hadoop git commit: HADOOP-12584. Disable browsing the static directory in HttpServer2. Contributed by Robert Kanter.

[aa...@apache.org]

Repository: hadoop
Updated Branches:
  refs/heads/trunk 103d3cfc4 -> 56b9500bb


HADOOP-12584. Disable browsing the static directory in HttpServer2. Contributed by Robert Kanter.


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/56b9500b
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/56b9500b
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/56b9500b

Branch: refs/heads/trunk
Commit: 56b9500bbd44b79c3c3be84a17c97502f923c6f8
Parents: 103d3cf
Author: Akira Ajisaka <aa...@apache.org>
Authored: Tue Jan 12 13:30:58 2016 +0900
Committer: Akira Ajisaka <aa...@apache.org>
Committed: Tue Jan 12 13:34:18 2016 +0900

----------------------------------------------------------------------
 hadoop-common-project/hadoop-common/CHANGES.txt                  | 3 +++
 .../src/main/java/org/apache/hadoop/http/HttpServer2.java        | 3 +++
 .../src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java  | 4 +---
 3 files changed, 7 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/56b9500b/hadoop-common-project/hadoop-common/CHANGES.txt
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt
index 00bef28..6357a09 100644
--- a/hadoop-common-project/hadoop-common/CHANGES.txt
+++ b/hadoop-common-project/hadoop-common/CHANGES.txt
@@ -1583,6 +1583,9 @@ Release 2.8.0 - UNRELEASED
     HADOOP-12551. Introduce FileNotFoundException for WASB FileSystem API
     (Dushyanth via cnauroth)
 
+    HADOOP-12584. Disable browsing the static directory in HttpServer2.
+    (Robert Kanter via aajisaka)
+
 Release 2.7.3 - UNRELEASED
 
   INCOMPATIBLE CHANGES

http://git-wip-us.apache.org/repos/asf/hadoop/blob/56b9500b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
----------------------------------------------------------------------
diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
index b134ba6..458b65d 100644
--- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
+++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
@@ -543,6 +543,9 @@ public final class HttpServer2 implements FilterContainer {
     staticContext.setResourceBase(appDir + "/static");
     staticContext.addServlet(DefaultServlet.class, "/*");
     staticContext.setDisplayName("static");
+    @SuppressWarnings("unchecked")
+    Map<String, String> params = staticContext.getInitParams();
+    params.put("org.mortbay.jetty.servlet.Default.dirAllowed", "false");
     SessionHandler handler = new SessionHandler();
     SessionManager sm = handler.getSessionManager();
     if (sm instanceof AbstractSessionManager) {

http://git-wip-us.apache.org/repos/asf/hadoop/blob/56b9500b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java
----------------------------------------------------------------------
diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java
index 6eaeb2b..acec205 100644
--- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java
+++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java
@@ -261,7 +261,7 @@ public class TestWebApp {
   }
 
   // This is to test the GuiceFilter should only be applied to webAppContext,
-  // not to staticContext  and logContext;
+  // not to logContext;
   @Test public void testYARNWebAppContext() throws Exception {
     // setting up the log context
     System.setProperty("hadoop.log.dir", "/Not/Existing/dir");
@@ -272,8 +272,6 @@ public class TestWebApp {
     });
     String baseUrl = baseUrl(app);
     try {
-      // should not redirect to foo
-      assertFalse("foo".equals(getContent(baseUrl +"static").trim()));
       // Not able to access a non-existing dir, should not redirect to foo.
       assertEquals(404, getResponseCode(baseUrl +"logs"));
       // should be able to redirect to foo.