root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 12 Packages Projects Releases Wiki Activity

Polish "Add configuration property for Tomcat's rejectIllegalHeader" 

See gh-26311
This commit is contained in:
Stephane Nicoll 2021-05-31 09:27:12 +02:00
parent e5a539d80e
commit d847f4c69e
3 changed files with 19 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
View File

@ -409,6 +409,11 @@ public class ServerProperties {
*/
private Duration connectionTimeout;
/**
* Whether to reject requests with illegal header names or values.
*/
private boolean rejectIllegalHeader = true;
/**
* Static resource configuration.
*/
@ -424,11 +429,6 @@ public class ServerProperties {
*/
private final Remoteip remoteip = new Remoteip();
/**
* reject illegal header setting.
*/
private Boolean rejectIllegalHeader;
public DataSize getMaxHttpFormPostSize() {
return this.maxHttpFormPostSize;
}
@ -565,6 +565,14 @@ public class ServerProperties {
this.connectionTimeout = connectionTimeout;
}
public boolean isRejectIllegalHeader() {
return this.rejectIllegalHeader;
}
public void setRejectIllegalHeader(boolean rejectIllegalHeader) {
this.rejectIllegalHeader = rejectIllegalHeader;
}
public Resource getResource() {
return this.resource;
}
@ -577,14 +585,6 @@ public class ServerProperties {
return this.remoteip;
}
public Boolean getRejectIllegalHeader() {
return this.rejectIllegalHeader;
}
public void setRejectIllegalHeader(Boolean rejectIllegalHeader) {
this.rejectIllegalHeader = rejectIllegalHeader;
}
/**
* Tomcat access log properties.
*/

2
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizer.java
View File

@ -117,7 +117,7 @@ public class TomcatWebServerFactoryCustomizer
.to((relaxedChars) -> customizeRelaxedPathChars(factory, relaxedChars));
propertyMapper.from(tomcatProperties::getRelaxedQueryChars).as(this::joinCharacters).whenHasText()
.to((relaxedChars) -> customizeRelaxedQueryChars(factory, relaxedChars));
propertyMapper.from(tomcatProperties::getRejectIllegalHeader).whenNonNull()
propertyMapper.from(tomcatProperties::isRejectIllegalHeader)
.to((rejectIllegalHeader) -> customizeRejectIllegalHeader(factory, rejectIllegalHeader));
customizeStaticResources(factory);
customizeErrorReportValve(properties.getError(), factory);

9
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
View File

@ -130,7 +130,7 @@ class ServerPropertiesTests {
map.put("server.tomcat.remoteip.protocol-header", "X-Forwarded-Protocol");
map.put("server.tomcat.remoteip.remote-ip-header", "Remote-Ip");
map.put("server.tomcat.remoteip.internal-proxies", "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
map.put("server.tomcat.reject-illegal-header", "true");
map.put("server.tomcat.reject-illegal-header", "false");
map.put("server.tomcat.background-processor-delay", "10");
map.put("server.tomcat.relaxed-path-chars", "|,<");
map.put("server.tomcat.relaxed-query-chars", "^ , | ");
@ -153,7 +153,7 @@ class ServerPropertiesTests {
assertThat(tomcat.getRemoteip().getRemoteIpHeader()).isEqualTo("Remote-Ip");
assertThat(tomcat.getRemoteip().getProtocolHeader()).isEqualTo("X-Forwarded-Protocol");
assertThat(tomcat.getRemoteip().getInternalProxies()).isEqualTo("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
assertThat(tomcat.getRejectIllegalHeader()).isTrue();
assertThat(tomcat.isRejectIllegalHeader()).isFalse();
assertThat(tomcat.getBackgroundProcessorDelay()).hasSeconds(10);
assertThat(tomcat.getRelaxedPathChars()).containsExactly('|', '<');
assertThat(tomcat.getRelaxedQueryChars()).containsExactly('^', '|');
@ -408,8 +408,9 @@ class ServerPropertiesTests {
}
@Test
void tomcatRejectIllegalHeaderDefaultsToNull() {
assertThat(this.properties.getTomcat().getRejectIllegalHeader()).isNull();
void tomcatRejectIllegalHeaderMatchesProtocolDefault() throws Exception {
assertThat(getDefaultProtocol()).hasFieldOrPropertyWithValue("rejectIllegalHeader",
this.properties.getTomcat().isRejectIllegalHeader());
}
@Test