Package io.goobi.viewer.websockets

Class WebSocketTools

java.lang.Object

io.goobi.viewer.websockets.WebSocketTools

public final class WebSocketTools
extends Object

Shared guards for ServerEndpoint @OnOpen handlers.

Provides three building blocks every endpoint that should restrict its caller needs:

• requireUser(HttpSession, Session) - enforce that the captured HTTP session contains a logged-in User, close the WebSocket otherwise.
• requireAllowedOrigin(EndpointConfig, Session) - validate the Origin header captured by GetHttpSessionConfigurator against the same allowlist used by CSRFRequestFilter; only enforced when Configuration.isWebSocketOriginValidationEnabled() is on. Decoupled from the REST CSRF switch so the two transports can be hardened independently.
• closeSession(Session, CloseCode, String) - best-effort polite close used by the guards above and by callers that detect a fatal handshake-time condition (unknown resource etc.).

Origin validation is gated by webapi.websocket.originValidation[@enabled], separate from the REST webapi.csrf[@enabled] so operators can harden each transport independently. The user check is always enforced when the endpoint calls it.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	ORIGIN_PROPERTY	Key under which GetHttpSessionConfigurator stashes the Origin header.

Method Summary

Modifier and Type	Method	Description
static void	closeSession(Session session, CloseReason.CloseCode code, String reason)	Best-effort polite close.
static boolean	requireAllowedOrigin(EndpointConfig config, Session ws)	Validates the Origin header captured at handshake time against Configuration.getViewerBaseUrl() and Configuration.getCsrfAdditionalAllowedOrigins().
static User	requireUser(HttpSession httpSession, Session ws)	Returns the User bound to httpSession, or closes ws with CloseReason.CloseCodes.VIOLATED_POLICY and returns null if no user is present.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

ORIGIN_PROPERTY

public static final String ORIGIN_PROPERTY

Key under which GetHttpSessionConfigurator stashes the Origin header.

See Also:

• Constant Field Values

Method Details

closeSession

public static void closeSession(Session session,
 CloseReason.CloseCode code,
 String reason)

Best-effort polite close. Swallows IOException - the peer may already be gone, and there is nothing useful the caller can do at that point.

Parameters:

session - WebSocket session to close

code - close code to send

reason - short human-readable reason (will be truncated by the container if >123 bytes)

requireUser

public static User requireUser(HttpSession httpSession,
 Session ws)

Returns the User bound to httpSession, or closes ws with CloseReason.CloseCodes.VIOLATED_POLICY and returns null if no user is present. Callers should return from @OnOpen immediately when the result is null.

Parameters:

httpSession - HTTP session captured by GetHttpSessionConfigurator

ws - WebSocket session to close on failure

Returns:

the authenticated User or null if the socket was closed

requireAllowedOrigin

public static boolean requireAllowedOrigin(EndpointConfig config,
 Session ws)

Validates the Origin header captured at handshake time against Configuration.getViewerBaseUrl() and Configuration.getCsrfAdditionalAllowedOrigins(). No-op (returns true) when Configuration.isWebSocketOriginValidationEnabled() is false.

Parameters:

config - endpoint config, expected to carry the ORIGIN_PROPERTY value

ws - WebSocket session to close on failure

Returns:

true if the origin is allowed (or validation is disabled); false if the socket was closed