Configure ErrorReportValve not to report stack traces

panchenko · wilkinsona · commit 29736e340e4b · 2018-01-29T17:23:49.000Z
See gh-11790
diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
@@ -36,7 +36,9 @@
 import org.apache.catalina.Context;
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.valves.AccessLogValve;
+import org.apache.catalina.valves.ErrorReportValve;
 import org.apache.catalina.valves.RemoteIpValve;
+import org.apache.commons.logging.LogFactory;
 import org.apache.coyote.AbstractProtocol;
 import org.apache.coyote.ProtocolHandler;
 import org.apache.coyote.http11.AbstractHttp11Protocol;
@@ -859,6 +861,25 @@ void customizeTomcat(ServerProperties serverProperties,
 			if (!ObjectUtils.isEmpty(this.additionalTldSkipPatterns)) {
 				factory.getTldSkipPatterns().addAll(this.additionalTldSkipPatterns);
 			}
+			if (serverProperties.getError().getIncludeStacktrace() == ErrorProperties.IncludeStacktrace.NEVER) {
+				factory.addContextCustomizers(new TomcatContextCustomizer() {
+					@Override
+					public void customize(Context context) {
+						// org.apache.catalina.core.StandardHost() adds ErrorReportValve
+						// with default options if not there yet, so adding a properly
+						// configured one.
+						ErrorReportValve valve = new ErrorReportValve();
+						valve.setShowServerInfo(false); // disable server name and version
+						valve.setShowReport(false); // disable exception
+						if (context.getParent() != null) {
+							context.getParent().getPipeline().addValve(valve);
+						} else {
+							LogFactory.getLog(context.getClass()).warn("Parent of " + context
+									+ " is not set, skip ErrorReportValve configuration");
+						}
+					}
+				});
+			}
 		}
 
 		private void customizeAcceptCount(TomcatEmbeddedServletContainerFactory factory) {
diff --git a/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java b/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java
@@ -231,8 +231,8 @@ public void lifecycleEvent(LifecycleEvent event) {
 
 		});
 		ServletContextInitializer[] initializersToUse = mergeInitializers(initializers);
-		configureContext(context, initializersToUse);
 		host.addChild(context);
+		configureContext(context, initializersToUse);
 		postProcessContext(context);
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -231,8 +231,8 @@ public void lifecycleEvent(LifecycleEvent event) {`
`231`	`231`
`232`	`232`	`});`
`233`	`233`	`ServletContextInitializer[] initializersToUse = mergeInitializers(initializers);`
`234`		`- configureContext(context, initializersToUse);`
`235`	`234`	`host.addChild(context);`
	`235`	`+ configureContext(context, initializersToUse);`
`236`	`236`	`postProcessContext(context);`
`237`	`237`	`}`
`238`	`238`