java 删除 Jetty 9 中的 HTTP Server 标头
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15652902/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Remove the HTTP Server header in Jetty 9
提问by Jacob
This is how you hide the server version in Jetty 8:
这是在 Jetty 8 中隐藏服务器版本的方式:
Server server = new Server(port);
server.setSendServerVersion(false);
How do you do it in Jetty 9? So now it should look something like this?
你如何在 Jetty 9 中做到这一点?所以现在它应该看起来像这样?
HttpConfiguration config = new HttpConfiguration();
config.setSendServerVersion(false);
//TODO: Associate config with server???
Server server = new Server(port);
回答by djschny
In Jetty 9, you need to configure it on HttpConfiguration:
在 Jetty 9 中,需要在 HttpConfiguration 上进行配置:
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSendServerVersion( false );
HttpConnectionFactory httpFactory = new HttpConnectionFactory( httpConfig );
ServerConnector httpConnector = new ServerConnector( server,httpFactory );
server.setConnectors( new Connector[] { httpConnector } );
回答by Jacob
If worked out some code that seems to work. Not sure if its right, but at least it works (:
如果计算出一些似乎有效的代码。不确定它是否正确,但至少它有效(:
Server server = new Server(port);
for(Connector y : server.getConnectors()) {
for(ConnectionFactory x : y.getConnectionFactories()) {
if(x instanceof HttpConnectionFactory) {
((HttpConnectionFactory)x).getHttpConfiguration().setSendServerVersion(false);
}
}
}
回答by Tarator
If you use jetty9 as a standalone server you can disable the server signature by setting jetty.httpConfig.sendServerVersion=falsein the file start.ini.
如果您使用 jetty9 作为独立服务器,您可以通过jetty.httpConfig.sendServerVersion=false在文件中设置来禁用服务器签名start.ini。
回答by jesse mcconnell
There is now an HttpConfiguration object with that setting on it.
现在有一个带有该设置的 HttpConfiguration 对象。
org.eclipse.jetty.server.HttpConfiguration
org.eclipse.jetty.server.HttpConfiguration
Look to the jetty.xml for the section on http configuration section showing how to setup the object and then the jetty-http.xml file which shows how that configuration is used. Remember that the jetty xml files are really just a thin skin over java and work basically the same.
查看 jetty.xml 中关于 http 配置部分的部分,显示如何设置对象,然后是 jetty-http.xml 文件,显示如何使用该配置。请记住,jetty xml 文件实际上只是 java 的一个薄皮,并且工作原理基本相同。
回答by EricJ
Some security analysis software will flag sending the server version in the response header as an issue.
一些安全分析软件会将响应标头中的服务器版本发送标记为问题。
OP was looking for solution for embedded, but if your Jetty deployment uses the server.ini file, you can simply set jetty.send.server.version=false
OP 正在寻找嵌入式解决方案,但如果您的 Jetty 部署使用 server.ini 文件,您只需设置 jetty.send.server.version=false
回答by Krzysztof Tomaszewski
Lambda-style variant of Jacob's solution (which worked for me):
Jacob 解决方案的 Lambda 风格变体(对我有用):
final Server server = new Server(port);
Stream.of(server.getConnectors()).flatMap(connector -> connector.getConnectionFactories().stream())
.filter(connFactory -> connFactory instanceof HttpConnectionFactory)
.forEach(httpConnFactory -> ((HttpConnectionFactory)httpConnFactory).getHttpConfiguration().setSendServerVersion(false));
回答by u6856342
in jetty9.2, change this config to falsein start.ini
in jetty9.2,将此配置更改为falseinstart.ini
# should jetty send the server version header?
jetty.send.server.version=true
