flume-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jar...@apache.org
Subject git commit: FLUME-2312. Add utility for adorning HTTP contexts in Jetty
Date Thu, 06 Feb 2014 02:09:35 GMT
Updated Branches:
  refs/heads/trunk 044ba3003 -> d9061a037


FLUME-2312. Add utility for adorning HTTP contexts in Jetty

(Hari Shreedharan via Jarek Jarcec Cecho)


Project: http://git-wip-us.apache.org/repos/asf/flume/repo
Commit: http://git-wip-us.apache.org/repos/asf/flume/commit/d9061a03
Tree: http://git-wip-us.apache.org/repos/asf/flume/tree/d9061a03
Diff: http://git-wip-us.apache.org/repos/asf/flume/diff/d9061a03

Branch: refs/heads/trunk
Commit: d9061a037662dd0a37c44ba5f9cf705d21c84987
Parents: 044ba30
Author: Jarek Jarcec Cecho <jarcec@apache.org>
Authored: Wed Feb 5 18:02:12 2014 -0800
Committer: Jarek Jarcec Cecho <jarcec@apache.org>
Committed: Wed Feb 5 18:02:12 2014 -0800

----------------------------------------------------------------------
 .../instrumentation/http/HTTPMetricsServer.java |  7 +++
 .../apache/flume/source/http/HTTPSource.java    |  2 +
 .../flume/tools/HTTPServerConstraintUtil.java   | 62 ++++++++++++++++++++
 .../http/TestHTTPMetricsServer.java             | 31 ++++++++++
 .../flume/source/http/TestHTTPSource.java       | 20 +++++++
 5 files changed, 122 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/flume/blob/d9061a03/flume-ng-core/src/main/java/org/apache/flume/instrumentation/http/HTTPMetricsServer.java
----------------------------------------------------------------------
diff --git a/flume-ng-core/src/main/java/org/apache/flume/instrumentation/http/HTTPMetricsServer.java
b/flume-ng-core/src/main/java/org/apache/flume/instrumentation/http/HTTPMetricsServer.java
index 2c2c6f3..7c0afb0 100644
--- a/flume-ng-core/src/main/java/org/apache/flume/instrumentation/http/HTTPMetricsServer.java
+++ b/flume-ng-core/src/main/java/org/apache/flume/instrumentation/http/HTTPMetricsServer.java
@@ -108,6 +108,13 @@ public class HTTPMetricsServer implements MonitorService {
       //If we want to use any other url for something else, we should make sure
       //that for metrics only /metrics is used to prevent backward
       //compatibility issues.
+      if(request.getMethod().equalsIgnoreCase("TRACE") || request.getMethod()
+        .equalsIgnoreCase("OPTIONS")) {
+        response.sendError(HttpServletResponse.SC_FORBIDDEN);
+        response.flushBuffer();
+        ((Request) request).setHandled(true);
+        return;
+      }
       if (target.equals("/")) {
         response.setContentType("text/html;charset=utf-8");
         response.setStatus(HttpServletResponse.SC_OK);

http://git-wip-us.apache.org/repos/asf/flume/blob/d9061a03/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSource.java
----------------------------------------------------------------------
diff --git a/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSource.java b/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSource.java
index 48c6492..115b34f 100644
--- a/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSource.java
+++ b/flume-ng-core/src/main/java/org/apache/flume/source/http/HTTPSource.java
@@ -26,6 +26,7 @@ import org.apache.flume.EventDrivenSource;
 import org.apache.flume.conf.Configurable;
 import org.apache.flume.instrumentation.SourceCounter;
 import org.apache.flume.source.AbstractSource;
+import org.apache.flume.tools.HTTPServerConstraintUtil;
 import org.mortbay.jetty.Connector;
 import org.mortbay.jetty.Server;
 import org.mortbay.jetty.nio.SelectChannelConnector;
@@ -190,6 +191,7 @@ public class HTTPSource extends AbstractSource implements
         new org.mortbay.jetty.servlet.Context(
           srv, "/", org.mortbay.jetty.servlet.Context.SESSIONS);
       root.addServlet(new ServletHolder(new FlumeHTTPServlet()), "/");
+      HTTPServerConstraintUtil.enforceConstraints(root);
       srv.start();
       Preconditions.checkArgument(srv.getHandler().equals(root));
     } catch (Exception ex) {

http://git-wip-us.apache.org/repos/asf/flume/blob/d9061a03/flume-ng-core/src/main/java/org/apache/flume/tools/HTTPServerConstraintUtil.java
----------------------------------------------------------------------
diff --git a/flume-ng-core/src/main/java/org/apache/flume/tools/HTTPServerConstraintUtil.java
b/flume-ng-core/src/main/java/org/apache/flume/tools/HTTPServerConstraintUtil.java
new file mode 100644
index 0000000..479cfc4
--- /dev/null
+++ b/flume-ng-core/src/main/java/org/apache/flume/tools/HTTPServerConstraintUtil.java
@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.flume.tools;
+
+import org.mortbay.jetty.security.Constraint;
+import org.mortbay.jetty.security.ConstraintMapping;
+import org.mortbay.jetty.security.SecurityHandler;
+import org.mortbay.jetty.servlet.Context;
+
+// Most of the code in this class is copied from HBASE-10473
+
+/**
+ * Utility class to impose constraints on Jetty HTTP servers
+ */
+
+public class HTTPServerConstraintUtil {
+
+  private HTTPServerConstraintUtil() {
+
+  }
+
+  /**
+   * Impose constraints on the {@linkplain org.mortbay.jetty.servlet.Context}
+   * passed in.
+   * @param ctx - {@linkplain org.mortbay.jetty.servlet.Context} to impose
+   *            constraints on.
+   */
+  public static void enforceConstraints(Context ctx) {
+    Constraint c = new Constraint();
+    c.setAuthenticate(true);
+
+    ConstraintMapping cmt = new ConstraintMapping();
+    cmt.setConstraint(c);
+    cmt.setMethod("TRACE");
+    cmt.setPathSpec("/*");
+
+    ConstraintMapping cmo = new ConstraintMapping();
+    cmo.setConstraint(c);
+    cmo.setMethod("OPTIONS");
+    cmo.setPathSpec("/*");
+
+    SecurityHandler sh = new SecurityHandler();
+    sh.setConstraintMappings(new ConstraintMapping[]{cmt, cmo});
+    ctx.addHandler(sh);
+  }
+}

http://git-wip-us.apache.org/repos/asf/flume/blob/d9061a03/flume-ng-core/src/test/java/org/apache/flume/instrumentation/http/TestHTTPMetricsServer.java
----------------------------------------------------------------------
diff --git a/flume-ng-core/src/test/java/org/apache/flume/instrumentation/http/TestHTTPMetricsServer.java
b/flume-ng-core/src/test/java/org/apache/flume/instrumentation/http/TestHTTPMetricsServer.java
index a2a1c30..eb2d02d 100644
--- a/flume-ng-core/src/test/java/org/apache/flume/instrumentation/http/TestHTTPMetricsServer.java
+++ b/flume-ng-core/src/test/java/org/apache/flume/instrumentation/http/TestHTTPMetricsServer.java
@@ -38,6 +38,8 @@ import org.apache.flume.instrumentation.util.JMXTestUtils;
 import org.junit.Assert;
 import org.junit.Test;
 
+import javax.servlet.http.HttpServletResponse;
+
 /**
  *
  */
@@ -127,4 +129,33 @@ public class TestHTTPMetricsServer {
     srv.stop();
     System.out.println(String.valueOf(port) + "test success!");
   }
+
+  @Test
+  public void testTrace() throws Exception {
+    doTestForbiddenMethods(4543,"TRACE");
+  }
+  @Test
+  public void testOptions() throws Exception {
+    doTestForbiddenMethods(4432,"OPTIONS");
+  }
+
+  public void doTestForbiddenMethods(int port, String method)
+    throws Exception {
+    MonitorService srv = new HTTPMetricsServer();
+    Context context = new Context();
+    if (port > 1024) {
+      context.put(HTTPMetricsServer.CONFIG_PORT, String.valueOf(port));
+    } else {
+      port = HTTPMetricsServer.DEFAULT_PORT;
+    }
+    srv.configure(context);
+    srv.start();
+    Thread.sleep(1000);
+    URL url = new URL("http://0.0.0.0:" + String.valueOf(port) + "/metrics");
+    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+    conn.setRequestMethod(method);
+    Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN,
+      conn.getResponseCode());
+    srv.stop();
+  }
 }

http://git-wip-us.apache.org/repos/asf/flume/blob/d9061a03/flume-ng-core/src/test/java/org/apache/flume/source/http/TestHTTPSource.java
----------------------------------------------------------------------
diff --git a/flume-ng-core/src/test/java/org/apache/flume/source/http/TestHTTPSource.java
b/flume-ng-core/src/test/java/org/apache/flume/source/http/TestHTTPSource.java
index ab8ec09..5b07a6e 100644
--- a/flume-ng-core/src/test/java/org/apache/flume/source/http/TestHTTPSource.java
+++ b/flume-ng-core/src/test/java/org/apache/flume/source/http/TestHTTPSource.java
@@ -29,7 +29,10 @@ import org.apache.flume.channel.ReplicatingChannelSelector;
 import org.apache.flume.conf.Configurables;
 import org.apache.flume.event.JSONEvent;
 import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpOptions;
 import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.methods.HttpRequestBase;
+import org.apache.http.client.methods.HttpTrace;
 import org.apache.http.conn.ssl.SSLSocketFactory;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.client.DefaultHttpClient;
@@ -166,6 +169,23 @@ public class TestHTTPSource {
   }
 
   @Test
+  public void testTrace() throws Exception {
+    doTestForbidden(new HttpTrace("http://0.0.0.0:" + selectedPort));
+  }
+
+  @Test
+  public void testOptions() throws Exception {
+    doTestForbidden(new HttpOptions("http://0.0.0.0:" + selectedPort));
+  }
+
+
+  private void doTestForbidden(HttpRequestBase request) throws Exception {
+    HttpResponse response = httpClient.execute(request);
+    Assert.assertEquals(HttpServletResponse.SC_FORBIDDEN,
+      response.getStatusLine().getStatusCode());
+  }
+
+  @Test
   public void testSimpleUTF16() throws IOException, InterruptedException {
 
     StringEntity input = new StringEntity("[{\"headers\":{\"a\": \"b\"},\"body\": \"random_body\"},"


Mime
View raw message