Skip to content

S
spring-boot
Commit 1fee797a authored by dirkdeyne's avatar dirkdeyne Committed by Stephane Nicoll
Browse files
Options

Add support for configuring Tomcat's relaxed path and query chars 

See gh-17510
parent 55e8a978
Hide whitespace changes
Inline Side-by-side
Showing with 48 additions and 0 deletions
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
View file @ 1fee797a
...@@ -61,6 +61,7 @@ import org.springframework.util.unit.DataSize; ...@@ -61,6 +61,7 @@ import org.springframework.util.unit.DataSize;
* @author Artsiom Yudovin * @author Artsiom Yudovin
* @author Andrew McGhie * @author Andrew McGhie
* @author Rafiullah Hamedy * @author Rafiullah Hamedy
* @author Dirk Deyne
* @since 1.0.0 * @since 1.0.0
*/ */
@ConfigurationProperties(prefix = "server", ignoreUnknownFields = true) @ConfigurationProperties(prefix = "server", ignoreUnknownFields = true)
...@@ -405,6 +406,20 @@ public class ServerProperties { ...@@ -405,6 +406,20 @@ public class ServerProperties {
*/ */
private final Mbeanregistry mbeanregistry = new Mbeanregistry(); private final Mbeanregistry mbeanregistry = new Mbeanregistry();
/**
* Specify additional unencoded characters that Tomcat should allow in a
* querystring. The value may be any combination of the following characters: " <
* > [ \ ] ^ ` { | } . Any other characters present in the value will be ignored.
*/
private String relaxedQueryChars;
/**
* Specify additional unencoded characters that Tomcat should allow in the path.
* The value may be any combination of the following characters: " < > [ \ ] ^ ` {
* | } . Any other characters present in the value will be ignored.
*/
private String relaxedPathChars;
public int getMaxThreads() { public int getMaxThreads() {
return this.maxThreads; return this.maxThreads;
} }
...@@ -561,6 +576,22 @@ public class ServerProperties { ...@@ -561,6 +576,22 @@ public class ServerProperties {
return this.mbeanregistry; return this.mbeanregistry;
} }
public String getRelaxedPathChars() {
return this.relaxedPathChars;
}
public void setRelaxedPathChars(String relaxedPathChars) {
this.relaxedPathChars = relaxedPathChars;
}
public String getRelaxedQueryChars() {
return this.relaxedQueryChars;
}
public void setRelaxedQueryChars(String relaxedQueryChars) {
this.relaxedQueryChars = relaxedQueryChars;
}
/** /**
* Tomcat access log properties. * Tomcat access log properties.
*/ */
......
spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/embedded/TomcatWebServerFactoryCustomizer.java
View file @ 1fee797a
...@@ -51,6 +51,7 @@ import org.springframework.util.unit.DataSize; ...@@ -51,6 +51,7 @@ import org.springframework.util.unit.DataSize;
* @author Artsiom Yudovin * @author Artsiom Yudovin
* @author Chentao Qu * @author Chentao Qu
* @author Andrew McGhie * @author Andrew McGhie
* @author Dirk Deyne
* @since 2.0.0 * @since 2.0.0
*/ */
public class TomcatWebServerFactoryCustomizer public class TomcatWebServerFactoryCustomizer
...@@ -102,6 +103,10 @@ public class TomcatWebServerFactoryCustomizer ...@@ -102,6 +103,10 @@ public class TomcatWebServerFactoryCustomizer
.to((acceptCount) -> customizeAcceptCount(factory, acceptCount)); .to((acceptCount) -> customizeAcceptCount(factory, acceptCount));
propertyMapper.from(tomcatProperties::getProcessorCache) propertyMapper.from(tomcatProperties::getProcessorCache)
.to((processorCache) -> customizeProcessorCache(factory, processorCache)); .to((processorCache) -> customizeProcessorCache(factory, processorCache));
propertyMapper.from(tomcatProperties::getRelaxedQueryChars)
.to((relaxedChars) -> customizeRelaxedQueryChars(factory, relaxedChars));
propertyMapper.from(tomcatProperties::getRelaxedPathChars)
.to((relaxedChars) -> customizeRelaxedPathChars(factory, relaxedChars));
customizeStaticResources(factory); customizeStaticResources(factory);
customizeErrorReportValve(properties.getError(), factory); customizeErrorReportValve(properties.getError(), factory);
} }
...@@ -149,6 +154,14 @@ public class TomcatWebServerFactoryCustomizer ...@@ -149,6 +154,14 @@ public class TomcatWebServerFactoryCustomizer
}); });
} }
private void customizeRelaxedQueryChars(ConfigurableTomcatWebServerFactory factory, String relaxedChars) {
factory.addConnectorCustomizers((connector) -> connector.setAttribute("relaxedQueryChars", relaxedChars));
}
private void customizeRelaxedPathChars(ConfigurableTomcatWebServerFactory factory, String relaxedChars) {
factory.addConnectorCustomizers((connector) -> connector.setAttribute("relaxedPathChars", relaxedChars));
}
private void customizeRemoteIpValve(ConfigurableTomcatWebServerFactory factory) { private void customizeRemoteIpValve(ConfigurableTomcatWebServerFactory factory) {
Tomcat tomcatProperties = this.serverProperties.getTomcat(); Tomcat tomcatProperties = this.serverProperties.getTomcat();
String protocolHeader = tomcatProperties.getProtocolHeader(); String protocolHeader = tomcatProperties.getProtocolHeader();
......
spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
View file @ 1fee797a
...@@ -127,6 +127,8 @@ class ServerPropertiesTests { ...@@ -127,6 +127,8 @@ class ServerPropertiesTests {
map.put("server.tomcat.remote-ip-header", "Remote-Ip"); map.put("server.tomcat.remote-ip-header", "Remote-Ip");
map.put("server.tomcat.internal-proxies", "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}"); map.put("server.tomcat.internal-proxies", "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
map.put("server.tomcat.background-processor-delay", "10"); map.put("server.tomcat.background-processor-delay", "10");
map.put("server.tomcat.relaxed-path-chars", "|");
map.put("server.tomcat.relaxed-query-chars", "^^");
bind(map); bind(map);
ServerProperties.Tomcat tomcat = this.properties.getTomcat(); ServerProperties.Tomcat tomcat = this.properties.getTomcat();
Accesslog accesslog = tomcat.getAccesslog(); Accesslog accesslog = tomcat.getAccesslog();
...@@ -146,6 +148,8 @@ class ServerPropertiesTests { ...@@ -146,6 +148,8 @@ class ServerPropertiesTests {
assertThat(tomcat.getProtocolHeader()).isEqualTo("X-Forwarded-Protocol"); assertThat(tomcat.getProtocolHeader()).isEqualTo("X-Forwarded-Protocol");
assertThat(tomcat.getInternalProxies()).isEqualTo("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}"); assertThat(tomcat.getInternalProxies()).isEqualTo("10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}");
assertThat(tomcat.getBackgroundProcessorDelay()).isEqualTo(Duration.ofSeconds(10)); assertThat(tomcat.getBackgroundProcessorDelay()).isEqualTo(Duration.ofSeconds(10));
assertThat(tomcat.getRelaxedPathChars()).isEqualTo("|");
assertThat(tomcat.getRelaxedQueryChars()).isEqualTo("^^");
} }
@Test @Test
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment