Repository: hbase Updated Branches: refs/heads/branch-2.0 f82b284fd -> f46f70921
HBASE-20004 Client is not able to execute REST queries in a secure cluster Signed-off-by: Ashish Singhi <ashishsin...@apache.org> Project: http://git-wip-us.apache.org/repos/asf/hbase/repo Commit: http://git-wip-us.apache.org/repos/asf/hbase/commit/f46f7092 Tree: http://git-wip-us.apache.org/repos/asf/hbase/tree/f46f7092 Diff: http://git-wip-us.apache.org/repos/asf/hbase/diff/f46f7092 Branch: refs/heads/branch-2.0 Commit: f46f70921cd4bd0a3f5af027f1bd0f786a9e51d6 Parents: f82b284 Author: Ashish Singhi <ashishsin...@apache.org> Authored: Thu May 10 22:41:48 2018 +0530 Committer: Ashish Singhi <ashishsin...@apache.org> Committed: Thu May 10 22:41:48 2018 +0530 ---------------------------------------------------------------------- .../hadoop/hbase/http/HttpServerUtil.java | 20 +++++++++++++------- .../apache/hadoop/hbase/rest/RESTServer.java | 8 +++++++- .../hbase/rest/HBaseRESTTestingUtility.java | 2 +- 3 files changed, 21 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hbase/blob/f46f7092/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServerUtil.java ---------------------------------------------------------------------- diff --git a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServerUtil.java b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServerUtil.java index 777ced0..e41daf3 100644 --- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServerUtil.java +++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServerUtil.java @@ -31,8 +31,10 @@ public final class HttpServerUtil { /** * Add constraints to a Jetty Context to disallow undesirable Http methods. * @param ctxHandler The context to modify + * @param allowOptionsMethod if true then OPTIONS method will not be set in constraint mapping */ - public static void constrainHttpMethods(ServletContextHandler ctxHandler) { + public static void constrainHttpMethods(ServletContextHandler ctxHandler, + boolean allowOptionsMethod) { Constraint c = new Constraint(); c.setAuthenticate(true); @@ -41,13 +43,17 @@ public final class HttpServerUtil { cmt.setMethod("TRACE"); cmt.setPathSpec("/*"); - ConstraintMapping cmo = new ConstraintMapping(); - cmo.setConstraint(c); - cmo.setMethod("OPTIONS"); - cmo.setPathSpec("/*"); - ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler(); - securityHandler.setConstraintMappings(new ConstraintMapping[]{ cmt, cmo }); + + if (!allowOptionsMethod) { + ConstraintMapping cmo = new ConstraintMapping(); + cmo.setConstraint(c); + cmo.setMethod("OPTIONS"); + cmo.setPathSpec("/*"); + securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt, cmo }); + } else { + securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt }); + } ctxHandler.setSecurityHandler(securityHandler); } http://git-wip-us.apache.org/repos/asf/hbase/blob/f46f7092/hbase-rest/src/main/java/org/apache/hadoop/hbase/rest/RESTServer.java ---------------------------------------------------------------------- diff --git a/hbase-rest/src/main/java/org/apache/hadoop/hbase/rest/RESTServer.java b/hbase-rest/src/main/java/org/apache/hadoop/hbase/rest/RESTServer.java index 15c988f..e5cfe32 100644 --- a/hbase-rest/src/main/java/org/apache/hadoop/hbase/rest/RESTServer.java +++ b/hbase-rest/src/main/java/org/apache/hadoop/hbase/rest/RESTServer.java @@ -95,6 +95,11 @@ public class RESTServer implements Constants { private static final String PATH_SPEC_ANY = "/*"; + static String REST_HTTP_ALLOW_OPTIONS_METHOD = "hbase.rest.http.allow.options.method"; + // HTTP OPTIONS method is commonly used in REST APIs for negotiation. It is disabled by default to + // maintain backward incompatibility + private static boolean REST_HTTP_ALLOW_OPTIONS_METHOD_DEFAULT = false; + private static void printUsageAndExit(Options options, int exitCode) { HelpFormatter formatter = new HelpFormatter(); formatter.printHelp("hbase rest start", "", options, @@ -343,7 +348,8 @@ public class RESTServer implements Constants { ctxHandler.addFilter(filter, PATH_SPEC_ANY, EnumSet.of(DispatcherType.REQUEST)); } addCSRFFilter(ctxHandler, conf); - HttpServerUtil.constrainHttpMethods(ctxHandler); + HttpServerUtil.constrainHttpMethods(ctxHandler, servlet.getConfiguration() + .getBoolean(REST_HTTP_ALLOW_OPTIONS_METHOD, REST_HTTP_ALLOW_OPTIONS_METHOD_DEFAULT)); // Put up info server. int port = conf.getInt("hbase.rest.info.port", 8085); http://git-wip-us.apache.org/repos/asf/hbase/blob/f46f7092/hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/HBaseRESTTestingUtility.java ---------------------------------------------------------------------- diff --git a/hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/HBaseRESTTestingUtility.java b/hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/HBaseRESTTestingUtility.java index 273010a..52a6d65 100644 --- a/hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/HBaseRESTTestingUtility.java +++ b/hbase-rest/src/test/java/org/apache/hadoop/hbase/rest/HBaseRESTTestingUtility.java @@ -93,7 +93,7 @@ public class HBaseRESTTestingUtility { conf.set(RESTServer.REST_CSRF_BROWSER_USERAGENTS_REGEX_KEY, ".*"); RESTServer.addCSRFFilter(ctxHandler, conf); - HttpServerUtil.constrainHttpMethods(ctxHandler); + HttpServerUtil.constrainHttpMethods(ctxHandler, false); // start the server server.start();
