Package com.oorian

Class OorianWebsocketConfigurator

java.lang.Object
jakarta.websocket.server.ServerEndpointConfig.Configurator
com.oorian.OorianWebsocketConfigurator
public class OorianWebsocketConfigurator extends jakarta.websocket.server.ServerEndpointConfig.Configurator
WebSocket configurator that bridges HTTP sessions with WebSocket connections.

OorianWebsocketConfigurator intercepts the WebSocket handshake to extract the HTTP session and store it in the endpoint configuration. This allows OorianWebsocket to access the user's session data during WebSocket communication.

When allowed origins are configured via Application.addAllowedOrigin(String), this configurator validates the Origin header during the handshake and rejects connections from unauthorized origins to prevent cross-site WebSocket hijacking.

This configurator is referenced in the @ServerEndpoint annotation on OorianWebsocket.

Since:
2020
Version:
1.0
Author:
Marvin P. Warble Jr.
See Also:

  • Constructor Summary

    Constructors
    Constructor
    Description
    OorianWebsocketConfigurator()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    checkOrigin(String originHeaderValue)
    Checks whether the WebSocket handshake origin is allowed.
    void
    modifyHandshake(jakarta.websocket.server.ServerEndpointConfig conf, jakarta.websocket.server.HandshakeRequest req, jakarta.websocket.HandshakeResponse resp)
    Modifies the WebSocket handshake to store the HTTP session.

    Methods inherited from class jakarta.websocket.server.ServerEndpointConfig.Configurator

    getContainerDefaultConfigurator, getEndpointInstance, getNegotiatedExtensions, getNegotiatedSubprotocol

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • OorianWebsocketConfigurator

      public OorianWebsocketConfigurator()

  • Method Details

    • checkOrigin

      public boolean checkOrigin(String originHeaderValue)
      Checks whether the WebSocket handshake origin is allowed.

      If origin validation is enabled, examines the Origin header from the handshake request and rejects the connection if it does not match the configured allowed origins.

      Overrides:
      checkOrigin in class jakarta.websocket.server.ServerEndpointConfig.Configurator
      Parameters:
      originHeaderValue - the value of the Origin header from the client
      Returns:
      true if the origin is allowed, false to reject

    • modifyHandshake

      public void modifyHandshake(jakarta.websocket.server.ServerEndpointConfig conf, jakarta.websocket.server.HandshakeRequest req, jakarta.websocket.HandshakeResponse resp)
      Modifies the WebSocket handshake to store the HTTP session.

      Extracts the HTTP session from the handshake request and stores it in the endpoint configuration's user properties under the key "httpsession".

      Overrides:
      modifyHandshake in class jakarta.websocket.server.ServerEndpointConfig.Configurator
      Parameters:
      conf - the server endpoint configuration
      req - the handshake request
      resp - the handshake response