验证方式:curl -v -X TRACE ip:port,或使用其他接口调试工具如Postman
响应:状态行405 Method Not Allowed且响应体无内容
方案一:使用过滤器
若webserver是tomcat, 添加过滤器的方式有很多
@Component
public class TraceHttpMethodFilter extends OncePerRequestFilter {@Overrideprotected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {if (HttpMethod.TRACE.matches(request.getMethod())) {response.setStatus(HttpStatus.METHOD_NOT_ALLOWED.value());return;}filterChain.doFilter(request, response);}
}
若是springcloud gateway,其使用Netty作为webserver
@Component
public class GatewayTraceHttpMethodFilter implements WebFilter, Ordered {@Overridepublic int getOrder() {return HIGHEST_PRECEDENCE;}@Overridepublic Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {if (HttpMethod.TRACE == exchange.getRequest().getMethod()) {var response = exchange.getResponse();response.setStatusCode(HttpStatus.METHOD_NOT_ALLOWED);return response.setComplete();}return chain.filter(exchange);}
}
方案二:自定义WebServerFactory配置
若WebServer是Undertow
@Configuration
public class UndertowWebServerFactoryConfig implements WebServerFactoryCustomizer<UndertowServletWebServerFactory> {@Overridepublic void customize(UndertowServletWebServerFactory factory) {factory.addDeploymentInfoCustomizers(deploymentInfo -> {deploymentInfo.addInitialHandlerChainWrapper(httpHandler -> {HttpString[] disAllowedHttpMethods = {HttpString.tryFromString(HttpMethod.TRACE.name())};return new DisallowedMethodsHandler(httpHandler, disAllowedHttpMethods);});});}
}
