chenjiahe
2023-07-17 d4fa5269e214e8bbe1f7dd79a922cefe9fc9916b
提交 | 用户 | age
2ed119 1 package com.hx.security.request;
C 2
3 import org.apache.tomcat.util.descriptor.web.SecurityCollection;
4 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
5 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
6 import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
7 import org.springframework.context.annotation.Bean;
8 import org.springframework.context.annotation.Configuration;
9
10 /**设置限制请求*/
11 @Configuration
12 public class RequestRestriction {
13
14     @Bean
15     public ConfigurableServletWebServerFactory configurableServletWebServerFactory() {
16         TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
17         factory.addContextCustomizers(context -> {
18             SecurityConstraint securityConstraint = new SecurityConstraint();
19             securityConstraint.setUserConstraint("CONFIDENTIAL");
20             SecurityCollection collection = new SecurityCollection();
21             //设置不安全请求不能通过
22             collection.addPattern("/*");
23             collection.addMethod("HEAD");
24             collection.addMethod("PUT");
25             collection.addMethod("DELETE");
26             collection.addMethod("OPTIONS");
27             collection.addMethod("TRACE");
28             collection.addMethod("COPY");
29             collection.addMethod("SEARCH");
30             collection.addMethod("PROPFIND");
31             //collection.addMethod("PATCH");
32             securityConstraint.addCollection(collection);
33             context.addConstraint(securityConstraint);
34         });
35         return factory;
36     }
37
38
39 }