You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hive.apache.org by ra...@apache.org on 2020/06/02 03:06:29 UTC
[hive] branch master updated: HIVE-23498: Disable HTTP Trace method
on ThriftHttpCliService (Rajkumar Singh, reviewed by Naveen Gangam)
This is an automated email from the ASF dual-hosted git repository.
rajksingh pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git
The following commit(s) were added to refs/heads/master by this push:
new 4cc3ae9 HIVE-23498: Disable HTTP Trace method on ThriftHttpCliService (Rajkumar Singh, reviewed by Naveen Gangam)
4cc3ae9 is described below
commit 4cc3ae97d48b359a47c3608c7b307c58233e088d
Author: Rajkumar Singh <ra...@apache.org>
AuthorDate: Mon Jun 1 20:05:12 2020 -0700
HIVE-23498: Disable HTTP Trace method on ThriftHttpCliService (Rajkumar Singh, reviewed by Naveen Gangam)
---
.../service/cli/thrift/ThriftHttpCLIService.java | 26 ++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java
index 6652668..8524c12 100644
--- a/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java
+++ b/service/src/java/org/apache/hive/service/cli/thrift/ThriftHttpCLIService.java
@@ -45,6 +45,8 @@ import org.apache.thrift.protocol.TProtocolFactory;
import org.apache.thrift.server.TServlet;
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.io.EndPoint;
+import org.eclipse.jetty.security.ConstraintMapping;
+import org.eclipse.jetty.security.ConstraintSecurityHandler;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
@@ -53,6 +55,7 @@ import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
+import org.eclipse.jetty.util.security.Constraint;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.ExecutorThreadPool;
@@ -192,6 +195,7 @@ public class ThriftHttpCLIService extends ThriftCLIService {
server.setHandler(context);
}
context.addServlet(new ServletHolder(thriftHttpServlet), httpPath);
+ constrainHttpMethods(context, false);
// TODO: check defaults: maxTimeout, keepalive, maxBodySize,
// bodyRecieveDuration, etc.
@@ -269,6 +273,28 @@ public class ThriftHttpCLIService extends ThriftCLIService {
return httpPath;
}
+ public void constrainHttpMethods(ServletContextHandler ctxHandler, boolean allowOptionsMethod) {
+ Constraint c = new Constraint();
+ c.setAuthenticate(true);
+
+ ConstraintMapping cmt = new ConstraintMapping();
+ cmt.setConstraint(c);
+ cmt.setMethod("TRACE");
+ cmt.setPathSpec("/*");
+
+ ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
+ if (!allowOptionsMethod) {
+ ConstraintMapping cmo = new ConstraintMapping();
+ cmo.setConstraint(c);
+ cmo.setMethod("OPTIONS");
+ cmo.setPathSpec("/*");
+ securityHandler.setConstraintMappings(new ConstraintMapping[] {cmt, cmo});
+ } else {
+ securityHandler.setConstraintMappings(new ConstraintMapping[] {cmt});
+ }
+ ctxHandler.setSecurityHandler(securityHandler);
+ }
+
@Override
protected void stopServer() {
if((server != null) && server.isStarted()) {