使用spring boot

时间:2017-07-26 20:11:53

标签: java spring http spring-boot undertow

我想在下载中禁用http TRACE。我使用的是spring boot,默认情况下提供了它。我已经排除了tomcat并使用了underow。我在其他stackoverflow帖子(here)中得到了tomcat的答案,但我无法找到相同的forowow。这就是我到目前为止所做的。

    @Bean
    public EmbeddedServletContainerCustomizer containerCustomizer() {
        return new EmbeddedServletContainerCustomizer() {
            @Override
            public void customize(ConfigurableEmbeddedServletContainer container) {
                if (container.getClass().isAssignableFrom(UndertowEmbeddedServletContainerFactory.class)) {
                    UndertowEmbeddedServletContainerFactory underTowContainer = (UndertowEmbeddedServletContainerFactory) container;
                    underTowContainer.addDeploymentInfoCustomizers(new ContextSecurityCustomizer());
                }
            }
        };
    }

    private static class ContextSecurityCustomizer implements UndertowDeploymentInfoCustomizer {
        @Override
        public void customize(DeploymentInfo deploymentInfo) {
            DeploymentInfo info = new DeploymentInfo();
            // What next after this
        }
    }

请帮我填写此代码。我是否朝着正确的方向前进?提前致谢

2 个答案:

答案 0 :(得分:1)

这应该适用于下载:

@Bean
    public EmbeddedServletContainerCustomizer containerCustomizer() {
        return new EmbeddedServletContainerCustomizer() {
            @Override
            public void customize(ConfigurableEmbeddedServletContainer container) {
                if (container.getClass().isAssignableFrom(UndertowEmbeddedServletContainerFactory.class)) {
                    UndertowEmbeddedServletContainerFactory undertowContainer = (UndertowEmbeddedServletContainerFactory) container;
                    undertowContainer.addDeploymentInfoCustomizers(new ContextSecurityCustomizer());
                }
            }
        };
    }

    private static class ContextSecurityCustomizer implements UndertowDeploymentInfoCustomizer {

        @Override
        public void customize(io.undertow.servlet.api.DeploymentInfo deploymentInfo) {
            SecurityConstraint constraint = new SecurityConstraint();
            WebResourceCollection traceWebresource = new WebResourceCollection();
            traceWebresource.addUrlPattern("/*");
            traceWebresource.addHttpMethod(HttpMethod.TRACE.toString());
            constraint.addWebResourceCollection(traceWebresource);
            deploymentInfo.addSecurityConstraint(constraint);
        }

    }

答案 1 :(得分:0)

您可以在下面使用DisallowedMethodsHandler

import io.undertow.server.handlers.DisallowedMethodsHandler;

@Component
public class UndertowWebServerCustomizer
        implements WebServerFactoryCustomizer<UndertowServletWebServerFactory> {

    @Override
    public void customize(UndertowServletWebServerFactory factory) {

        factory.addDeploymentInfoCustomizers(deploymentInfo -> {
            deploymentInfo.addInitialHandlerChainWrapper(new HandlerWrapper() {
                @Override
                public HttpHandler wrap(HttpHandler handler) {
                    HttpString[] disallowedHttpMethods = { HttpString.tryFromString("TRACE"),
                        HttpString.tryFromString("TRACK") };
                    return new DisallowedMethodsHandler(handler, disallowedHttpMethods);
                }
            });
        });
    }
}
相关问题
最新问题