我在端口 = 8078 上有一个服务器,在端口 = 8081 上有一个 Spring Boot 执行器。我想在两者上禁用 TRACE Http 方法。我已经创建了定制器 bean(见下文)。但是对于这个 bean,我只不允许在 8078 上进行 Trace。看起来执行器看不到这个 bean。如何在管理服务器上禁用 TRACE http 方法?
@ManagementContextConfiguration
public class CustomUndertowCustomizer {
@Bean
public WebServerFactoryCustomizer<UndertowServletWebServerFactory> undertowCustomizer() {
return (factory) ->
factory.addDeploymentInfoCustomizers(deploymentInfo ->
deploymentInfo.addInitialHandlerChainWrapper(handler -> {
HttpString[] disallowedHttpMethods = {HttpString.tryFromString("TRACE"),
HttpString.tryFromString("TRACK")};
return new DisallowedMethodsHandler(handler, disallowedHttpMethods);
}));
}
}
最佳答案
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
@Component
public class Filter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain)
{
try {
if (req.getMethod().equals("TRACE")) {
res.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
} else {
filterChain.doFilter(req, res);
}
} catch(Exception e){}
}
}
关于java - 如何在 Spring Boot 执行器中禁止 TRACE http 方法,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55830707/