Return-Path: 
 <commits-return-15699-apmail-accumulo-commits-archive=accumulo.apache.org@accumulo.apache.org>
X-Original-To: apmail-accumulo-commits-archive@www.apache.org
Delivered-To: apmail-accumulo-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id E72A8100B6
	for <apmail-accumulo-commits-archive@www.apache.org>;
 Tue, 26 May 2015 20:57:21 +0000 (UTC)
Received: (qmail 48739 invoked by uid 500); 26 May 2015 20:57:21 -0000
Delivered-To: apmail-accumulo-commits-archive@accumulo.apache.org
Received: (qmail 48661 invoked by uid 500); 26 May 2015 20:57:21 -0000
Mailing-List: contact commits-help@accumulo.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@accumulo.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@accumulo.apache.org>
List-Post: <mailto:commits@accumulo.apache.org>
List-Id: <commits.accumulo.apache.org>
Reply-To: dev@accumulo.apache.org
Delivered-To: mailing list commits@accumulo.apache.org
Received: (qmail 48628 invoked by uid 99); 26 May 2015 20:57:21 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 May 2015 20:57:21 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 74598DFA96; Tue, 26 May 2015 20:57:21 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: ctubbsii@apache.org
To: commits@accumulo.apache.org
Date: Tue, 26 May 2015 20:57:23 -0000
Message-Id: <ff7c5bafe32f47ed994bdce573f84013@git.apache.org>
In-Reply-To: <f69c4f4b26f947c480d1f60a367ec2c1@git.apache.org>
References: <f69c4f4b26f947c480d1f60a367ec2c1@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [3/6] accumulo git commit: ACCUMULO-3460 Disable HTTP TRACE in
 embedded Jetty

ACCUMULO-3460 Disable HTTP TRACE in embedded Jetty


Project: http://git-wip-us.apache.org/repos/asf/accumulo/repo
Commit: http://git-wip-us.apache.org/repos/asf/accumulo/commit/de2763e4
Tree: http://git-wip-us.apache.org/repos/asf/accumulo/tree/de2763e4
Diff: http://git-wip-us.apache.org/repos/asf/accumulo/diff/de2763e4

Branch: refs/heads/master
Commit: de2763e47f969a34317ab650403cb260996902c5
Parents: 2590322
Author: Christopher Tubbs <ctubbsii@apache.org>
Authored: Tue May 26 14:09:19 2015 -0400
Committer: Christopher Tubbs <ctubbsii@apache.org>
Committed: Tue May 26 15:48:20 2015 -0400

----------------------------------------------------------------------
 .../accumulo/monitor/EmbeddedWebServer.java     | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/accumulo/blob/de2763e4/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
----------------------------------------------------------------------
diff --git a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java b/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
index af91136..41890e8 100644
--- a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
+++ b/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
@@ -21,11 +21,14 @@ import javax.servlet.http.HttpServlet;
 import org.apache.accumulo.core.conf.AccumuloConfiguration;
 import org.apache.accumulo.core.conf.Property;
 import org.apache.commons.lang.StringUtils;
+import org.eclipse.jetty.security.ConstraintMapping;
+import org.eclipse.jetty.security.ConstraintSecurityHandler;
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.nio.SelectChannelConnector;
 import org.eclipse.jetty.server.session.SessionHandler;
 import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
 import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.util.security.Constraint;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 
 public class EmbeddedWebServer {
@@ -76,13 +79,28 @@ public class EmbeddedWebServer {
     connector.setHost(host);
     connector.setPort(port);
 
-    handler = new ServletContextHandler(server, "/", new SessionHandler(), null, null, null);
+    handler = new ServletContextHandler(server, "/", new SessionHandler(), new ConstraintSecurityHandler(), null, null);
+    disableTrace("/");
   }
 
   public void addServlet(Class<? extends HttpServlet> klass, String where) {
     handler.addServlet(klass, where);
   }
 
+  private void disableTrace(String where) {
+    Constraint constraint = new Constraint();
+    constraint.setName("Disable TRACE");
+    constraint.setAuthenticate(true); // require auth, but no roles defined, so it'll never match
+
+    ConstraintMapping mapping = new ConstraintMapping();
+    mapping.setConstraint(constraint);
+    mapping.setMethod("TRACE");
+    mapping.setPathSpec(where);
+
+    ConstraintSecurityHandler security = (ConstraintSecurityHandler) handler.getSecurityHandler();
+    security.addConstraintMapping(mapping);
+  }
+
   public int getPort() {
     return connector.getLocalPort();
   }