- bounty将在2天后过期**。回答此问题可获得+50声望奖励。Jay Blanchard希望引起更多人关注此问题。
我已经阅读了其他几个答案,并尝试了几个建议,但无论我在这一点上尝试了什么,我都无法排除OPTIONS作为在Docker容器中运行的TOMEE/TOMCAT的允许http方法。
web.xml文件位于/usr/local/tomee/webapps/ROOT/WEB-INF目录中:
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1">
<resource-ref id="dataSource-appDB">
<res-ref-name>jdbc/app</res-ref-name>
<mapped-name>java:comp/env/jdbc/app</mapped-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Shareable</res-sharing-scope>
</resource-ref>
<error-page>
<exception-type>org.springframework.security.web.firewall.RequestRejectedException</exception-type>
<location>/errors/400</location>
</error-page>
<error-page>
<exception-type>java.lang.IllegalArgumentException</exception-type>
<location>/errors/400</location>
</error-page>
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/v1/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
</security-constraint>
</web-app>当我为允许的http方法cURL一个端点时,OPTIONS仍然存在:
>curl -i --request-target "*" -X OPTIONS http://localhost/v1/healthcheck.html
HTTP/1.1 200
Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS
Content-Length: 0
Date: Fri, 06 Jan 2023 16:00:14 GMT
Server: no information我试过在有/没有<auth-constraint />的情况下运行,得到了相同的结果。
下面是运行容器的Dockerfile:
FROM amazoncorretto:11-alpine-jdk
ENV PATH /usr/local/tomee/bin:$PATH
RUN mkdir -p /usr/local/tomee
ENV TZ America/New_York
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ /etc/timezone
WORKDIR /usr/local/tomee
# add the things we need to build the image
RUN apk update \
&& apk add sudo \
&& apk add tar \
&& apk add gpg \
&& apk add curl \
&& apk add gpg-agent \
&& apk add bash
# add the users and sudo for the security scanner
RUN adduser -S tomee
RUN addgroup tomee \
&& addgroup tomee tomee
RUN addgroup sudo \
&& addgroup tomee sudo
RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
# download and import the GPG keys
RUN set -x \
&& curl -fsSL 'https://www.apache.org/dist/tomee/KEYS' -o GPG_KEYS | awk -F ' = ' '$1 ~ /^ +Key fingerprint$/ { gsub(" ", "", $2); print $2 }' | sort -u \
&& gpg --import GPG_KEYS
# verify keys
RUN set -xe \
&& for key in $GPG_KEYS; do \
gpg --batch --keyserver hkp://keyserver.ubuntu.com --recv-keys "$key" || \
gpg --batch --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys "$key" ; \
done
# TOMEE variables
# Apache changes the version from time to time and removes the old version.
# When they do that, you have to go to https://dist.apache.org/repos/dist/release/tomee/ to what see version is available
# then match that here
ENV TOMEE_VER 8.0.13
ENV TOMEE_BUILD webprofile
# set up Apache/TOMEE
RUN set -x \
&& curl -fSL https://dist.apache.org/repos/dist/release/tomee/tomee-${TOMEE_VER}/apache-tomee-${TOMEE_VER}-${TOMEE_BUILD}.tar.gz.asc -o tomee.tar.gz.asc \
&& curl -fSL https://dist.apache.org/repos/dist/release/tomee/tomee-${TOMEE_VER}/apache-tomee-${TOMEE_VER}-${TOMEE_BUILD}.tar.gz -o tomee.tar.gz \
&& gpg --batch --verify tomee.tar.gz.asc tomee.tar.gz \
&& tar -zxf tomee.tar.gz \
&& mv apache-tomee-${TOMEE_BUILD}-${TOMEE_VER}/* /usr/local/tomee \
&& rm -Rf apache-tomee-${TOMEE_BUILD}-${TOMEE_VER} \
&& rm -Rf /usr/local/tomee/webapps/docs \
&& rm bin/*.bat \
&& rm tomee.tar.gz* \
&& chown -R tomee:tomee /usr/local/tomee
# put everything in the right place with the correct permissions
COPY $PWD/server.xml /usr/local/tomee/conf/
RUN chown -R tomee:tomee /usr/local/tomee/conf
COPY $PWD/app-war/target/app/META-INF/ /usr/local/tomee/webapps/ROOT/META-INF/
COPY $PWD/app-war/target/app/WEB-INF/ /usr/local/tomee/webapps/ROOT/WEB-INF/
COPY $PWD/app-war/target/app.war /usr/local/tomee/webapps/ROOT.war
RUN chown -R tomee:tomee /usr/local/tomee/webapps/
USER tomee
EXPOSE 8080
CMD ["catalina.sh", "run"]我用docker-compose启动容器:
version: "3.0"
services:
app-internal:
image: job/app-internal:0.0.1500
container_name: app-internal
ports:
- "80:8080"
environment:
- SPRING_PROFILES_ACTIVE=l1,app-internal
- JBOSS_ENV=l1
- PLATFORM_ENV=aws
- DEV_ENV=local
- JAVA_OPTS=-Xmn100m -Xmx1024m -Xms1024m我错过了什么明显的东西吗?
1条答案
按热度按时间flseospp1#
<security-constraint>不影响OPTIONS重放中的“允许”标题。Allow头基于servlet中onX处理程序的存在,它在HttpServlet.doOptions中实现。
从Java™ Servlet规范2.5版:
OPTIONS请求确定服务器支持哪些HTTP方法并返回相应的标头。例如,如果servlet覆盖doGet,则此方法返回以下标头:
允许:获取、标题、跟踪、选项