rishi rishi - 1 year ago 119
HTTP Question

Disable http TRACK/TRACE in undertow using spring boot

I want to disable http TRACE in undertow. I am using spring boot and undertow is provided with it by default. I have excluded tomcat and using undertow. I got the answer for tomcat in other stackoverflow post (here) but I am unable to find the same for undertow. This is what I have done till now.

@Bean
public EmbeddedServletContainerCustomizer containerCustomizer() {
return new EmbeddedServletContainerCustomizer() {
@Override
public void customize(ConfigurableEmbeddedServletContainer container) {
if (container.getClass().isAssignableFrom(UndertowEmbeddedServletContainerFactory.class)) {
UndertowEmbeddedServletContainerFactory underTowContainer = (UndertowEmbeddedServletContainerFactory) container;
underTowContainer.addDeploymentInfoCustomizers(new ContextSecurityCustomizer());
}
}
};
}

private static class ContextSecurityCustomizer implements UndertowDeploymentInfoCustomizer {
@Override
public void customize(DeploymentInfo deploymentInfo) {
DeploymentInfo info = new DeploymentInfo();
// What next after this
}
}


Please help me complete this code. Am I even moving in the right direction? Thanks in advance

Answer Source

This should work for undertow:

@Bean
    public EmbeddedServletContainerCustomizer containerCustomizer() {
        return new EmbeddedServletContainerCustomizer() {
            @Override
            public void customize(ConfigurableEmbeddedServletContainer container) {
                if (container.getClass().isAssignableFrom(UndertowEmbeddedServletContainerFactory.class)) {
                    UndertowEmbeddedServletContainerFactory undertowContainer = (UndertowEmbeddedServletContainerFactory) container;
                    undertowContainer.addDeploymentInfoCustomizers(new ContextSecurityCustomizer());
                }
            }
        };
    }

    private static class ContextSecurityCustomizer implements UndertowDeploymentInfoCustomizer {

        @Override
        public void customize(io.undertow.servlet.api.DeploymentInfo deploymentInfo) {
            SecurityConstraint constraint = new SecurityConstraint();
            WebResourceCollection traceWebresource = new WebResourceCollection();
            traceWebresource.addUrlPattern("/*");
            traceWebresource.addHttpMethod(HttpMethod.TRACE.toString());
            constraint.addWebResourceCollection(traceWebresource);
            deploymentInfo.addSecurityConstraint(constraint);
        }

    }
Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download