with several registrations:

    public void registerStompEndpoints
          (final StompEndpointRegistry registry) {
      this.endpointRegistry.addEndpoint("/stompOverWebSocket");
      this.endpointRegistry.addEndpoint("/stompOverSockJS").withSockJS();
    }

This commit registers sub-protocols in a Set instead of a list (see
SubProtocolWebSocketHandler), thus fixing the issue.

Issue: SPR-12403
2014-11-03 14:25:27 +01:00
Sam Brannen
14f4d34fdb Clean up warnings in spring-websocket 2014-11-01 16:11:57 +01:00
Rossen Stoyanchev
38ef6dec50 Fix test issue with Set iteration order 2014-10-29 17:23:04 -04:00
Rossen Stoyanchev
8f21c85511 Explicitly close Spring context in WS integration test 2014-10-28 22:10:49 -04:00
Rossen Stoyanchev
8c727be4e1 Close Spring context in SockJS integration test setup 2014-10-28 17:51:15 -04:00
Rossen Stoyanchev
da612d079f Replace "if(" with "if (" 2014-10-27 09:04:23 -04:00
Sebastien Deleuze
58f4014b17 Add an option to disable automatic addition of CORS header
Issues: SPR-12283
2014-10-26 21:20:53 +01:00
Sebastien Deleuze
743356fa21 Add an option to set an Origin whitelist for Websocket and SockJS
This commit introduces a new OriginHandshakeInterceptor. It filters
Origin header value against a list of allowed origins.

AbstractSockJsService as been modified to:
 - Reject CORS requests with forbidden origins
 - Disable transport types that does not support CORS when an origin
   check is required
 - Use the Origin request header value instead of "*" for
   Access-Control-Allow-Origin response header value
   (mandatory when  Access-Control-Allow-Credentials=true)
 - Return CORS header only if the request contains an Origin header

It is possible to configure easily this behavior thanks to JavaConfig API
WebSocketHandlerRegistration#addAllowedOrigins(String...) and
StompWebSocketEndpointRegistration#addAllowedOrigins(String...).
It is also possible to configure it using the websocket XML namespace.

Please notice that this commit does not change the default behavior:
cross origin requests are still enabled by default.

Issues: SPR-12226
2014-10-26 21:18:04 +01:00
Rossen Stoyanchev
687955a704 Add ImmutableMessageChannelInterceptor
This change adds a ChannelInterceptor that flips the immutable flag on
messages being sent. This allows components sending messages to leave
the message mutable for interceptors to further apply modifications
before the message is sent (and exposed to concurrency).

The interceptor is automatically added with the STOMP/WebSocket Java
and XML config and the StompSubProtocolHandler leaves parsed incoming
messages mutable so they can be further modified before being sent.

Issue: SPR-12321
2014-10-23 15:25:51 -04:00
Juergen Hoeller
8325b10080 Consistent formatting of license headers, package javadocs, and import declarations 2014-10-21 01:44:07 +02:00
Juergen Hoeller
10328f1c22 Reimplemented ServerEndpointExporter to avoid BeanPostProcessor role
Issue: SPR-12340
2014-10-20 17:41:14 +02:00
Rossen Stoyanchev
3056301015 Improve HttpSessionHandshakeInterceptor
Use explicit flag whether to copy all attributes.
2014-10-14 09:29:06 -04:00
Sam Brannen
2f54b273a5 Delete unused imports in spring-websocket module 2014-10-13 20:37:08 +02:00
Rossen Stoyanchev
97596fb9f6 Allow plugging in a WebSocketHandlerDecorator
The WebSocketMessageBroker config now allows wrapping the
SubProtocolWebSocketHandler to enable advanced use cases that may
require access to the underlying WebSocketSession.

Issue: SPR-12314
2014-10-13 09:35:51 -04:00
Rossen Stoyanchev
f0323be786 Add option to copy HTTP session id to handshake attrs
Issue: SPR-12314
2014-10-10 15:21:04 -04:00
Brian Clozel
4cf19df462 SockJs client: add an XhrTransport for Undertow
This change adds a new XhrTransport for the SockJs client
implementation. This transport is based on `UndertowClient`,
Undertow's HTTP client.

Note that this transport can be customized with an OptionMap that is
used by the Xnio worker backing the I/O communications (see
http://xnio.jboss.org).

Implementation tested with undertow 1.0.36, 1.1.0.RC3, 1.2.0.Beta1.

Issue: SPR-12008
2014-10-08 16:52:40 +02:00
Brian Clozel
2a39081819 Add Vary:Origin HTTP header in SockJS responses
This change adds a "Vary: Origin" HTTP response header for /info and
/iframe SockJS endpoints.
This is preventing proxies and browsers from caching a response and
reusing it for an invalid Origin.

Reference: https://groups.google.com/forum/#!topic/sockjs/svsLWRorSis

Issue: SPR-12310
2014-10-08 16:37:50 +02:00
Juergen Hoeller
da14aeea7a TextMessage.toString() does not throw StringIndexOutOfBoundsException for payload with multibyte characters
Issue: SPR-12307
2014-10-07 13:35:38 +02:00
Juergen Hoeller
7f9baa3a09 Polishing 2014-09-26 22:38:41 +02:00
Brian Clozel
a6e1c53f23 Update default SockJS CDN location
This commit updates the default location of the SockJS' client library.
The previous location is being retired by the project maintainers.

The new default location is backed by several CDN providers:
* https://cdn.jsdelivr.net/sockjs/0.3.4/sockjs.min.js

See sockjs/sockjs-client#198

Issue: SPR-12254
2014-09-26 21:42:08 +02:00
Rossen Stoyanchev
371d93b346 Detect unsent DISCONNECT messages
This change uses a ChannelInterceptor (inserted at index 0) to detect
when a DISCONNECT message is precluded from being sent on the
clientInboundChannel. This can happen if another interceptor allows
a runtime exception out from preSend or returns false.

It is crucial for such messages to be processed, so when detected
they're processed still.

Issue: SPR-12218
2014-09-25 23:22:12 -04:00
Rossen Stoyanchev
237b50a9c8 Allow configuring custom argument types
The WebSocket messaging namespace now exposes configuration options for
custom argument resolvers and return value handlers.

Issue: SPR-12217
2014-09-19 16:47:39 -04:00
Rossen Stoyanchev
4af9851585 Add user to DISCONNECT in StompSubProtocolHandler
Issue: SPR-12215
2014-09-18 15:06:08 -04:00
Juergen Hoeller
20c2ba35dc Polishing 2014-09-04 00:55:38 +02:00
Rossen Stoyanchev
2a0765e76d Allow setting SockJsMessageCodec in WebSocket config
Issue: SPR-12091
2014-08-25 15:19:50 -04:00
Juergen Hoeller
11805b6a5d ServerEndpointExporter can initialize itself based on a late-provided ServletContext as well (for Boot)
Also allows for direct setting of a ServerContainer and for custom triggering of endpoint registration.

Issue: SPR-12109
2014-08-21 18:40:35 +02:00
Phillip Webb
ac8326d2df Polish mockito usage
Consistent use of BDDMockito rather than standard Mockito.
2014-08-11 16:23:11 -07:00
Stephane Nicoll
3da68cfe21 Remove unused imports 2014-08-04 14:13:40 +02:00
Rossen Stoyanchev
8751936b12 Fix issue with sub-protocol negotiation and SockJS
Before this change the SockJsWebSocketHandler precluded determination
of the sub-protocols by wrapping the actual target handler.

After this change SockJsWebSocketHandler implements SubProtocolCapable
and returns the list of sub-protocols from the wrapped handler.
2014-07-31 10:33:11 -04:00
Rossen Stoyanchev
c68b4c01e1 Polish SockJsClient 2014-07-30 15:29:46 -04:00
Rossen Stoyanchev
ba952ca331 Fix test condition 2014-07-30 09:02:23 -04:00
Rossen Stoyanchev
e74ac06733 Filter WebSocket extensions
Before this change the DefaultHandshakeHandler by default passed the
list of requested WebSocket extensions as-is relying on the WebSocket
engine to remove those not supported.

This change ensures that WebSocket extensions not supported by the
runtime are proactively removed instead.

This change is preparation for SPR-11094.
2014-07-24 09:58:22 -04:00
Rossen Stoyanchev
988499f7dc Remove awaitCloseStatus in SockJS integration tests
A CloseStatus may not be received if the connection is closed while
the client is between XHR polling requests.
2014-07-22 13:40:02 -04:00
Rossen Stoyanchev
90f8e4b71f Add @Ignored temporarily to Jetty SockJS tests 2014-07-18 00:45:14 -04:00
Rossen Stoyanchev
89b202029a Fix failing test 2014-07-15 22:59:25 -04:00
Rossen Stoyanchev
d86e4cf203 Re-obtain port on every WebSocket integration test
This change adds a WebSocketTestServer setup method that initializes
the server and obtains a new port.

In turn AbstractWebSocketIntegrationTests invokes the new method from
its setup method thus ensuring a new port is used on every test.
2014-07-15 16:53:38 -04:00
Rossen Stoyanchev
ea7ae8949e Use regex comparison in WebSocket stats test
The output includes thread pool information which appears to not vary
enough to cause failures locally but does so on the build server.
2014-07-15 16:53:38 -04:00
Rossen Stoyanchev
4dd5c274a0 Add missing HandshakeInterceptor for STOMP endpoints
Issue: SPR-11845
2014-07-15 13:31:30 -04:00
Rossen Stoyanchev
6d6cc0ecec Polish WebSocket Java config 2014-07-15 13:31:30 -04:00
Rossen Stoyanchev
85c175059a Add missing handshake-interceptor namespace support
Issue: SPR-11845
2014-07-15 13:31:29 -04:00
Rossen Stoyanchev
6557800f97 Polish WebSocket namespace 2014-07-15 13:31:29 -04:00