| 提交 | 用户 | age | ||
| 2ed119 | 1 | package com.hx.security.request; |
| C | 2 | |
| 3 | import org.apache.tomcat.util.descriptor.web.SecurityCollection; | |
| 4 | import org.apache.tomcat.util.descriptor.web.SecurityConstraint; | |
| 5 | import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; | |
| 6 | import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory; | |
| 7 | import org.springframework.context.annotation.Bean; | |
| 8 | import org.springframework.context.annotation.Configuration; | |
| 9 | ||
| 10 | /**设置限制请求*/ | |
| 11 | @Configuration | |
| 12 | public class RequestRestriction { | |
| 13 | ||
| 14 | @Bean | |
| 15 | public ConfigurableServletWebServerFactory configurableServletWebServerFactory() { | |
| 16 | TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory(); | |
| 17 | factory.addContextCustomizers(context -> { | |
| 18 | SecurityConstraint securityConstraint = new SecurityConstraint(); | |
| 19 | securityConstraint.setUserConstraint("CONFIDENTIAL"); | |
| 20 | SecurityCollection collection = new SecurityCollection(); | |
| 21 | //设置不安全请求不能通过 | |
| 22 | collection.addPattern("/*"); | |
| 23 | collection.addMethod("HEAD"); | |
| 24 | collection.addMethod("PUT"); | |
| 25 | collection.addMethod("DELETE"); | |
| 26 | collection.addMethod("OPTIONS"); | |
| 27 | collection.addMethod("TRACE"); | |
| 28 | collection.addMethod("COPY"); | |
| 29 | collection.addMethod("SEARCH"); | |
| 30 | collection.addMethod("PROPFIND"); | |
| 31 | //collection.addMethod("PATCH"); | |
| 32 | securityConstraint.addCollection(collection); | |
| 33 | context.addConstraint(securityConstraint); | |
| 34 | }); | |
| 35 | return factory; | |
| 36 | } | |
| 37 | ||
| 38 | ||
| 39 | } | |
