当前位置:   article > 正文

Spring boot 内置tomcat禁止不安全HTTP方法

Spring boot 内置tomcat禁止不安全HTTP方法

1、在tomcat的web.xml中可以配置如下内容,让tomcat禁止不安全的HTTP方法

  1. <security-constraint>
  2. <web-resource-collection>
  3. <url-pattern>/*</url-pattern>
  4. <http-method>PUT</http-method>
  5. <http-method>DELETE</http-method>
  6. <http-method>HEAD</http-method>
  7. <http-method>OPTIONS</http-method>
  8. <http-method>TRACE</http-method>
  9. </web-resource-collection>
  10. <auth-constraint>
  11. </auth-constraint>
  12. </security-constraint>
  13. <login-config>
  14. <auth-method>BASIC</auth-method>
  15. </login-config>


2、Spring boot使用内置tomcat,没有web.xml配置文件,可以通过以下配置进行,简单来说就是要注入到Spring容器中

  1. @Configuration
  2. public class TomcatConfig {
  3. @Bean
  4. public EmbeddedServletContainerFactory servletContainer() {
  5. TomcatEmbeddedServletContainerFactory tomcatServletContainerFactory = new TomcatEmbeddedServletContainerFactory();
  6. tomcatServletContainerFactory.addContextCustomizers(new TomcatContextCustomizer(){
  7. @Override
  8. public void customize(Context context) {
  9. SecurityConstraint constraint = new SecurityConstraint();
  10. SecurityCollection collection = new SecurityCollection();
  11. //http方法
  12. collection.addMethod("PUT");
  13. collection.addMethod("DELETE");
  14. collection.addMethod("HEAD");
  15. collection.addMethod("OPTIONS");
  16. collection.addMethod("TRACE");
  17. //url匹配表达式
  18. collection.addPattern("/*");
  19. constraint.addCollection(collection);
  20. constraint.setAuthConstraint(true);
  21. context.addConstraint(constraint );
  22. //设置使用httpOnly
  23. context.setUseHttpOnly(true);
  24. }
  25. });
  26. return tomcatServletContainerFactory;
  27. }
  28. }

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/一键难忘520/article/detail/955881
推荐阅读
相关标签
  

闽ICP备14008679号