提交 | 用户 | age
|
826b66
|
1 |
package com.hx.security.request; |
C |
2 |
|
|
3 |
import org.apache.tomcat.util.descriptor.web.SecurityCollection; |
|
4 |
import org.apache.tomcat.util.descriptor.web.SecurityConstraint; |
|
5 |
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; |
|
6 |
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory; |
|
7 |
import org.springframework.context.annotation.Bean; |
|
8 |
import org.springframework.context.annotation.Configuration; |
|
9 |
|
|
10 |
/**设置限制请求*/ |
|
11 |
@Configuration |
|
12 |
public class RequestRestriction { |
|
13 |
|
|
14 |
@Bean |
|
15 |
public ConfigurableServletWebServerFactory configurableServletWebServerFactory() { |
|
16 |
TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory(); |
|
17 |
factory.addContextCustomizers(context -> { |
|
18 |
SecurityConstraint securityConstraint = new SecurityConstraint(); |
|
19 |
securityConstraint.setUserConstraint("CONFIDENTIAL"); |
|
20 |
SecurityCollection collection = new SecurityCollection(); |
|
21 |
//设置不安全请求不能通过 |
|
22 |
collection.addPattern("/*"); |
|
23 |
collection.addMethod("HEAD"); |
|
24 |
collection.addMethod("PUT"); |
|
25 |
collection.addMethod("DELETE"); |
|
26 |
collection.addMethod("OPTIONS"); |
|
27 |
collection.addMethod("TRACE"); |
|
28 |
collection.addMethod("COPY"); |
|
29 |
collection.addMethod("SEARCH"); |
|
30 |
collection.addMethod("PROPFIND"); |
|
31 |
//collection.addMethod("PATCH"); |
|
32 |
securityConstraint.addCollection(collection); |
|
33 |
context.addConstraint(securityConstraint); |
|
34 |
}); |
|
35 |
return factory; |
|
36 |
} |
|
37 |
|
|
38 |
|
|
39 |
} |