使用弹簧启动禁用http TRACK / TRACE [英] Disable http TRACK/TRACE in undertow using spring boot
本文介绍了使用弹簧启动禁用http TRACK / TRACE的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想在下载中禁用http TRACE。我使用的是spring boot,默认情况下提供了它。我已经排除了tomcat并使用了underow。我在其他stackoverflow帖子中得到了tomcat的答案(这里)但我无法找到同样的情况。这就是我到目前为止所做的。
I want to disable http TRACE in undertow. I am using spring boot and undertow is provided with it by default. I have excluded tomcat and using undertow. I got the answer for tomcat in other stackoverflow post (here) but I am unable to find the same for undertow. This is what I have done till now.
@Bean
public EmbeddedServletContainerCustomizer containerCustomizer() {
return new EmbeddedServletContainerCustomizer() {
@Override
public void customize(ConfigurableEmbeddedServletContainer container) {
if (container.getClass().isAssignableFrom(UndertowEmbeddedServletContainerFactory.class)) {
UndertowEmbeddedServletContainerFactory underTowContainer = (UndertowEmbeddedServletContainerFactory) container;
underTowContainer.addDeploymentInfoCustomizers(new ContextSecurityCustomizer());
}
}
};
}
private static class ContextSecurityCustomizer implements UndertowDeploymentInfoCustomizer {
@Override
public void customize(DeploymentInfo deploymentInfo) {
DeploymentInfo info = new DeploymentInfo();
// What next after this
}
}
请帮我完成这段代码。我是否朝着正确的方向前进?在此先感谢
Please help me complete this code. Am I even moving in the right direction? Thanks in advance
推荐答案
这应该适用于承诺:
@Bean
public EmbeddedServletContainerCustomizer containerCustomizer() {
return new EmbeddedServletContainerCustomizer() {
@Override
public void customize(ConfigurableEmbeddedServletContainer container) {
if (container.getClass().isAssignableFrom(UndertowEmbeddedServletContainerFactory.class)) {
UndertowEmbeddedServletContainerFactory undertowContainer = (UndertowEmbeddedServletContainerFactory) container;
undertowContainer.addDeploymentInfoCustomizers(new ContextSecurityCustomizer());
}
}
};
}
private static class ContextSecurityCustomizer implements UndertowDeploymentInfoCustomizer {
@Override
public void customize(io.undertow.servlet.api.DeploymentInfo deploymentInfo) {
SecurityConstraint constraint = new SecurityConstraint();
WebResourceCollection traceWebresource = new WebResourceCollection();
traceWebresource.addUrlPattern("/*");
traceWebresource.addHttpMethod(HttpMethod.TRACE.toString());
constraint.addWebResourceCollection(traceWebresource);
deploymentInfo.addSecurityConstraint(constraint);
}
}
这篇关于使用弹簧启动禁用http TRACK / TRACE的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文