mirror of https://github.com/apache/activemq.git
Disabling the HTTP trace method on the websocket port by default. It can be enabled by setting the parameter "http.enableTrace=true" on the connection uri if it is needed for debugging.
This commit is contained in:
parent
6e2edf08c3
commit
4fb8083977
|
@ -29,10 +29,13 @@ import org.apache.activemq.transport.WebTransportServerSupport;
|
||||||
import org.apache.activemq.transport.ws.jetty9.WSServlet;
|
import org.apache.activemq.transport.ws.jetty9.WSServlet;
|
||||||
import org.apache.activemq.util.IntrospectionSupport;
|
import org.apache.activemq.util.IntrospectionSupport;
|
||||||
import org.apache.activemq.util.ServiceStopper;
|
import org.apache.activemq.util.ServiceStopper;
|
||||||
|
import org.eclipse.jetty.security.ConstraintMapping;
|
||||||
|
import org.eclipse.jetty.security.ConstraintSecurityHandler;
|
||||||
import org.eclipse.jetty.server.Connector;
|
import org.eclipse.jetty.server.Connector;
|
||||||
import org.eclipse.jetty.server.Server;
|
import org.eclipse.jetty.server.Server;
|
||||||
import org.eclipse.jetty.servlet.ServletContextHandler;
|
import org.eclipse.jetty.servlet.ServletContextHandler;
|
||||||
import org.eclipse.jetty.servlet.ServletHolder;
|
import org.eclipse.jetty.servlet.ServletHolder;
|
||||||
|
import org.eclipse.jetty.util.security.Constraint;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
@ -61,9 +64,14 @@ public class WSTransportServer extends WebTransportServerSupport {
|
||||||
URI boundTo = bind();
|
URI boundTo = bind();
|
||||||
|
|
||||||
ServletContextHandler contextHandler =
|
ServletContextHandler contextHandler =
|
||||||
new ServletContextHandler(server, "/", ServletContextHandler.NO_SECURITY);
|
new ServletContextHandler(server, "/", ServletContextHandler.SECURITY);
|
||||||
|
|
||||||
ServletHolder holder = new ServletHolder();
|
ServletHolder holder = new ServletHolder();
|
||||||
|
|
||||||
|
//AMQ-6182 - disabling trace by default
|
||||||
|
configureTraceMethod((ConstraintSecurityHandler) contextHandler.getSecurityHandler(),
|
||||||
|
getHttpOptions().isEnableTrace());
|
||||||
|
|
||||||
Map<String, Object> webSocketOptions = IntrospectionSupport.extractProperties(transportOptions, "websocket.");
|
Map<String, Object> webSocketOptions = IntrospectionSupport.extractProperties(transportOptions, "websocket.");
|
||||||
for(Map.Entry<String,Object> webSocketEntry : webSocketOptions.entrySet()) {
|
for(Map.Entry<String,Object> webSocketEntry : webSocketOptions.entrySet()) {
|
||||||
Object value = webSocketEntry.getValue();
|
Object value = webSocketEntry.getValue();
|
||||||
|
@ -106,6 +114,31 @@ public class WSTransportServer extends WebTransportServerSupport {
|
||||||
return (Integer)connector.getClass().getMethod("getLocalPort").invoke(connector);
|
return (Integer)connector.getClass().getMethod("getLocalPort").invoke(connector);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private void configureTraceMethod(ConstraintSecurityHandler securityHandler,
|
||||||
|
boolean enableTrace) {
|
||||||
|
Constraint constraint = new Constraint();
|
||||||
|
constraint.setName("trace-security");
|
||||||
|
//If enableTrace is true, then we want to set authenticate to false to allow it
|
||||||
|
constraint.setAuthenticate(!enableTrace);
|
||||||
|
ConstraintMapping mapping = new ConstraintMapping();
|
||||||
|
mapping.setConstraint(constraint);
|
||||||
|
mapping.setMethod("TRACE");
|
||||||
|
mapping.setPathSpec("/");
|
||||||
|
securityHandler.addConstraintMapping(mapping);
|
||||||
|
}
|
||||||
|
|
||||||
|
protected static class HttpOptions {
|
||||||
|
private boolean enableTrace = false;
|
||||||
|
|
||||||
|
public boolean isEnableTrace() {
|
||||||
|
return enableTrace;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setEnableTrace(boolean enableTrace) {
|
||||||
|
this.enableTrace = enableTrace;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void doStop(ServiceStopper stopper) throws Exception {
|
protected void doStop(ServiceStopper stopper) throws Exception {
|
||||||
Server temp = server;
|
Server temp = server;
|
||||||
|
@ -128,6 +161,15 @@ public class WSTransportServer extends WebTransportServerSupport {
|
||||||
this.connector = connector;
|
this.connector = connector;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected HttpOptions getHttpOptions() {
|
||||||
|
HttpOptions httpOptions = new HttpOptions();
|
||||||
|
if (transportOptions != null) {
|
||||||
|
Map<String, Object> httpOptionsMap = IntrospectionSupport.extractProperties(transportOptions, "http.");
|
||||||
|
IntrospectionSupport.setProperties(httpOptions, httpOptionsMap);
|
||||||
|
}
|
||||||
|
return httpOptions;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void setTransportOption(Map<String, Object> transportOptions) {
|
public void setTransportOption(Map<String, Object> transportOptions) {
|
||||||
Map<String, Object> socketOptions = IntrospectionSupport.extractProperties(transportOptions, "transport.");
|
Map<String, Object> socketOptions = IntrospectionSupport.extractProperties(transportOptions, "transport.");
|
||||||
|
|
|
@ -0,0 +1,99 @@
|
||||||
|
/**
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||||
|
* contributor license agreements. See the NOTICE file distributed with
|
||||||
|
* this work for additional information regarding copyright ownership.
|
||||||
|
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||||
|
* (the "License"); you may not use this file except in compliance with
|
||||||
|
* the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing, software
|
||||||
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
* See the License for the specific language governing permissions and
|
||||||
|
* limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.apache.activemq.transport.ws;
|
||||||
|
|
||||||
|
import static org.junit.Assert.assertEquals;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.concurrent.CountDownLatch;
|
||||||
|
import java.util.concurrent.atomic.AtomicInteger;
|
||||||
|
|
||||||
|
import org.eclipse.jetty.client.HttpClient;
|
||||||
|
import org.eclipse.jetty.client.api.Request;
|
||||||
|
import org.eclipse.jetty.client.api.Result;
|
||||||
|
import org.eclipse.jetty.client.util.BufferingResponseListener;
|
||||||
|
import org.eclipse.jetty.http.HttpMethod;
|
||||||
|
import org.eclipse.jetty.http.HttpStatus;
|
||||||
|
import org.junit.Ignore;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.junit.runner.RunWith;
|
||||||
|
import org.junit.runners.Parameterized;
|
||||||
|
import org.junit.runners.Parameterized.Parameters;
|
||||||
|
|
||||||
|
@RunWith(Parameterized.class)
|
||||||
|
public class WSTransportHttpTraceTest extends WSTransportTest {
|
||||||
|
|
||||||
|
private String enableTraceParam;
|
||||||
|
private int expectedStatus;
|
||||||
|
|
||||||
|
@Parameters
|
||||||
|
public static Collection<Object[]> data() {
|
||||||
|
return Arrays.asList(new Object[][] {
|
||||||
|
//value is empty
|
||||||
|
{"http.enableTrace=", HttpStatus.FORBIDDEN_403},
|
||||||
|
//default, trace method not specified
|
||||||
|
{null, HttpStatus.FORBIDDEN_403},
|
||||||
|
// enable http trace method
|
||||||
|
{"http.enableTrace=true", HttpStatus.OK_200},
|
||||||
|
// disable trace method
|
||||||
|
{"http.enableTrace=false", HttpStatus.FORBIDDEN_403}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
public WSTransportHttpTraceTest(final String enableTraceParam, final int expectedStatus) {
|
||||||
|
this.enableTraceParam = enableTraceParam;
|
||||||
|
this.expectedStatus = expectedStatus;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected String getWSConnectorURI() {
|
||||||
|
String uri = "ws://127.0.0.1:61623?websocket.maxTextMessageSize=99999&transport.maxIdleTime=1001";
|
||||||
|
uri = enableTraceParam != null ? uri + "&" + enableTraceParam : uri;
|
||||||
|
return uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This tests whether the TRACE method is enabled or not
|
||||||
|
* @throws Exception
|
||||||
|
*/
|
||||||
|
@Test
|
||||||
|
public void testHttpTraceEnabled() throws Exception {
|
||||||
|
HttpClient httpClient = new HttpClient();
|
||||||
|
httpClient.start();
|
||||||
|
|
||||||
|
final CountDownLatch latch = new CountDownLatch(1);
|
||||||
|
Request request = httpClient.newRequest("http://127.0.0.1:61623").method(HttpMethod.TRACE);
|
||||||
|
final AtomicInteger status = new AtomicInteger();
|
||||||
|
request.send(new BufferingResponseListener() {
|
||||||
|
@Override
|
||||||
|
public void onComplete(Result result) {
|
||||||
|
status.set(result.getResponse().getStatus());
|
||||||
|
latch.countDown();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
latch.await();
|
||||||
|
assertEquals(expectedStatus, status.get());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
@Ignore
|
||||||
|
@Test
|
||||||
|
public void testBrokerStart() throws Exception {
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue