----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/64002/ -----------------------------------------------------------
(Updated Nov. 22, 2017, 3:19 p.m.) Review request for sentry. Changes ------- this 2nd patch adds tests to verify the TRACE method is disabled. Bugs: sentry-2068 https://issues.apache.org/jira/browse/sentry-2068 Repository: sentry Description ------- Disables the HTTP TRACE method by wrapping a constraint that requires authentication when calling such method. See more info here: http://www.imlc.me/why-we-need-to-disable-trace-method-and-how-to-disable-trace-in-embedded-jetty.html https://www.owasp.org/index.php/Cross_Site_Tracing https://reformatcode.com/code/http/java-embedded-jetty-is-accepting-http-trace-method Diffs (updated) ----- sentry-provider/sentry-provider-db/src/main/java/org/apache/sentry/provider/db/service/thrift/SentryWebServer.java 95b87add5814cc3c0851ca73ca6503306b840594 sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithKerberos.java 09ee6b4493611c055dd7e96ab8a0b747fd4eb25b sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithSSL.java d1d0b4be578ca9b4148a81073a21639cd8688156 sentry-provider/sentry-provider-db/src/test/java/org/apache/sentry/provider/db/service/thrift/TestSentryWebServerWithoutSecurity.java 4a913e5189fa0aea7fb1770eb9f3e8e991289a50 Diff: https://reviews.apache.org/r/64002/diff/2/ Changes: https://reviews.apache.org/r/64002/diff/1-2/ Testing ------- Thanks, Sergio Pena