You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by zh...@apache.org on 2018/04/23 08:12:17 UTC
[26/50] [abbrv] hbase git commit: Revert "HBase Thrift HTTP -
Shouldn't handle TRACE/OPTIONS methods"
Revert "HBase Thrift HTTP - Shouldn't handle TRACE/OPTIONS methods"
This reverts commit 273d252838e96c4b4af2401743d84e482c4ec565.
missing jira id
Project: http://git-wip-us.apache.org/repos/asf/hbase/repo
Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/eb3f5b28
Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/eb3f5b28
Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/eb3f5b28
Branch: refs/heads/HBASE-19064
Commit: eb3f5b2812cfe030690d5d22755f7809566d31a6
Parents: e5fb332
Author: Sean Busbey <bu...@apache.org>
Authored: Fri Apr 20 22:41:50 2018 -0500
Committer: Sean Busbey <bu...@apache.org>
Committed: Fri Apr 20 22:41:50 2018 -0500
----------------------------------------------------------------------
.../hadoop/hbase/http/TestHttpServer.java | 13 ++----------
.../hadoop/hbase/thrift/ThriftServerRunner.java | 2 --
.../hbase/thrift/TestThriftHttpServer.java | 21 ++++----------------
3 files changed, 6 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/hbase/blob/eb3f5b28/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
----------------------------------------------------------------------
diff --git a/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java b/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
index 10553da..16350d5 100644
--- a/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
+++ b/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java
@@ -605,6 +605,8 @@ public class TestHttpServer extends HttpServerFunctionalTest {
myServer.stop();
}
+
+
@Test
public void testNoCacheHeader() throws Exception {
URL url = new URL(baseUrl, "/echo?a=b&c=d");
@@ -617,15 +619,4 @@ public class TestHttpServer extends HttpServerFunctionalTest {
assertEquals(conn.getHeaderField("Expires"), conn.getHeaderField("Date"));
assertEquals("DENY", conn.getHeaderField("X-Frame-Options"));
}
-
- @Test
- public void testHttpMethods() throws Exception {
- // HTTP TRACE method should be disabled for security
- // See https://www.owasp.org/index.php/Cross_Site_Tracing
- URL url = new URL(baseUrl, "/echo?a=b");
- HttpURLConnection conn = (HttpURLConnection) url.openConnection();
- conn.setRequestMethod("TRACE");
- conn.connect();
- assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
- }
}
http://git-wip-us.apache.org/repos/asf/hbase/blob/eb3f5b28/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
----------------------------------------------------------------------
diff --git a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
index 28ba28a..39ea259 100644
--- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
+++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java
@@ -79,7 +79,6 @@ import org.apache.hadoop.hbase.filter.Filter;
import org.apache.hadoop.hbase.filter.ParseFilter;
import org.apache.hadoop.hbase.filter.PrefixFilter;
import org.apache.hadoop.hbase.filter.WhileMatchFilter;
-import org.apache.hadoop.hbase.http.HttpServerUtil;
import org.apache.hadoop.hbase.log.HBaseMarkers;
import org.apache.hadoop.hbase.security.SaslUtil;
import org.apache.hadoop.hbase.security.SaslUtil.QualityOfProtection;
@@ -449,7 +448,6 @@ public class ThriftServerRunner implements Runnable {
ServletContextHandler ctxHandler = new ServletContextHandler(httpServer, "/",
ServletContextHandler.SESSIONS);
ctxHandler.addServlet(new ServletHolder(thriftHttpServlet), "/*");
- HttpServerUtil.constrainHttpMethods(ctxHandler);
// set up Jetty and run the embedded server
HttpConfiguration httpConfig = new HttpConfiguration();
http://git-wip-us.apache.org/repos/asf/hbase/blob/eb3f5b28/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
----------------------------------------------------------------------
diff --git a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
index 6117953..d583234 100644
--- a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
+++ b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java
@@ -21,8 +21,6 @@ import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.fail;
-import java.net.HttpURLConnection;
-import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import org.apache.hadoop.conf.Configuration;
@@ -40,7 +38,6 @@ import org.apache.thrift.protocol.TProtocol;
import org.apache.thrift.transport.THttpClient;
import org.apache.thrift.transport.TTransportException;
import org.junit.AfterClass;
-import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Rule;
@@ -174,10 +171,8 @@ public class TestThriftHttpServer {
Thread.sleep(100);
}
- String url = "http://"+ HConstants.LOCALHOST + ":" + port;
try {
- checkHttpMethods(url);
- talkToThriftServer(url, customHeaderSize);
+ talkToThriftServer(customHeaderSize);
} catch (Exception ex) {
clientSideException = ex;
} finally {
@@ -194,19 +189,11 @@ public class TestThriftHttpServer {
}
}
- private void checkHttpMethods(String url) throws Exception {
- // HTTP TRACE method should be disabled for security
- // See https://www.owasp.org/index.php/Cross_Site_Tracing
- HttpURLConnection conn = (HttpURLConnection) new URL(url).openConnection();
- conn.setRequestMethod("TRACE");
- conn.connect();
- Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
- }
-
private static volatile boolean tableCreated = false;
- private void talkToThriftServer(String url, int customHeaderSize) throws Exception {
- THttpClient httpClient = new THttpClient(url);
+ private void talkToThriftServer(int customHeaderSize) throws Exception {
+ THttpClient httpClient = new THttpClient(
+ "http://"+ HConstants.LOCALHOST + ":" + port);
httpClient.open();
if (customHeaderSize > 0) {