Disable Jetty's default Server header

Following the upgrade to Tomcat 8.5, Jetty became the only container that sends a Server header by default. This commit updates the factory for Jetty to disable the default Server header bringing it into line with Tomcat and Undertow. All three containers continue to support server.server-header which can be used to configure a custom server header. Closes gh-4730
2016-06-20 15:10:49 +01:00 · 2016-06-20 15:10:49 +01:00 · 3009e5146c
parent 06aa35b9da
commit 3009e5146c
2 changed files with 27 additions and 2 deletions
--- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java
+++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java
@ -891,6 +891,13 @@ public class JettyEmbeddedServletContainerFactory
 			ServerConnector connector = new ServerConnector(server, acceptors, selectors);
 			connector.setHost(address.getHostName());
 			connector.setPort(address.getPort());
+			for (ConnectionFactory connectionFactory : connector
+					.getConnectionFactories()) {
+				if (connectionFactory instanceof HttpConfiguration.ConnectionFactory) {
+					((HttpConfiguration.ConnectionFactory) connectionFactory)
+							.getHttpConfiguration().setSendServerVersion(false);
+				}
+			}
 			return connector;
 		}

@ -912,8 +919,16 @@ public class JettyEmbeddedServletContainerFactory
 						.findMethod(Server.class, "setThreadPool", ThreadPool.class)
 						.invoke(server, threadPool);
 			}
-			catch (Exception e) {
-				throw new RuntimeException("Failed to configure Jetty 8 ThreadPool", e);
+			catch (Exception ex) {
+				throw new RuntimeException("Failed to configure Jetty 8 ThreadPool", ex);
+			}
+			try {
+				ReflectionUtils
+						.findMethod(Server.class, "setSendServerVersion", boolean.class)
+						.invoke(server, false);
+			}
+			catch (Exception ex) {
+				throw new RuntimeException("Failed to disable Server header", ex);
 			}
 			return server;
 		}
--- a/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java
+++ b/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java
@ -813,6 +813,16 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
 		assertThat(response.getHeaders().getFirst("server")).isEqualTo("MyServer");
 	}

+	@Test
+	public void serverHeaderIsDisabledByDefault() throws Exception {
+		AbstractEmbeddedServletContainerFactory factory = getFactory();
+		this.container = factory
+				.getEmbeddedServletContainer(exampleServletRegistration());
+		this.container.start();
+		ClientHttpResponse response = getClientResponse(getLocalUrl("/hello"));
+		assertThat(response.getHeaders().getFirst("server")).isNull();
+	}
+
 	@Test
 	public void portClashOfPrimaryConnectorResultsInPortInUseException()
 			throws IOException {