Heim >Java >javaLernprogramm >Wie verwendet Springboot das integrierte Tomcat, um unsicheres HTTP zu verbieten?
<security-constraint> <web-resource-collection> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> </web-resource-collection> <auth-constraint> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> </login-config>
@Configuration public class TomcatConfig { @Bean public EmbeddedServletContainerFactory servletContainer() { TomcatEmbeddedServletContainerFactory tomcatServletContainerFactory = new TomcatEmbeddedServletContainerFactory(); tomcatServletContainerFactory.addContextCustomizers(new TomcatContextCustomizer(){ @Override public void customize(Context context) { SecurityConstraint constraint = new SecurityConstraint(); SecurityCollection collection = new SecurityCollection(); //http方法 collection.addMethod("PUT"); collection.addMethod("DELETE"); collection.addMethod("HEAD"); collection.addMethod("OPTIONS"); collection.addMethod("TRACE"); //url匹配表达式 collection.addPattern("/*"); constraint.addCollection(collection); constraint.setAuthConstraint(true); context.addConstraint(constraint ); //设置使用httpOnly context.setUseHttpOnly(true); } }); return tomcatServletContainerFactory; } }
Unsichere HTTP-Methoden aktivieren
#Problembeschreibung: # 🎜🎜#"Unsichere HTTP-Methoden aktiviert: OPTIONS /system HTTP/1.1Zulassen: HEAD, PUT, DELETE, TRACE, OPTIONS, PATCH
Put and Post: Senden Sie das Dokument an den Server;
<security-constraint> <web-resource-collection> <web-resource-name>disp</web-resource-name> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> <http-method>PATCH</http-method> </web-resource-collection> <auth-constraint></auth-constraint> </security-constraint>
# 🎜🎜#
Das obige ist der detaillierte Inhalt vonWie verwendet Springboot das integrierte Tomcat, um unsicheres HTTP zu verbieten?. Für weitere Informationen folgen Sie bitte anderen verwandten Artikeln auf der PHP chinesischen Website!