[2/6] accumulo git commit: ACCUMULO-3460 Disable HTTP TRACE in embedded Jetty

Tue, 26 May 2015 13:58:29 -0700 

ACCUMULO-3460 Disable HTTP TRACE in embedded Jetty


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/de2763e4
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/de2763e4
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/de2763e4

Branch: refs/heads/1.7
Commit: de2763e47f969a34317ab650403cb260996902c5
Parents: 2590322
Author: Christopher Tubbs <ctubb...@apache.org>
Authored: Tue May 26 14:09:19 2015 -0400
Committer: Christopher Tubbs <ctubb...@apache.org>
Committed: Tue May 26 15:48:20 2015 -0400

----------------------------------------------------------------------
 .../accumulo/monitor/EmbeddedWebServer.java     | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/de2763e4/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
----------------------------------------------------------------------
diff --git 
a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
 
b/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
index af91136..41890e8 100644
--- 
a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
+++ 
b/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
@@ -21,11 +21,14 @@ import javax.servlet.http.HttpServlet;
 import org.apache.accumulo.core.conf.AccumuloConfiguration;
 import org.apache.accumulo.core.conf.Property;
 import org.apache.commons.lang.StringUtils;
+import org.eclipse.jetty.security.ConstraintMapping;
+import org.eclipse.jetty.security.ConstraintSecurityHandler;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.nio.SelectChannelConnector;
 import org.eclipse.jetty.server.session.SessionHandler;
 import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
 import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.util.security.Constraint;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 
 public class EmbeddedWebServer {
@@ -76,13 +79,28 @@ public class EmbeddedWebServer {
     connector.setHost(host);
     connector.setPort(port);
 
-    handler = new ServletContextHandler(server, "/", new SessionHandler(), 
null, null, null);
+    handler = new ServletContextHandler(server, "/", new SessionHandler(), new 
ConstraintSecurityHandler(), null, null);
+    disableTrace("/");
   }
 
   public void addServlet(Class<? extends HttpServlet> klass, String where) {
     handler.addServlet(klass, where);
   }
 
+  private void disableTrace(String where) {
+    Constraint constraint = new Constraint();
+    constraint.setName("Disable TRACE");
+    constraint.setAuthenticate(true); // require auth, but no roles defined, 
so it'll never match
+
+    ConstraintMapping mapping = new ConstraintMapping();
+    mapping.setConstraint(constraint);
+    mapping.setMethod("TRACE");
+    mapping.setPathSpec(where);
+
+    ConstraintSecurityHandler security = (ConstraintSecurityHandler) 
handler.getSecurityHandler();
+    security.addConstraintMapping(mapping);
+  }
+
   public int getPort() {
     return connector.getLocalPort();
   }

Reply via email to