Example usage for org.springframework.web.util WebUtils isSameOrigin

List of usage examples for org.springframework.web.util WebUtils isSameOrigin

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.web.util.*
  5. WebUtils
  6. isSameOrigin

Introduction

In this page you can find the example usage for org.springframework.web.util WebUtils isSameOrigin.

Prototype

public static boolean isSameOrigin(HttpRequest request)

Source Link

Document

Check if the request is a same-origin one, based on Origin , Host , Forwarded , X-Forwarded-Proto , X-Forwarded-Host and X-Forwarded-Port headers.

Usage

From source file:org.springframework.web.cors.DefaultCorsProcessor.java

@Override
@SuppressWarnings("resource")
public boolean processRequest(@Nullable CorsConfiguration config, HttpServletRequest request,
        HttpServletResponse response) throws IOException {

    if (!CorsUtils.isCorsRequest(request)) {
        return true;
    }//from www . j av  a 2  s . c om

    ServletServerHttpResponse serverResponse = new ServletServerHttpResponse(response);
    if (responseHasCors(serverResponse)) {
        logger.debug("Skip CORS processing: response already contains \"Access-Control-Allow-Origin\" header");
        return true;
    }

    ServletServerHttpRequest serverRequest = new ServletServerHttpRequest(request);
    if (WebUtils.isSameOrigin(serverRequest)) {
        logger.debug("Skip CORS processing: request is from same origin");
        return true;
    }

    boolean preFlightRequest = CorsUtils.isPreFlightRequest(request);
    if (config == null) {
        if (preFlightRequest) {
            rejectRequest(serverResponse);
            return false;
        } else {
            return true;
        }
    }

    return handleInternal(serverRequest, serverResponse, config, preFlightRequest);
}

From source file:org.springframework.web.socket.server.support.OriginHandshakeInterceptor.java

@Override
public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response,
        WebSocketHandler wsHandler, Map<String, Object> attributes) throws Exception {

    if (!WebUtils.isSameOrigin(request) && !WebUtils.isValidOrigin(request, this.allowedOrigins)) {
        response.setStatusCode(HttpStatus.FORBIDDEN);
        if (logger.isDebugEnabled()) {
            logger.debug("Handshake request rejected, Origin header value " + request.getHeaders().getOrigin()
                    + " not allowed");
        }/*w w w  .  j ava 2  s. c om*/
        return false;
    }
    return true;
}

From source file:org.springframework.web.socket.sockjs.support.AbstractSockJsService.java

protected boolean checkOrigin(ServerHttpRequest request, ServerHttpResponse response, HttpMethod... httpMethods)
        throws IOException {

    if (WebUtils.isSameOrigin(request)) {
        return true;
    }/*from   w w w  .  ja v  a 2s . co m*/

    if (!WebUtils.isValidOrigin(request, this.allowedOrigins)) {
        if (logger.isWarnEnabled()) {
            logger.warn("Origin header value '" + request.getHeaders().getOrigin() + "' not allowed.");
        }
        response.setStatusCode(HttpStatus.FORBIDDEN);
        return false;
    }

    return true;
}