Enable configuration of Undertow listener attributes (disallowed-methods, record-request-start-time, max-parameters)

[mathias82]

Description

Description

The Undertow listener exposes several useful attributes such as:

• disallowed-methods
• record-request-start-time
• max-parameters

These attributes are available in Undertow, but Quarkus currently does not expose them via configuration when using the Undertow extension.

Request

Expose these Undertow listener attributes as Quarkus configuration properties, similar to how other Undertow-related settings are already exposed.

Proposed examples:

quarkus.undertow.listener.disallowed-methods=TRACE,TRACK
quarkus.undertow.listener.record-request-start-time=true
quarkus.undertow.listener.max-parameters=1000

Motivation

These settings provide:

• Better security hardening (e.g. disallow TRACE)
• Improved logging/observability (record request start time)
• Protection against parameter-based DoS attacks (max-parameters)

Additional notes

I'm willing to contribute the implementation for this feature.
Please let me know if the proposed config structure and property names align with project expectations.

Implementation ideas

No response

[quarkus-bot]

/cc @radcortez (config)

[mathias82]

Hi, thanks for merging #51181.

This PR started before that one, but since those changes are already merged, this PR now acts as a follow-up which adds the missing pieces:

Tests for disallowed-methods, record-request-start-time and max-parameters

Documentation in the Undertow servlet section

Small improvements (such as trimming list items and defensive checks)

If you prefer, I can split this into separate PRs (tests / docs), but I believe it’s cleaner to keep them together.
Let me know if I should rebase or adjust anything.

#51182