兰宝车间质量管理系统
blame | 历史 | 原始文档
baoshiwei
2025-03-12 f1208474f771a1c233d7425c8ed13fbaa0d521ac 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

package org.dromara.common.web.config;


 


import io.undertow.server.DefaultByteBufferPool;


import io.undertow.server.handlers.DisallowedMethodsHandler;


import io.undertow.util.HttpString;


import io.undertow.websockets.jsr.WebSocketDeploymentInfo;


import org.dromara.common.core.utils.SpringUtils;


import org.springframework.boot.autoconfigure.AutoConfiguration;


import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;


import org.springframework.boot.web.server.WebServerFactoryCustomizer;


import org.springframework.core.task.VirtualThreadTaskExecutor;


 


/**


 * Undertow 自定义配置


 *


 * @author Lion Li


 */


@AutoConfiguration


public class UndertowConfig implements WebServerFactoryCustomizer<UndertowServletWebServerFactory> {


 


    /**


     * 自定义 Undertow 配置


     * <p>


     * 主要配置内容包括:


     * 1. 配置 WebSocket 部署信息


     * 2. 在虚拟线程模式下使用虚拟线程池


     * 3. 禁用不安全的 HTTP 方法,如 CONNECT、TRACE、TRACK


     * </p>


     *


     * @param factory Undertow 的 Web 服务器工厂


     */


    @Override


    public void customize(UndertowServletWebServerFactory factory) {


        factory.addDeploymentInfoCustomizers(deploymentInfo -> {


            // 配置 WebSocket 部署信息,设置 WebSocket 使用的缓冲区池


            WebSocketDeploymentInfo webSocketDeploymentInfo = new WebSocketDeploymentInfo();


            webSocketDeploymentInfo.setBuffers(new DefaultByteBufferPool(true, 1024));


            deploymentInfo.addServletContextAttribute("io.undertow.websockets.jsr.WebSocketDeploymentInfo", webSocketDeploymentInfo);


 


            // 如果启用了虚拟线程,配置 Undertow 使用虚拟线程池


            if (SpringUtils.isVirtual()) {


                // 创建虚拟线程池,线程池前缀为 "undertow-"


                VirtualThreadTaskExecutor executor = new VirtualThreadTaskExecutor("undertow-");


                // 设置虚拟线程池为执行器和异步执行器


                deploymentInfo.setExecutor(executor);


                deploymentInfo.setAsyncExecutor(executor);


            }


 


            // 配置禁止某些不安全的 HTTP 方法(如 CONNECT、TRACE、TRACK)


            deploymentInfo.addInitialHandlerChainWrapper(handler -> {


                // 禁止三个方法 CONNECT/TRACE/TRACK 也是不安全的 避免爬虫骚扰


                HttpString[] disallowedHttpMethods = {


                    HttpString.tryFromString("CONNECT"),


                    HttpString.tryFromString("TRACE"),


                    HttpString.tryFromString("TRACK")


                };


                // 使用 DisallowedMethodsHandler 拦截并拒绝这些方法的请求


                return new DisallowedMethodsHandler(handler, disallowedHttpMethods);


            });


        });


    }


 


}