jetty: disable sending version number

Motivation
----------

Security scans flag dCache application as non-compliant
because it reports Jetty version number

Modification
------------

Disable reporting Jetty version

Result
------

Baseline security compliant

Target: trunk
Request: 10.2, 10.1, 10.0, 9.2
Acked-by: Tigran

Patch: https://rb.dcache.org/r/14383/

Signed-off-by: Dmitry Litvintsev <[email protected]>

Author: DmitryLitvintsev

modules/dcache/src/main/java/org/dcache/util/jetty/ConnectorFactoryBean.java

@@ -308,6 +308,10 @@ public ServerConnector getObject() throws Exception {
         checkState(protocol == PLAIN || certificateAuthorityPath != null);
 
         HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory();
+        /*
+         * disable reporting of Jetty version
+         */
+        httpConnectionFactory.getHttpConfiguration().setSendServerVersion(false);
 
         switch (protocol) {
             case PLAIN:
@@ -362,4 +366,4 @@ public boolean isSingleton() {
     public enum Protocol {
         PLAIN, TLS, GSI
     }
-}
+}