root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions 16 Packages Projects Releases Wiki Activity

Merge pull request #26311 from dbyron-sf 

* pr/26311:
  Polish "Add configuration property for Tomcat's rejectIllegalHeader"
  Add configuration property for Tomcat's rejectIllegalHeader

Closes gh-26311
This commit is contained in:
Stephane Nicoll 2021-06-12 17:39:21 +02:00
parent c1c1176020 d847f4c69e
commit ffe2d43653
4 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
View File

@ -409,6 +409,11 @@ public class ServerProperties {
*/ */
private Duration connectionTimeout; private Duration connectionTimeout;
/**
* Whether to reject requests with illegal header names or values.
*/
private boolean rejectIllegalHeader = true;
/** /**
* Static resource configuration. * Static resource configuration.
*/ */
@ -560,6 +565,14 @@ public class ServerProperties {
this.connectionTimeout = connectionTimeout; this.connectionTimeout = connectionTimeout;
} }
public boolean isRejectIllegalHeader() {
return this.rejectIllegalHeader;
}
public void setRejectIllegalHeader(boolean rejectIllegalHeader) {
this.rejectIllegalHeader = rejectIllegalHeader;
}
public Resource getResource() { public Resource getResource() {
return this.resource; return this.resource;
} }

12
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizer.java
View File

@ -117,6 +117,8 @@ public class TomcatWebServerFactoryCustomizer
.to((relaxedChars) -> customizeRelaxedPathChars(factory, relaxedChars)); .to((relaxedChars) -> customizeRelaxedPathChars(factory, relaxedChars));
propertyMapper.from(tomcatProperties::getRelaxedQueryChars).as(this::joinCharacters).whenHasText() propertyMapper.from(tomcatProperties::getRelaxedQueryChars).as(this::joinCharacters).whenHasText()
.to((relaxedChars) -> customizeRelaxedQueryChars(factory, relaxedChars)); .to((relaxedChars) -> customizeRelaxedQueryChars(factory, relaxedChars));
propertyMapper.from(tomcatProperties::isRejectIllegalHeader)
.to((rejectIllegalHeader) -> customizeRejectIllegalHeader(factory, rejectIllegalHeader));
customizeStaticResources(factory); customizeStaticResources(factory);
customizeErrorReportValve(properties.getError(), factory); customizeErrorReportValve(properties.getError(), factory);
} }
@ -192,6 +194,16 @@ public class TomcatWebServerFactoryCustomizer
factory.addConnectorCustomizers((connector) -> connector.setProperty("relaxedQueryChars", relaxedChars)); factory.addConnectorCustomizers((connector) -> connector.setProperty("relaxedQueryChars", relaxedChars));
} }
private void customizeRejectIllegalHeader(ConfigurableTomcatWebServerFactory factory, boolean rejectIllegalHeader) {
factory.addConnectorCustomizers((connector) -> {
ProtocolHandler handler = connector.getProtocolHandler();
if (handler instanceof AbstractHttp11Protocol) {
AbstractHttp11Protocol<?> protocol = (AbstractHttp11Protocol<?>) handler;
protocol.setRejectIllegalHeader(rejectIllegalHeader);
}
});
}
private String joinCharacters(List<Character> content) { private String joinCharacters(List<Character> content) {
return content.stream().map(String::valueOf).collect(Collectors.joining()); return content.stream().map(String::valueOf).collect(Collectors.joining());
} }

8
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
View File

@ -130,6 +130,7 @@ class ServerPropertiesTests {
map.put("server.tomcat.remoteip.protocol-header", "X-Forwarded-Protocol"); map.put("server.tomcat.remoteip.protocol-header", "X-Forwarded-Protocol");
map.put("server.tomcat.remoteip.remote-ip-header", "Remote-Ip"); map.put("server.tomcat.remoteip.remote-ip-header", "Remote-Ip");
map.put("server.tomcat.remoteip.internal-proxies", "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}"); map.put("server.tomcat.remoteip.internal-proxies", "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
map.put("server.tomcat.reject-illegal-header", "false");
map.put("server.tomcat.background-processor-delay", "10"); map.put("server.tomcat.background-processor-delay", "10");
map.put("server.tomcat.relaxed-path-chars", "|,<"); map.put("server.tomcat.relaxed-path-chars", "|,<");
map.put("server.tomcat.relaxed-query-chars", "^ , | "); map.put("server.tomcat.relaxed-query-chars", "^ , | ");
@ -152,6 +153,7 @@ class ServerPropertiesTests {
assertThat(tomcat.getRemoteip().getRemoteIpHeader()).isEqualTo("Remote-Ip"); assertThat(tomcat.getRemoteip().getRemoteIpHeader()).isEqualTo("Remote-Ip");
assertThat(tomcat.getRemoteip().getProtocolHeader()).isEqualTo("X-Forwarded-Protocol"); assertThat(tomcat.getRemoteip().getProtocolHeader()).isEqualTo("X-Forwarded-Protocol");
assertThat(tomcat.getRemoteip().getInternalProxies()).isEqualTo("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}"); assertThat(tomcat.getRemoteip().getInternalProxies()).isEqualTo("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
assertThat(tomcat.isRejectIllegalHeader()).isFalse();
assertThat(tomcat.getBackgroundProcessorDelay()).hasSeconds(10); assertThat(tomcat.getBackgroundProcessorDelay()).hasSeconds(10);
assertThat(tomcat.getRelaxedPathChars()).containsExactly('|', '<'); assertThat(tomcat.getRelaxedPathChars()).containsExactly('|', '<');
assertThat(tomcat.getRelaxedQueryChars()).containsExactly('^', '|'); assertThat(tomcat.getRelaxedQueryChars()).containsExactly('^', '|');
@ -405,6 +407,12 @@ class ServerPropertiesTests {
.isEqualTo(new RemoteIpValve().getInternalProxies()); .isEqualTo(new RemoteIpValve().getInternalProxies());
} }
@Test
void tomcatRejectIllegalHeaderMatchesProtocolDefault() throws Exception {
assertThat(getDefaultProtocol()).hasFieldOrPropertyWithValue("rejectIllegalHeader",
this.properties.getTomcat().isRejectIllegalHeader());
}
@Test @Test
void tomcatUseRelativeRedirectsDefaultsToFalse() { void tomcatUseRelativeRedirectsDefaultsToFalse() {
assertThat(this.properties.getTomcat().isUseRelativeRedirects()).isFalse(); assertThat(this.properties.getTomcat().isUseRelativeRedirects()).isFalse();

8
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizerTests.java
View File

@ -320,6 +320,14 @@ class TomcatWebServerFactoryCustomizerTests {
assertThat(factory.getEngineValves()).isEmpty(); assertThat(factory.getEngineValves()).isEmpty();
} }
@Test
void testCustomizeRejectIllegalHeader() {
bind("server.tomcat.reject-illegal-header=false");
customizeAndRunServer((server) -> assertThat(
((AbstractHttp11Protocol<?>) server.getTomcat().getConnector().getProtocolHandler())
.getRejectIllegalHeader()).isFalse());
}
@Test @Test
void errorReportValveIsConfiguredToNotReportStackTraces() { void errorReportValveIsConfiguredToNotReportStackTraces() {
TomcatWebServer server = customizeAndGetServer(); TomcatWebServer server = customizeAndGetServer();