diff --git a/backend/pom.xml b/backend/pom.xml
index cef678e514..bdcd251989 100644
--- a/backend/pom.xml
+++ b/backend/pom.xml
@@ -65,7 +65,16 @@
org.springframework.boot
- spring-boot-starter-undertow
+ spring-boot-starter-jetty
+
+
+
+ org.eclipse.jetty
+ jetty-alpn-conscrypt-server
+
+
+ org.eclipse.jetty.http2
+ http2-server
org.springframework.boot
diff --git a/backend/src/main/java/io/metersphere/config/HTTPSConfig.java b/backend/src/main/java/io/metersphere/config/HTTPSConfig.java
index 894977bec8..0e0d959196 100644
--- a/backend/src/main/java/io/metersphere/config/HTTPSConfig.java
+++ b/backend/src/main/java/io/metersphere/config/HTTPSConfig.java
@@ -1,21 +1,19 @@
package io.metersphere.config;
-import io.undertow.Undertow;
-import io.undertow.UndertowOptions;
-import io.undertow.server.handlers.DisallowedMethodsHandler;
-import io.undertow.util.HttpString;
+import org.eclipse.jetty.server.HttpConfiguration;
+import org.eclipse.jetty.server.HttpConnectionFactory;
+import org.eclipse.jetty.server.ServerConnector;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
-import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
-import org.springframework.context.annotation.Bean;
+import org.springframework.boot.web.embedded.jetty.ConfigurableJettyWebServerFactory;
+import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Configuration;
@Configuration
@ConditionalOnProperty(name = "server.ssl.enabled", havingValue = "true")
-public class HTTPSConfig {
+public class HTTPSConfig implements WebServerFactoryCustomizer {
/**
* http服务端口
@@ -29,31 +27,21 @@ public class HTTPSConfig {
@Value("${server.port}")
private Integer httpsPort;
+ @Override
+ public void customize(ConfigurableJettyWebServerFactory factory) {
- @Bean
- public ServletWebServerFactory undertowFactory() {
- UndertowServletWebServerFactory undertowFactory = new UndertowServletWebServerFactory();
- undertowFactory.addBuilderCustomizers((Undertow.Builder builder) -> {
- builder.addHttpListener(httpPort, "0.0.0.0");
- // 开启HTTP2
- builder.setServerOption(UndertowOptions.ENABLE_HTTP2, true);
- });
- // 暂不开启自动跳转
-// undertowFactory.addDeploymentInfoCustomizers(deploymentInfo -> {
-// // 开启HTTP自动跳转至HTTPS
-// deploymentInfo.addSecurityConstraint(new SecurityConstraint()
-// .addWebResourceCollection(new WebResourceCollection().addUrlPattern("/*"))
-// .setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL)
-// .setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT))
-// .setConfidentialPortManager(exchange -> httpsPort);
-// });
- // 禁用 TRACE 和 TRACK
- undertowFactory.addDeploymentInfoCustomizers(deploymentInfo -> deploymentInfo.addInitialHandlerChainWrapper(handler -> {
- HttpString[] disallowedHttpMethods = {HttpString.tryFromString("TRACE"), HttpString.tryFromString("TRACK")};
- return new DisallowedMethodsHandler(handler, disallowedHttpMethods);
- }));
- return undertowFactory;
+ factory.addServerCustomizers(
+ server -> {
+ HttpConfiguration httpConfiguration = new HttpConfiguration();
+ httpConfiguration.setSecurePort(httpsPort);
+ httpConfiguration.setSecureScheme("https");
+
+ ServerConnector connector = new ServerConnector(server);
+ connector.addConnectionFactory(new HttpConnectionFactory(httpConfiguration));
+ connector.setPort(httpPort);
+ server.addConnector(connector);
+ }
+ );
}
-
}
diff --git a/backend/src/main/java/io/metersphere/security/JettyFilter.java b/backend/src/main/java/io/metersphere/security/JettyFilter.java
new file mode 100644
index 0000000000..b99f6317ab
--- /dev/null
+++ b/backend/src/main/java/io/metersphere/security/JettyFilter.java
@@ -0,0 +1,36 @@
+package io.metersphere.security;
+
+import io.metersphere.commons.utils.LogUtil;
+
+import javax.servlet.*;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@WebFilter(urlPatterns = "/*", filterName = "jettyFilter")
+public class JettyFilter implements Filter {
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ }
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+ HttpServletResponse httpResponse = (HttpServletResponse) response;
+ LogUtil.debug("拦截器执行-----");
+ if ("TRACE".equalsIgnoreCase(httpRequest.getMethod()) || "TRACK".equalsIgnoreCase(httpRequest.getMethod())) {
+ httpResponse.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+ LogUtil.info("trace 拦截执行");
+ return;
+ }
+ LogUtil.debug("拦截器结束-----");
+ chain.doFilter(request, response);
+ }
+
+ @Override
+ public void destroy() {
+ }
+}
\ No newline at end of file