Revert "HBase Thrift HTTP - Shouldn't handle TRACE/OPTIONS methods"
This reverts commit 273d252838e96c4b4af2401743d84e482c4ec565. missing jira id Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/eb3f5b28 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/eb3f5b28 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/eb3f5b28 Branch: refs/heads/master Commit: eb3f5b2812cfe030690d5d22755f7809566d31a6 Parents: e5fb332 Author: Sean Busbey <bus...@apache.org> Authored: Fri Apr 20 22:41:50 2018 -0500 Committer: Sean Busbey <bus...@apache.org> Committed: Fri Apr 20 22:41:50 2018 -0500 ---------------------------------------------------------------------- .../hadoop/hbase/http/TestHttpServer.java | 13 ++---------- .../hadoop/hbase/thrift/ThriftServerRunner.java | 2 -- .../hbase/thrift/TestThriftHttpServer.java | 21 ++++---------------- 3 files changed, 6 insertions(+), 30 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/eb3f5b28/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java ---------------------------------------------------------------------- diff --git a/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java b/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java index 10553da..16350d5 100644 --- a/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java +++ b/hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java @@ -605,6 +605,8 @@ public class TestHttpServer extends HttpServerFunctionalTest { myServer.stop(); } + + @Test public void testNoCacheHeader() throws Exception { URL url = new URL(baseUrl, "/echo?a=b&c=d"); @@ -617,15 +619,4 @@ public class TestHttpServer extends HttpServerFunctionalTest { assertEquals(conn.getHeaderField("Expires"), conn.getHeaderField("Date")); assertEquals("DENY", conn.getHeaderField("X-Frame-Options")); } - - @Test - public void testHttpMethods() throws Exception { - // HTTP TRACE method should be disabled for security - // See https://www.owasp.org/index.php/Cross_Site_Tracing - URL url = new URL(baseUrl, "/echo?a=b"); - HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("TRACE"); - conn.connect(); - assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode()); - } } http://git-wip-us.apache.org/repos/asf/hbase/blob/eb3f5b28/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java ---------------------------------------------------------------------- diff --git a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java index 28ba28a..39ea259 100644 --- a/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java +++ b/hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java @@ -79,7 +79,6 @@ import org.apache.hadoop.hbase.filter.Filter; import org.apache.hadoop.hbase.filter.ParseFilter; import org.apache.hadoop.hbase.filter.PrefixFilter; import org.apache.hadoop.hbase.filter.WhileMatchFilter; -import org.apache.hadoop.hbase.http.HttpServerUtil; import org.apache.hadoop.hbase.log.HBaseMarkers; import org.apache.hadoop.hbase.security.SaslUtil; import org.apache.hadoop.hbase.security.SaslUtil.QualityOfProtection; @@ -449,7 +448,6 @@ public class ThriftServerRunner implements Runnable { ServletContextHandler ctxHandler = new ServletContextHandler(httpServer, "/", ServletContextHandler.SESSIONS); ctxHandler.addServlet(new ServletHolder(thriftHttpServlet), "/*"); - HttpServerUtil.constrainHttpMethods(ctxHandler); // set up Jetty and run the embedded server HttpConfiguration httpConfig = new HttpConfiguration(); http://git-wip-us.apache.org/repos/asf/hbase/blob/eb3f5b28/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java ---------------------------------------------------------------------- diff --git a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java index 6117953..d583234 100644 --- a/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java +++ b/hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java @@ -21,8 +21,6 @@ import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNull; import static org.junit.Assert.fail; -import java.net.HttpURLConnection; -import java.net.URL; import java.util.ArrayList; import java.util.List; import org.apache.hadoop.conf.Configuration; @@ -40,7 +38,6 @@ import org.apache.thrift.protocol.TProtocol; import org.apache.thrift.transport.THttpClient; import org.apache.thrift.transport.TTransportException; import org.junit.AfterClass; -import org.junit.Assert; import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Rule; @@ -174,10 +171,8 @@ public class TestThriftHttpServer { Thread.sleep(100); } - String url = "http://"+ HConstants.LOCALHOST + ":" + port; try { - checkHttpMethods(url); - talkToThriftServer(url, customHeaderSize); + talkToThriftServer(customHeaderSize); } catch (Exception ex) { clientSideException = ex; } finally { @@ -194,19 +189,11 @@ public class TestThriftHttpServer { } } - private void checkHttpMethods(String url) throws Exception { - // HTTP TRACE method should be disabled for security - // See https://www.owasp.org/index.php/Cross_Site_Tracing - HttpURLConnection conn = (HttpURLConnection) new URL(url).openConnection(); - conn.setRequestMethod("TRACE"); - conn.connect(); - Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode()); - } - private static volatile boolean tableCreated = false; - private void talkToThriftServer(String url, int customHeaderSize) throws Exception { - THttpClient httpClient = new THttpClient(url); + private void talkToThriftServer(int customHeaderSize) throws Exception { + THttpClient httpClient = new THttpClient( + "http://"+ HConstants.LOCALHOST + ":" + port); httpClient.open(); if (customHeaderSize > 0) {