今天我们系统被扫出使用不安全的http方法了,结果到网上找了一圈,有很多方法,但是都不是很好用,终于被我找出一个比较好的了 原文地址 这篇文章讲的很详细,
贴上我的代码


package com.*.*.*.config;

import lombok.extern.log4j.Log4j2;
import org.apache.tomcat.util.descriptor.web.SecurityCollection;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;


/**
 * @author zale.
 * tomcat 配置
 */
@Configuration
public class TomcatConfig {
    @Bean
    public TomcatServletWebServerFactory tomcatServletWebServerFactory() {

        TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
        // 关闭TRACE
        factory.addConnectorCustomizers(connector -> {
            connector.setAllowTrace(true);
        });
        factory.addContextCustomizers(context -> {
            SecurityConstraint securityConstraint = new SecurityConstraint();
            securityConstraint.setUserConstraint("CONFIDENTIAL");

            SecurityCollection securityCollection = new SecurityCollection();
            securityCollection.addPattern("/*");
            securityCollection.addMethod("PUT");
            securityCollection.addMethod("HEAD");
            securityCollection.addMethod("DELETE");
            securityCollection.addMethod("OPTIONS");
            securityCollection.addMethod("TRACE");
            securityCollection.addMethod("PATCH");

            securityConstraint.addCollection(securityCollection);
            context.addConstraint(securityConstraint);
        });

        return factory;
    }
}