禁止TRACE请求

2 years ago · f0dc845825
parent 5ecb5f667d
commit f0dc845825
1 changed files with 30 additions and 0 deletions
--- a/server/src/main/java/cn/keking/web/filter/SecurityFilterProxy.java
+++ b/server/src/main/java/cn/keking/web/filter/SecurityFilterProxy.java
@ -0,0 +1,30 @@
+package cn.keking.web.filter;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+
+@Configuration
+public class SecurityFilterProxy extends OncePerRequestFilter {
+
+
+    private String NOT_ALLOW_METHODS = "TRACE";
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+                                    FilterChain filterChain) throws ServletException, IOException {
+        if((","+NOT_ALLOW_METHODS+",").indexOf(","+request.getMethod().toLowerCase()+",") > -1) {
+            response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+            response.setHeader("Content-Type", "text/html; charset=iso-8859-1");
+            response.getWriter().println("Method Not Allowed");
+            return;
+        }
+        super.doFilter(request, response, filterChain);
+    }
+}