From baab2eff89ef00776a36099818fd085d556421f9 Mon Sep 17 00:00:00 2001 From: Wellington Chevreuil Date: Tue, 2 Oct 2018 17:52:21 +0100 Subject: [PATCH] simple solution for disabling TRACE methods on Thrift HTTP --- .../hbase/thrift/ThriftServerRunner.java | 4 ++- .../hbase/thrift/TestThriftHttpServer.java | 35 +++++++++++++++---- 2 files changed, 32 insertions(+), 7 deletions(-) diff --git a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java index b25d5bf3aa..e82200d32f 100644 --- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java +++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java @@ -129,6 +129,7 @@ import org.mortbay.jetty.Server; import org.mortbay.jetty.nio.SelectChannelConnector; import org.mortbay.jetty.servlet.Context; import org.mortbay.jetty.servlet.ServletHolder; +import org.mortbay.jetty.webapp.WebAppContext; import org.mortbay.thread.QueuedThreadPool; import com.google.common.base.Joiner; @@ -411,8 +412,9 @@ public class ThriftServerRunner implements Runnable { httpServer = new Server(); // Context handler - Context context = new Context(httpServer, "/", Context.SESSIONS); + Context context = new WebAppContext(); context.setContextPath("/"); + context.setResourceBase("hbase-webapps/"); String httpPath = "/*"; httpServer.setHandler(context); context.addServlet(new ServletHolder(thriftHttpServlet), httpPath); diff --git a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java index cf14e8731e..090e3d621a 100644 --- a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java +++ b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java @@ -18,10 +18,13 @@ */ package org.apache.hadoop.hbase.thrift; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNull; import static org.junit.Assert.fail; +import java.net.HttpURLConnection; +import java.net.URL; import java.util.ArrayList; import java.util.List; @@ -149,6 +152,31 @@ public class TestThriftHttpServer { runThriftServer(0); } + @Test + public void testThriftServerHttpTraceDisabled() throws Exception { + final int httpPort = HBaseTestingUtility.randomFreePort(); + thriftServer = new ThriftServer(TEST_UTIL.getConfiguration()); + try { + startHttpServerThread(new String[] { "-port", String.valueOf(httpPort), "start" }); + waitThriftServerStartup(); + final URL url = new URL("http://localhost:" + httpPort); + final HttpURLConnection httpConn = (HttpURLConnection) url.openConnection(); + httpConn.setRequestMethod("TRACE"); + assertEquals(HttpURLConnection.HTTP_FORBIDDEN, httpConn.getResponseCode()); + } finally { + stopHttpServerThread(); + } + } + + private void waitThriftServerStartup() throws Exception{ + // wait up to 10s for the server to start + for (int i = 0; i < 100 + && ( thriftServer.serverRunner == null || thriftServer.serverRunner.httpServer == + null); i++) { + Thread.sleep(100); + } + } + private void runThriftServer(int customHeaderSize) throws Exception { List args = new ArrayList(); port = HBaseTestingUtility.randomFreePort(); @@ -159,12 +187,7 @@ public class TestThriftHttpServer { thriftServer = new ThriftServer(TEST_UTIL.getConfiguration()); startHttpServerThread(args.toArray(new String[args.size()])); - // wait up to 10s for the server to start - for (int i = 0; i < 100 - && ( thriftServer.serverRunner == null || thriftServer.serverRunner.httpServer == - null); i++) { - Thread.sleep(100); - } + waitThriftServerStartup(); try { talkToThriftServer(customHeaderSize); -- 2.17.1 (Apple Git-112)