root
/
spring-boot
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Disable suffix pattern matching for Endpoints

Browse Source 
Update EndpointHandlerMapping so that setUseSuffixPatternMatch is set
to false. This prevents URLs of the form /beans.json from returning
results and provides another line of defense against RDF attacks.

Fixes gh-4402
pull/4446/head
Phillip Webb 9 years ago
parent 10d407a516
commit 09b5222f52
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
spring-boot-actuator/src/main/java/org/springframework/boot/actuate/endpoint/mvc/EndpointHandlerMapping.java
Unescape Escape View File

@ -80,6 +80,7 @@ public class EndpointHandlerMapping extends RequestMappingHandlerMapping {
CorsConfiguration corsConfiguration) { CorsConfiguration corsConfiguration) {
this.endpoints = new HashSet<MvcEndpoint>(endpoints); this.endpoints = new HashSet<MvcEndpoint>(endpoints);
this.corsConfiguration = corsConfiguration; this.corsConfiguration = corsConfiguration;
setUseSuffixPatternMatch(false);
// By default the static resource handler mapping is LOWEST_PRECEDENCE - 1 // By default the static resource handler mapping is LOWEST_PRECEDENCE - 1
// and the RequestMappingHandlerMapping is 0 (we ideally want to be before both) // and the RequestMappingHandlerMapping is 0 (we ideally want to be before both)
setOrder(-100); setOrder(-100);

Write Preview
Loading…
Cancel
Save