Class WebSocketConnectionOriginFilter
java.lang.Object
org.apache.wicket.protocol.ws.api.WebSocketConnectionOriginFilter
- All Implemented Interfaces:
IWebSocketConnectionFilter
This filter will reject those requests which contain 'Origin' header that does not match the origin of the
application host. This kind of extended security might be necessary if the application needs to enforce the
Same Origin Policy which is not provided by the HTML5 WebSocket protocol.
- Author:
- Gergely Nagy
- See Also:
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final String
Explanatory text for the client to explain why the connection is getting abortedstatic final int
Error code 1008 indicates that an endpoint is terminating the connection because it has received a message that violates its policy. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptiondoFilter
(jakarta.servlet.http.HttpServletRequest servletRequest) Method for rejecting connections based on the current requestThe list of whitelisted domains which are allowed to initiate a websocket connection.void
setAllowedDomains
(Iterable<String> domains) The list of whitelisted domains which are allowed to initiate a websocket connection.
-
Field Details
-
POLICY_VIOLATION_ERROR_CODE
Error code 1008 indicates that an endpoint is terminating the connection because it has received a message that violates its policy. This is a generic status code that can be returned when there is no other more suitable status code (e.g., 1003 or 1009) or if there is a need to hide specific details about the policy.- See Also:
-
ORIGIN_MISMATCH
Explanatory text for the client to explain why the connection is getting aborted- See Also:
-
-
Constructor Details
-
WebSocketConnectionOriginFilter
-
-
Method Details
-
doFilter
Description copied from interface:IWebSocketConnectionFilter
Method for rejecting connections based on the current request- Specified by:
doFilter
in interfaceIWebSocketConnectionFilter
- Parameters:
servletRequest
- The servlet request holding the request headers
-
setAllowedDomains
The list of whitelisted domains which are allowed to initiate a websocket connection. This list will be eventually used by theIWebSocketConnectionFilter
to abort potentially unsafe connections. Example domain names might be:http://www.example.com http://ww2.example.com
- Parameters:
domains
- The collection of domains
-
getAllowedDomains
The list of whitelisted domains which are allowed to initiate a websocket connection. This list will be eventually used by theIWebSocketConnectionFilter
to abort potentially unsafe connections
-