You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@accumulo.apache.org by ct...@apache.org on 2015/05/26 22:57:22 UTC
[2/6] accumulo git commit: ACCUMULO-3460 Disable HTTP TRACE in
embedded Jetty
ACCUMULO-3460 Disable HTTP TRACE in embedded Jetty
Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/de2763e4
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/de2763e4
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/de2763e4
Branch: refs/heads/1.7
Commit: de2763e47f969a34317ab650403cb260996902c5
Parents: 2590322
Author: Christopher Tubbs <ct...@apache.org>
Authored: Tue May 26 14:09:19 2015 -0400
Committer: Christopher Tubbs <ct...@apache.org>
Committed: Tue May 26 15:48:20 2015 -0400
----------------------------------------------------------------------
.../accumulo/monitor/EmbeddedWebServer.java | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/accumulo/blob/de2763e4/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
----------------------------------------------------------------------
diff --git a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java b/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
index af91136..41890e8 100644
--- a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
+++ b/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
@@ -21,11 +21,14 @@ import javax.servlet.http.HttpServlet;
import org.apache.accumulo.core.conf.AccumuloConfiguration;
import org.apache.accumulo.core.conf.Property;
import org.apache.commons.lang.StringUtils;
+import org.eclipse.jetty.security.ConstraintMapping;
+import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.nio.SelectChannelConnector;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.ssl.SslContextFactory;
public class EmbeddedWebServer {
@@ -76,13 +79,28 @@ public class EmbeddedWebServer {
connector.setHost(host);
connector.setPort(port);
- handler = new ServletContextHandler(server, "/", new SessionHandler(), null, null, null);
+ handler = new ServletContextHandler(server, "/", new SessionHandler(), new ConstraintSecurityHandler(), null, null);
+ disableTrace("/");
}
public void addServlet(Class<? extends HttpServlet> klass, String where) {
handler.addServlet(klass, where);
}
+ private void disableTrace(String where) {
+ Constraint constraint = new Constraint();
+ constraint.setName("Disable TRACE");
+ constraint.setAuthenticate(true); // require auth, but no roles defined, so it'll never match
+
+ ConstraintMapping mapping = new ConstraintMapping();
+ mapping.setConstraint(constraint);
+ mapping.setMethod("TRACE");
+ mapping.setPathSpec(where);
+
+ ConstraintSecurityHandler security = (ConstraintSecurityHandler) handler.getSecurityHandler();
+ security.addConstraintMapping(mapping);
+ }
+
public int getPort() {
return connector.getLocalPort();
}