Search in sources :

Example 1 with CsrfTokenHandshakeInterceptor

use of org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor in project spring-security by spring-projects.

the class AbstractSecurityWebSocketMessageBrokerConfigurer method afterSingletonsInstantiated.

public void afterSingletonsInstantiated() {
    if (sameOriginDisabled()) {
        return;
    }
    String beanName = "stompWebSocketHandlerMapping";
    SimpleUrlHandlerMapping mapping = context.getBean(beanName, SimpleUrlHandlerMapping.class);
    Map<String, Object> mappings = mapping.getHandlerMap();
    for (Object object : mappings.values()) {
        if (object instanceof SockJsHttpRequestHandler) {
            SockJsHttpRequestHandler sockjsHandler = (SockJsHttpRequestHandler) object;
            SockJsService sockJsService = sockjsHandler.getSockJsService();
            if (!(sockJsService instanceof TransportHandlingSockJsService)) {
                throw new IllegalStateException("sockJsService must be instance of TransportHandlingSockJsService got " + sockJsService);
            }
            TransportHandlingSockJsService transportHandlingSockJsService = (TransportHandlingSockJsService) sockJsService;
            List<HandshakeInterceptor> handshakeInterceptors = transportHandlingSockJsService.getHandshakeInterceptors();
            List<HandshakeInterceptor> interceptorsToSet = new ArrayList<HandshakeInterceptor>(handshakeInterceptors.size() + 1);
            interceptorsToSet.add(new CsrfTokenHandshakeInterceptor());
            interceptorsToSet.addAll(handshakeInterceptors);
            transportHandlingSockJsService.setHandshakeInterceptors(interceptorsToSet);
        } else if (object instanceof WebSocketHttpRequestHandler) {
            WebSocketHttpRequestHandler handler = (WebSocketHttpRequestHandler) object;
            List<HandshakeInterceptor> handshakeInterceptors = handler.getHandshakeInterceptors();
            List<HandshakeInterceptor> interceptorsToSet = new ArrayList<HandshakeInterceptor>(handshakeInterceptors.size() + 1);
            interceptorsToSet.add(new CsrfTokenHandshakeInterceptor());
            interceptorsToSet.addAll(handshakeInterceptors);
            handler.setHandshakeInterceptors(interceptorsToSet);
        } else {
            throw new IllegalStateException("Bean " + beanName + " is expected to contain mappings to either a SockJsHttpRequestHandler or a WebSocketHttpRequestHandler but got " + object);
        }
    }
    if (inboundRegistry.containsMapping() && !inboundRegistry.isSimpDestPathMatcherConfigured()) {
        PathMatcher pathMatcher = getDefaultPathMatcher();
        inboundRegistry.simpDestPathMatcher(pathMatcher);
    }
}
Also used : CsrfTokenHandshakeInterceptor(org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor) TransportHandlingSockJsService(org.springframework.web.socket.sockjs.transport.TransportHandlingSockJsService) ArrayList(java.util.ArrayList) HandshakeInterceptor(org.springframework.web.socket.server.HandshakeInterceptor) CsrfTokenHandshakeInterceptor(org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor) SimpleUrlHandlerMapping(org.springframework.web.servlet.handler.SimpleUrlHandlerMapping) WebSocketHttpRequestHandler(org.springframework.web.socket.server.support.WebSocketHttpRequestHandler) SockJsHttpRequestHandler(org.springframework.web.socket.sockjs.support.SockJsHttpRequestHandler) AntPathMatcher(org.springframework.util.AntPathMatcher) PathMatcher(org.springframework.util.PathMatcher) TransportHandlingSockJsService(org.springframework.web.socket.sockjs.transport.TransportHandlingSockJsService) SockJsService(org.springframework.web.socket.sockjs.SockJsService) ArrayList(java.util.ArrayList) List(java.util.List)

Aggregations

ArrayList (java.util.ArrayList)1 List (java.util.List)1 CsrfTokenHandshakeInterceptor (org.springframework.security.messaging.web.socket.server.CsrfTokenHandshakeInterceptor)1 AntPathMatcher (org.springframework.util.AntPathMatcher)1 PathMatcher (org.springframework.util.PathMatcher)1 SimpleUrlHandlerMapping (org.springframework.web.servlet.handler.SimpleUrlHandlerMapping)1 HandshakeInterceptor (org.springframework.web.socket.server.HandshakeInterceptor)1 WebSocketHttpRequestHandler (org.springframework.web.socket.server.support.WebSocketHttpRequestHandler)1 SockJsService (org.springframework.web.socket.sockjs.SockJsService)1 SockJsHttpRequestHandler (org.springframework.web.socket.sockjs.support.SockJsHttpRequestHandler)1 TransportHandlingSockJsService (org.springframework.web.socket.sockjs.transport.TransportHandlingSockJsService)1