build: 由于代码中有webdriver使用了jetty，我们这里去掉undertow，使用jetty来作为web容器

backend/pom.xml

@@ -65,7 +65,16 @@
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-undertow</artifactId>
+            <artifactId>spring-boot-starter-jetty</artifactId>
+        </dependency>
+        <!-- http2 配置-->
+        <dependency>
+            <groupId>org.eclipse.jetty</groupId>
+            <artifactId>jetty-alpn-conscrypt-server</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.eclipse.jetty.http2</groupId>
+            <artifactId>http2-server</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>

backend/src/main/java/io/metersphere/config/HTTPSConfig.java

@@ -1,21 +1,19 @@
 package io.metersphere.config;
 
 
-import io.undertow.Undertow;
+import org.eclipse.jetty.server.HttpConfiguration;
-import io.undertow.UndertowOptions;
+import org.eclipse.jetty.server.HttpConnectionFactory;
-import io.undertow.server.handlers.DisallowedMethodsHandler;
+import org.eclipse.jetty.server.ServerConnector;
-import io.undertow.util.HttpString;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.boot.web.embedded.undertow.UndertowServletWebServerFactory;
+import org.springframework.boot.web.embedded.jetty.ConfigurableJettyWebServerFactory;
-import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
+import org.springframework.boot.web.server.WebServerFactoryCustomizer;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
 
 @Configuration
 @ConditionalOnProperty(name = "server.ssl.enabled", havingValue = "true")
-public class HTTPSConfig {
+public class HTTPSConfig implements WebServerFactoryCustomizer<ConfigurableJettyWebServerFactory> {
 
     /**
      * http服务端口
@@ -29,31 +27,21 @@ public class HTTPSConfig {
     @Value("${server.port}")
     private Integer httpsPort;
 
+    @Override
+    public void customize(ConfigurableJettyWebServerFactory factory) {
 
-    @Bean
+        factory.addServerCustomizers(
-    public ServletWebServerFactory undertowFactory() {
+                server -> {
-        UndertowServletWebServerFactory undertowFactory = new UndertowServletWebServerFactory();
+                    HttpConfiguration httpConfiguration = new HttpConfiguration();
-        undertowFactory.addBuilderCustomizers((Undertow.Builder builder) -> {
+                    httpConfiguration.setSecurePort(httpsPort);
-            builder.addHttpListener(httpPort, "0.0.0.0");
+                    httpConfiguration.setSecureScheme("https");
-            // 开启HTTP2
+
-            builder.setServerOption(UndertowOptions.ENABLE_HTTP2, true);
+                    ServerConnector connector = new ServerConnector(server);
-        });
+                    connector.addConnectionFactory(new HttpConnectionFactory(httpConfiguration));
-        // 暂不开启自动跳转
+                    connector.setPort(httpPort);
-//        undertowFactory.addDeploymentInfoCustomizers(deploymentInfo -> {
+                    server.addConnector(connector);
-//            // 开启HTTP自动跳转至HTTPS
+                }
-//            deploymentInfo.addSecurityConstraint(new SecurityConstraint()
+        );
-//                            .addWebResourceCollection(new WebResourceCollection().addUrlPattern("/*"))
-//                            .setTransportGuaranteeType(TransportGuaranteeType.CONFIDENTIAL)
-//                            .setEmptyRoleSemantic(SecurityInfo.EmptyRoleSemantic.PERMIT))
-//                    .setConfidentialPortManager(exchange -> httpsPort);
-//        });
-        // 禁用 TRACE 和 TRACK
-        undertowFactory.addDeploymentInfoCustomizers(deploymentInfo -> deploymentInfo.addInitialHandlerChainWrapper(handler -> {
-            HttpString[] disallowedHttpMethods = {HttpString.tryFromString("TRACE"), HttpString.tryFromString("TRACK")};
-            return new DisallowedMethodsHandler(handler, disallowedHttpMethods);
-        }));
-        return undertowFactory;
     }
-
 }
 

backend/src/main/java/io/metersphere/security/JettyFilter.java

@@ -0,0 +1,36 @@
+package io.metersphere.security;
+
+import io.metersphere.commons.utils.LogUtil;
+
+import javax.servlet.*;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@WebFilter(urlPatterns = "/*", filterName = "jettyFilter")
+public class JettyFilter implements Filter {
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+
+        HttpServletRequest httpRequest = (HttpServletRequest) request;
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        LogUtil.debug("拦截器执行-----");
+        if ("TRACE".equalsIgnoreCase(httpRequest.getMethod()) || "TRACK".equalsIgnoreCase(httpRequest.getMethod())) {
+            httpResponse.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED);
+            LogUtil.info("trace 拦截执行");
+            return;
+        }
+        LogUtil.debug("拦截器结束-----");
+        chain.doFilter(request, response);
+    }
+
+    @Override
+    public void destroy() {
+    }
+}