Disable Server header by default when using SSL with Jetty 9

Closes gh-7359
pull/7394/head
Andy Wilkinson 8 years ago
parent 72e696bcbd
commit a1dda12bcb

@ -692,6 +692,7 @@ public class JettyEmbeddedServletContainerFactory
public ServerConnector getConnector(Server server, public ServerConnector getConnector(Server server,
SslContextFactory sslContextFactory, int port) { SslContextFactory sslContextFactory, int port) {
HttpConfiguration config = new HttpConfiguration(); HttpConfiguration config = new HttpConfiguration();
config.setSendServerVersion(false);
config.addCustomizer(new SecureRequestCustomizer()); config.addCustomizer(new SecureRequestCustomizer());
HttpConnectionFactory connectionFactory = new HttpConnectionFactory(config); HttpConnectionFactory connectionFactory = new HttpConnectionFactory(config);
SslConnectionFactory sslConnectionFactory = new SslConnectionFactory( SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(

@ -420,6 +420,41 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
.contains("scheme=https"); .contains("scheme=https");
} }
@Test
public void serverHeaderIsDisabledByDefaultWhenUsingSsl() throws Exception {
AbstractEmbeddedServletContainerFactory factory = getFactory();
factory.setSsl(getSsl(null, "password", "src/test/resources/test.jks"));
this.container = factory.getEmbeddedServletContainer(
new ServletRegistrationBean(new ExampleServlet(true, false), "/hello"));
this.container.start();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
new SSLContextBuilder()
.loadTrustMaterial(null, new TrustSelfSignedStrategy()).build());
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory)
.build();
ClientHttpResponse response = getClientResponse(getLocalUrl("https", "/hello"),
HttpMethod.GET, new HttpComponentsClientHttpRequestFactory(httpClient));
assertThat(response.getHeaders().get("Server")).isNullOrEmpty();
}
@Test
public void serverHeaderCanBeCustomizedWhenUsingSsl() throws Exception {
AbstractEmbeddedServletContainerFactory factory = getFactory();
factory.setServerHeader("MyServer");
factory.setSsl(getSsl(null, "password", "src/test/resources/test.jks"));
this.container = factory.getEmbeddedServletContainer(
new ServletRegistrationBean(new ExampleServlet(true, false), "/hello"));
this.container.start();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
new SSLContextBuilder()
.loadTrustMaterial(null, new TrustSelfSignedStrategy()).build());
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory)
.build();
ClientHttpResponse response = getClientResponse(getLocalUrl("https", "/hello"),
HttpMethod.GET, new HttpComponentsClientHttpRequestFactory(httpClient));
assertThat(response.getHeaders().get("Server")).containsExactly("MyServer");
}
protected final void testBasicSslWithKeyStore(String keyStore) throws Exception { protected final void testBasicSslWithKeyStore(String keyStore) throws Exception {
AbstractEmbeddedServletContainerFactory factory = getFactory(); AbstractEmbeddedServletContainerFactory factory = getFactory();
addTestTxtFile(factory); addTestTxtFile(factory);

Loading…
Cancel
Save