![](/img/trans.png)
[英]Spring Boot Actuator not reporting HTTP trace information for requests to Spring Authorization Server OAuth2 endpoints
[英]How to disallow TRACE http method in spring boot actuator
我在端口= 8078上有一個服務器,在端口= 8081上有彈簧啟動器。我想在兩者上禁用TRACE Http方法。 我已經創建了定制器bean(見下文)。 但是使用這個bean我只允許跟蹤8078.看起來執行器看不到這個bean。 如何在管理服務器上禁用TRACE http方法?
@ManagementContextConfiguration
public class CustomUndertowCustomizer {
@Bean
public WebServerFactoryCustomizer<UndertowServletWebServerFactory> undertowCustomizer() {
return (factory) ->
factory.addDeploymentInfoCustomizers(deploymentInfo ->
deploymentInfo.addInitialHandlerChainWrapper(handler -> {
HttpString[] disallowedHttpMethods = {HttpString.tryFromString("TRACE"),
HttpString.tryFromString("TRACK")};
return new DisallowedMethodsHandler(handler, disallowedHttpMethods);
}));
}
}
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
@Component
public class Filter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain)
{
try
if (req.getMethod().equals("TRACE")) {
res.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
} else {
filterChain.doFilter(req, res);
} } catch(Exception e){}
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.