List of usage examples for org.springframework.web.util WebUtils isValidOrigin
public static boolean isValidOrigin(HttpRequest request, Collection<String> allowedOrigins)
From source file:org.springframework.web.socket.server.support.OriginHandshakeInterceptor.java
@Override public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse response, WebSocketHandler wsHandler, Map<String, Object> attributes) throws Exception { if (!WebUtils.isSameOrigin(request) && !WebUtils.isValidOrigin(request, this.allowedOrigins)) { response.setStatusCode(HttpStatus.FORBIDDEN); if (logger.isDebugEnabled()) { logger.debug("Handshake request rejected, Origin header value " + request.getHeaders().getOrigin() + " not allowed"); }// ww w . j a v a2s . com return false; } return true; }
From source file:org.springframework.web.socket.sockjs.support.AbstractSockJsService.java
protected boolean checkOrigin(ServerHttpRequest request, ServerHttpResponse response, HttpMethod... httpMethods) throws IOException { if (WebUtils.isSameOrigin(request)) { return true; }//from w w w . j a v a 2 s .c o m if (!WebUtils.isValidOrigin(request, this.allowedOrigins)) { if (logger.isWarnEnabled()) { logger.warn("Origin header value '" + request.getHeaders().getOrigin() + "' not allowed."); } response.setStatusCode(HttpStatus.FORBIDDEN); return false; } return true; }