mirror of
				https://github.com/continew-org/continew-starter.git
				synced 2025-10-26 05:03:09 +08:00 
			
		
		
		
	feat(web): 添加 Undertow 自定义配置和默认配置,默认禁止三个不安全的 HTTP 方法(如 CONNECT、TRACE、TRACK)
This commit is contained in:
		| @@ -0,0 +1,61 @@ | ||||
| /* | ||||
|  * Copyright (c) 2022-present Charles7c Authors. All Rights Reserved. | ||||
|  * <p> | ||||
|  * Licensed under the GNU LESSER GENERAL PUBLIC LICENSE 3.0; | ||||
|  * you may not use this file except in compliance with the License. | ||||
|  * You may obtain a copy of the License at | ||||
|  * <p> | ||||
|  * http://www.gnu.org/licenses/lgpl.html | ||||
|  * <p> | ||||
|  * Unless required by applicable law or agreed to in writing, software | ||||
|  * distributed under the License is distributed on an "AS IS" BASIS, | ||||
|  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
|  * See the License for the specific language governing permissions and | ||||
|  * limitations under the License. | ||||
|  */ | ||||
|  | ||||
| package top.continew.starter.web.autoconfigure.container; | ||||
|  | ||||
| import org.slf4j.Logger; | ||||
| import org.slf4j.LoggerFactory; | ||||
| import org.springframework.boot.autoconfigure.AutoConfiguration; | ||||
| import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; | ||||
| import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication; | ||||
| import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory; | ||||
| import org.springframework.boot.web.server.WebServerFactoryCustomizer; | ||||
| import org.springframework.context.annotation.Bean; | ||||
|  | ||||
| import io.undertow.Undertow; | ||||
| import io.undertow.server.handlers.DisallowedMethodsHandler; | ||||
| import io.undertow.util.HttpString; | ||||
|  | ||||
| /** | ||||
|  * Undertow 自定义配置 | ||||
|  * | ||||
|  * @author Jasmine | ||||
|  * @since 2.11.0 | ||||
|  */ | ||||
| @AutoConfiguration | ||||
| @ConditionalOnWebApplication | ||||
| @ConditionalOnClass(Undertow.class) | ||||
| public class UndertowAutoConfiguration { | ||||
|  | ||||
|     private static final Logger log = LoggerFactory.getLogger(UndertowAutoConfiguration.class); | ||||
|  | ||||
|     /** | ||||
|      * Undertow 自定义配置 | ||||
|      */ | ||||
|     @Bean | ||||
|     public WebServerFactoryCustomizer<UndertowServletWebServerFactory> customize() { | ||||
|         return factory -> { | ||||
|             factory.addDeploymentInfoCustomizers(deploymentInfo -> deploymentInfo | ||||
|                 .addInitialHandlerChainWrapper(handler -> { | ||||
|                     // 禁止三个不安全的 HTTP 方法(如 CONNECT、TRACE、TRACK) | ||||
|                     HttpString[] disallowedHttpMethods = {HttpString.tryFromString("CONNECT"), HttpString | ||||
|                         .tryFromString("TRACE"), HttpString.tryFromString("TRACK")}; | ||||
|                     return new DisallowedMethodsHandler(handler, disallowedHttpMethods); | ||||
|                 })); | ||||
|             log.debug("[ContiNew Starter] - Auto Configuration 'Web-Undertow' completed initialization."); | ||||
|         }; | ||||
|     } | ||||
| } | ||||
| @@ -1,2 +1,3 @@ | ||||
| top.continew.starter.web.autoconfigure.mvc.WebMvcAutoConfiguration | ||||
| top.continew.starter.web.autoconfigure.cors.CorsAutoConfiguration | ||||
| top.continew.starter.web.autoconfigure.container.UndertowAutoConfiguration | ||||
| @@ -23,3 +23,20 @@ continew-starter.web.response: | ||||
|     - io.swagger.** | ||||
|     - org.springdoc.** | ||||
|     - org.springframework.boot.actuate.* | ||||
|  | ||||
| --- ### 服务器配置 | ||||
| server: | ||||
|   ## Undertow 服务器配置 | ||||
|   undertow: | ||||
|     # HTTP POST 请求内容的大小上限(默认 -1,不限制) | ||||
|     max-http-post-size: -1 | ||||
|     # 以下的配置会影响 buffer,这些 buffer 会用于服务器连接的 IO 操作,有点类似 Netty 的池化内存管理 | ||||
|     # 每块 buffer的空间大小(越小的空间被利用越充分,不要设置太大,以免影响其他应用,合适即可) | ||||
|     buffer-size: 512 | ||||
|     # 是否分配的直接内存(NIO 直接分配的堆外内存) | ||||
|     direct-buffers: true | ||||
|     threads: | ||||
|       # 设置 IO 线程数,它主要执行非阻塞的任务,它们会负责多个连接(默认每个 CPU 核心一个线程) | ||||
|       io: 8 | ||||
|       # 阻塞任务线程池,当执行类似 Servlet 请求阻塞操作,Undertow 会从这个线程池中取得线程(它的值设置取决于系统的负载) | ||||
|       worker: 256 | ||||
		Reference in New Issue
	
	Block a user
	 jasmine
					jasmine