From 4539131102e01bd150d147c16e33d0dd1e9a031a Mon Sep 17 00:00:00 2001 From: Haohui Mai Date: Thu, 19 Nov 2015 15:47:31 -0800 Subject: [PATCH] HADOOP-12584. Disable browsing the static directory in HttpServer2. Contributed by Robert Kanter. --- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../src/main/java/org/apache/hadoop/http/HttpServer2.java | 3 +++ 2 files changed, 6 insertions(+) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index 3058799d467..48c11b4c91f 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -1429,6 +1429,9 @@ Release 2.8.0 - UNRELEASED HADOOP-11901. BytesWritable fails to support 2G chunks due to integer overflow. (Reynold Xin via wheat9) + HADOOP-12584. Disable browsing the static directory in HttpServer2. + (Robert Kanter via wheat9) + Release 2.7.3 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java index d59320554eb..633180c8342 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java @@ -530,6 +530,9 @@ public final class HttpServer2 implements FilterContainer { staticContext.setResourceBase(appDir + "/static"); staticContext.addServlet(DefaultServlet.class, "/*"); staticContext.setDisplayName("static"); + @SuppressWarnings("unchecked") + Map params = staticContext.getInitParams(); + params.put("org.mortbay.jetty.servlet.Default.dirAllowed", "false"); setContextAttributes(staticContext, conf); defaultContexts.put(staticContext, true); }