@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcatServletContainerFactory = new TomcatEmbeddedServletContainerFactory();
tomcatServletContainerFactory.addContextCustomizers(new TomcatContextCustomizer(){
@Override
public void customize(Context context) {
SecurityConstraint constraint = new SecurityConstraint();
SecurityCollection collection = new SecurityCollection();
//http方法
collection.addMethod("PUT");
collection.addMethod("DELETE");
collection.addMethod("HEAD");
collection.addMethod("OPTIONS");
collection.addMethod("TRACE");
collection.addMethod("TRACK");
collection.addMethod("PATCH");
//url匹配表达式
collection.addPattern("/*");
constraint.addCollection(collection);
constraint.setAuthConstraint(true);
context.addConstraint(constraint );
//设置使用httpOnly
context.setUseHttpOnly(true);
}
});
tomcatServletContainerFactory.addConnectorCustomizers(connector -> {
connector.setAllowTrace(true);
});
return tomcatServletContainerFactory;
}
Springboot如何禁止不安全的Http方法(tomcat可用)
猜你喜欢
转载自blog.csdn.net/qq_43248658/article/details/90517413
今日推荐
周排行