/** * Constructor using the specified allowed origin values. * @see #setAllowedOrigins(Collection) */ public OriginHandshakeInterceptor(Collection<String> allowedOrigins) { setAllowedOrigins(allowedOrigins); }
@Test public void originNoMatchWithNullHostileCollection() throws Exception { Map<String, Object> attributes = new HashMap<>(); WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.class); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain4.com"); OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(); Set<String> allowedOrigins = new ConcurrentSkipListSet<>(); allowedOrigins.add("http://mydomain1.com"); interceptor.setAllowedOrigins(allowedOrigins); assertFalse(interceptor.beforeHandshake(request, response, wsHandler, attributes)); assertEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value()); }
@Test public void originMatchAll() throws Exception { Map<String, Object> attributes = new HashMap<>(); WebSocketHandler wsHandler = Mockito.mock(WebSocketHandler.class); this.servletRequest.addHeader(HttpHeaders.ORIGIN, "http://mydomain1.com"); OriginHandshakeInterceptor interceptor = new OriginHandshakeInterceptor(); interceptor.setAllowedOrigins(Collections.singletonList("*")); assertTrue(interceptor.beforeHandshake(request, response, wsHandler, attributes)); assertNotEquals(servletResponse.getStatus(), HttpStatus.FORBIDDEN.value()); }
/** * Constructor using the specified allowed origin values. * @see #setAllowedOrigins(Collection) */ public OriginHandshakeInterceptor(Collection<String> allowedOrigins) { setAllowedOrigins(allowedOrigins); }
/** * Constructor using the specified allowed origin values. * @see #setAllowedOrigins(Collection) */ public OriginHandshakeInterceptor(Collection<String> allowedOrigins) { setAllowedOrigins(allowedOrigins); }