使用 spring 引导在 undertow 中禁用 http TRACK/TRACE

Disable http TRACK/TRACE in undertow using spring boot

我想在 undertow 中禁用 http TRACE。我正在使用 spring 引导,默认情况下会提供 undertow。我已排除 tomcat 并使用 undertow。我在其他 Whosebug post (here) 中得到了 tomcat 的答案,但我无法为 undertow 找到相同的答案。这就是我到目前为止所做的。

    @Bean
    public EmbeddedServletContainerCustomizer containerCustomizer() {
        return new EmbeddedServletContainerCustomizer() {
            @Override
            public void customize(ConfigurableEmbeddedServletContainer container) {
                if (container.getClass().isAssignableFrom(UndertowEmbeddedServletContainerFactory.class)) {
                    UndertowEmbeddedServletContainerFactory underTowContainer = (UndertowEmbeddedServletContainerFactory) container;
                    underTowContainer.addDeploymentInfoCustomizers(new ContextSecurityCustomizer());
                }
            }
        };
    }

    private static class ContextSecurityCustomizer implements UndertowDeploymentInfoCustomizer {
        @Override
        public void customize(DeploymentInfo deploymentInfo) {
            DeploymentInfo info = new DeploymentInfo();
            // What next after this
        }
    }

请帮我完成这段代码。我什至在朝着正确的方向前进吗?提前致谢

这应该适用于 undertow:

@Bean
    public EmbeddedServletContainerCustomizer containerCustomizer() {
        return new EmbeddedServletContainerCustomizer() {
            @Override
            public void customize(ConfigurableEmbeddedServletContainer container) {
                if (container.getClass().isAssignableFrom(UndertowEmbeddedServletContainerFactory.class)) {
                    UndertowEmbeddedServletContainerFactory undertowContainer = (UndertowEmbeddedServletContainerFactory) container;
                    undertowContainer.addDeploymentInfoCustomizers(new ContextSecurityCustomizer());
                }
            }
        };
    }

    private static class ContextSecurityCustomizer implements UndertowDeploymentInfoCustomizer {

        @Override
        public void customize(io.undertow.servlet.api.DeploymentInfo deploymentInfo) {
            SecurityConstraint constraint = new SecurityConstraint();
            WebResourceCollection traceWebresource = new WebResourceCollection();
            traceWebresource.addUrlPattern("/*");
            traceWebresource.addHttpMethod(HttpMethod.TRACE.toString());
            constraint.addWebResourceCollection(traceWebresource);
            deploymentInfo.addSecurityConstraint(constraint);
        }

    }

您可以使用来自 undertow 的 DisallowedMethodsHandler:

import io.undertow.server.handlers.DisallowedMethodsHandler;

@Component
public class UndertowWebServerCustomizer
        implements WebServerFactoryCustomizer<UndertowServletWebServerFactory> {

    @Override
    public void customize(UndertowServletWebServerFactory factory) {

        factory.addDeploymentInfoCustomizers(deploymentInfo -> {
            deploymentInfo.addInitialHandlerChainWrapper(new HandlerWrapper() {
                @Override
                public HttpHandler wrap(HttpHandler handler) {
                    HttpString[] disallowedHttpMethods = { HttpString.tryFromString("TRACE"),
                        HttpString.tryFromString("TRACK") };
                    return new DisallowedMethodsHandler(handler, disallowedHttpMethods);
                }
            });
        });
    }
}