How does ServerEndpointConfig.Configurator work

问题

It is coming from Ordering of filters, servlets in Jetty-9.2.2

As mentioned "split out the security logic into a standalone class that your Servlet Filters and your custom javax.websocket.server.ServerEndpointConfig.Configurator can use."

I am not sure how to implement this ? Can someone please explain this ?

回答1:

An HTTP upgrade (aka websocket) request arrives, what happens?

1. The container sees that it has the various headers indicating that it is an Upgrade request for websocket.

   • Is request method GET?
   • Is Upgrade header value WebSocket?
   • Is Sec-WebSocket-Key header value present and valid?
   • Is Sec-WebSocket-Version header value present and valid?

2. The container attempts to find if something is mapped to that incoming request (using a combination of servlet path mapping rules and javax.websocket uri template path mapping rules).

3. Once a registered endpoint is discovered from the above rules, it has to be initialized and configured before it is considered open.

4. The ServerEndpointConfig for that endpoint is used (all endpoints have this class registered with them, some are default values, some are calculated from annotations, and some are provided via the ServerContainer.addEndpoint(ServerEndpointConfig) method.

5. The following order is used to initialize a websocket endpoint

   1. Container establishes a HandshakeRequest and HandshakeResponse object representing the incoming raw upgrade request
   2. Container obtains a Configurator from ServerEndpointConfig.getConfigurator()
   3. Container calls Configurator.modifyHandshake(ServerEndpointConfig config, HandshakeRequest request, HandshakeResponse response)
   4. Container calls Configurator.checkOrigin(String origin) - if this fails, then an immediate error 403 Forbidden is returned
   5. Container calls Configurator.getNegotiatedSubprotocol(List<String> supported, List<String> requested) - if a subprotocol is provided, it is used for the WebSocket upgrade response header Sec-WebSocket-Protocol
   6. Container calls Configurator.getNegotiatedExtensions(List<Extension> installed, List<Extension> requested) - values returned are used in the WebSocket upgrade response header Sec-WebSocket-Extensions
   7. Container calls Configurator.getEndpointInstance(Class<T> endpointClass) with endpoint class parameter that the ServerEndpointConfig was created with.
   8. At this point the Endpoint + Session are created and websocket is opened.

If at any point you do not wish to upgrade this request, just throw an exception from the getEndpointInstance class. I'd recommend a java.lang.InstantiationException. This will cause Jetty to not perform the upgrade and send the request down the servlet processing chain.

Do note, however, your options on how your http response looks like from the Configurator is extremely limited (and rather undefined per the JSR-356/javax.websocket spec).

来源：https://stackoverflow.com/questions/25992111/how-does-serverendpointconfig-configurator-work