From df95343047568a387c67a72a7ece04f3f97514e1 Mon Sep 17 00:00:00 2001 From: Akira Ajisaka Date: Tue, 12 Jan 2016 13:30:58 +0900 Subject: [PATCH] HADOOP-12584. Disable browsing the static directory in HttpServer2. Contributed by Robert Kanter. (cherry picked from commit 9c89bcd04212543ae279d34938ec2ad319e5ba6d) --- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../src/main/java/org/apache/hadoop/http/HttpServer2.java | 3 +++ .../test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java | 4 +--- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index ab8dcea1ef1..f1b5f36ec2f 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -956,6 +956,9 @@ Release 2.8.0 - UNRELEASED HADOOP-12551. Introduce FileNotFoundException for WASB FileSystem API (Dushyanth via cnauroth) + HADOOP-12584. Disable browsing the static directory in HttpServer2. + (Robert Kanter via aajisaka) + Release 2.7.3 - UNRELEASED INCOMPATIBLE CHANGES diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java index 6571c974ff7..8fa36f33879 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java @@ -575,6 +575,9 @@ public final class HttpServer2 implements FilterContainer { staticContext.setResourceBase(appDir + "/static"); staticContext.addServlet(DefaultServlet.class, "/*"); staticContext.setDisplayName("static"); + @SuppressWarnings("unchecked") + Map params = staticContext.getInitParams(); + params.put("org.mortbay.jetty.servlet.Default.dirAllowed", "false"); SessionHandler handler = new SessionHandler(); SessionManager sm = handler.getSessionManager(); if (sm instanceof AbstractSessionManager) { diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java index 6eaeb2b0c13..acec20524bf 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java @@ -261,7 +261,7 @@ public class TestWebApp { } // This is to test the GuiceFilter should only be applied to webAppContext, - // not to staticContext and logContext; + // not to logContext; @Test public void testYARNWebAppContext() throws Exception { // setting up the log context System.setProperty("hadoop.log.dir", "/Not/Existing/dir"); @@ -272,8 +272,6 @@ public class TestWebApp { }); String baseUrl = baseUrl(app); try { - // should not redirect to foo - assertFalse("foo".equals(getContent(baseUrl +"static").trim())); // Not able to access a non-existing dir, should not redirect to foo. assertEquals(404, getResponseCode(baseUrl +"logs")); // should be able to redirect to foo.