1.定义两个类:
CustomHttpHandler.java
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.StatusCodes;
public class CustomHttpHandler implements HttpHandler {
private final HttpHandler next;
public CustomHttpHandler(HttpHandler next) {
this.next = next;
}
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
if ("TRACE".equals(exchange.getRequestMethod().toString())) {
exchange.setStatusCode(StatusCodes.FORBIDDEN);
exchange.endExchange();
return;
}
// 其他处理逻辑
next.handleRequest(exchange);
}
}
UndertowConfigCustomizer.java
import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.stereotype.Component;
@Component
public class UndertowConfigCustomizer implements WebServerFactoryCustomizer<UndertowServletWebServerFactory> {
@Override
public void customize(UndertowServletWebServerFactory factory) {
factory.addDeploymentInfoCustomizers(deploymentInfo ->
deploymentInfo.addInitialHandlerChainWrapper(httpHandler -> new CustomHttpHandler(httpHandler))
);
}
}
但是对于spring cloud gateway 网关服务 还需要单独定义过滤器,才能修复
DisableTraceFilter.java
import io.netty.handler.codec.http.HttpMethod;
import org.springframework.core.Ordered;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import reactor.core.publisher.Mono;
@Component
public class DisableTraceFilter implements WebFilter, Ordered {
@Override
public int getOrder() {
// 确保此过滤器优先于其他过滤器
return Integer.MIN_VALUE;
}
@Override
public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
if (HttpMethod.TRACE.name().equals(exchange.getRequest().getMethod().name())) {
// 返回403禁止访问
exchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
return exchange.getResponse().setComplete();
}
return chain.filter(exchange);
}
}