|
1
|
package com.apusic.config;
|
|
2
|
|
|
3
|
import com.apusic.aas.util.descriptor.web.SecurityCollection;
|
|
4
|
import com.apusic.aas.util.descriptor.web.SecurityConstraint;
|
|
5
|
import com.apusic.ams.startup.Apusic;
|
|
6
|
import com.apusic.boot.web.embedded.ams.AasServletWebServerFactory;
|
|
7
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
|
8
|
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
|
|
9
|
import org.springframework.context.annotation.Bean;
|
|
10
|
import org.springframework.context.annotation.Configuration;
|
|
11
|
|
|
12
|
@Configuration
|
|
13
|
@ConditionalOnClass(Apusic.class)
|
|
14
|
public class AasConfig {
|
|
15
|
|
|
16
|
@Bean
|
|
17
|
public ConfigurableServletWebServerFactory configurableServletWebServerFactory() {
|
|
18
|
AasServletWebServerFactory factory = new AasServletWebServerFactory();
|
|
19
|
factory.addContextCustomizers(context -> {
|
|
20
|
SecurityConstraint securityConstraint = new SecurityConstraint();
|
|
21
|
securityConstraint.setUserConstraint("CONFIDENTIAL");
|
|
22
|
SecurityCollection collection = new SecurityCollection();
|
|
23
|
collection.addPattern("/*");
|
|
24
|
//禁用不安全的方法,按需使用
|
|
25
|
// collection.addMethod("HEAD");
|
|
26
|
// collection.addMethod("PUT");
|
|
27
|
// collection.addMethod("DELETE");
|
|
28
|
collection.addMethod("OPTIONS");
|
|
29
|
collection.addMethod("TRACE");
|
|
30
|
// collection.addMethod("COPY");
|
|
31
|
// collection.addMethod("SEARCH");
|
|
32
|
// collection.addMethod("PROPFIND");
|
|
33
|
securityConstraint.addCollection(collection);
|
|
34
|
context.addConstraint(securityConstraint);
|
|
35
|
});
|
|
36
|
return factory;
|
|
37
|
}
|
|
38
|
}
|