@Test public void testXFrameHeaderSameOrigin() throws Exception { Configuration conf = new Configuration(); conf.set("hbase.http.filter.xframeoptions.mode", "SAMEORIGIN"); HttpServer myServer = new HttpServer.Builder().setName("test") .addEndpoint(new URI("http://localhost:0")) .setFindPort(true).setConf(conf).build(); myServer.setAttribute(HttpServer.CONF_CONTEXT_ATTRIBUTE, conf); myServer.addServlet("echo", "/echo", EchoServlet.class); myServer.start(); String serverURL = "http://" + NetUtils.getHostPortString(myServer.getConnectorAddress(0)); URL url = new URL(new URL(serverURL), "/echo?a=b&c=d"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); assertEquals(HttpURLConnection.HTTP_OK, conn.getResponseCode()); assertEquals("SAMEORIGIN", conn.getHeaderField("X-Frame-Options")); myServer.stop(); }
@Override public void addGlobalFilter(String name, String classname, Map<String, String> parameters) { final String[] ALL_URLS = { "/*" }; defineFilter(webAppContext, name, classname, parameters, ALL_URLS); for (ServletContextHandler ctx : defaultContexts.keySet()) { defineFilter(ctx, name, classname, parameters, ALL_URLS); } LOG.info("Added global filter '" + name + "' (class=" + classname + ")"); }
/** * Checks the user has privileges to access to instrumentation servlets. * <p> * If <code>hadoop.security.instrumentation.requires.admin</code> is set to FALSE * (default value) it always returns TRUE. * </p><p> * If <code>hadoop.security.instrumentation.requires.admin</code> is set to TRUE * it will check that if the current user is in the admin ACLS. If the user is * in the admin ACLs it returns TRUE, otherwise it returns FALSE. * </p> * * @param servletContext the servlet context. * @param request the servlet request. * @param response the servlet response. * @return TRUE/FALSE based on the logic decribed above. */ public static boolean isInstrumentationAccessAllowed( ServletContext servletContext, HttpServletRequest request, HttpServletResponse response) throws IOException { Configuration conf = (Configuration) servletContext.getAttribute(CONF_CONTEXT_ATTRIBUTE); boolean access = true; boolean adminAccess = conf.getBoolean( CommonConfigurationKeys.HADOOP_SECURITY_INSTRUMENTATION_REQUIRES_ADMIN, false); if (adminAccess) { access = hasAdministratorAccess(servletContext, request, response); } return access; }
@BeforeClass public static void setup() throws Exception { Configuration conf = new Configuration(); conf.setInt(HttpServer.HTTP_MAX_THREADS, MAX_THREADS); server = createTestServer(conf); server.addServlet("echo", "/echo", EchoServlet.class); server.addServlet("echomap", "/echomap", EchoMapServlet.class); server.addServlet("htmlcontent", "/htmlcontent", HtmlContentServlet.class); server.addServlet("longheader", "/longheader", LongHeaderServlet.class); server.addJerseyResourcePackage( JerseyResource.class.getPackage().getName(), "/jersey/*"); server.start(); baseUrl = getServerURL(server); LOG.info("HTTP server started: "+ baseUrl); }
@Test public void testBindAddress() throws Exception { checkBindAddress("localhost", 0, false).stop(); // hang onto this one for a bit more testing HttpServer myServer = checkBindAddress("localhost", 0, false); HttpServer myServer2 = null; try { int port = myServer.getConnectorAddress(0).getPort(); // it's already in use, true = expect a higher port myServer2 = checkBindAddress("localhost", port, true); // try to reuse the port port = myServer2.getConnectorAddress(0).getPort(); myServer2.stop(); assertNull(myServer2.getConnectorAddress(0)); // not bound myServer2.openListeners(); assertEquals(port, myServer2.getConnectorAddress(0).getPort()); // expect same port } finally { myServer.stop(); if (myServer2 != null) { myServer2.stop(); } } }
RecordingFilter.Initializer.class.getName()); HttpServer http = createTestServer(conf); http.start(); + NetUtils.getHostPortString(http.getConnectorAddress(0)); try { for(int i = 0; i < urls.length; i++) { http.stop();
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { if (!HttpServer.isInstrumentationAccessAllowed(getServletContext(), request, response)) { return; } response.setContentType("text/plain; charset=UTF-8"); try (PrintStream out = new PrintStream( response.getOutputStream(), false, "UTF-8")) { Threads.printThreadInfo(out, ""); out.flush(); } ReflectionUtils.logThreadInfo(LOG, "jsp requested", 1); } }
private HttpServer checkBindAddress(String host, int port, boolean findPort) throws Exception { HttpServer server = createServer(host, port); try { // not bound, ephemeral should return requested port (0 for ephemeral) ServerConnector listener = server.getServerConnectors().get(0); assertEquals(port, listener.getPort()); // verify hostname is what was given server.openListeners(); assertEquals(host, server.getConnectorAddress(0).getHostName()); int boundPort = server.getConnectorAddress(0).getPort(); if (port == 0) { assertTrue(boundPort != 0); // ephemeral should now return bound port } else if (findPort) { assertTrue(boundPort > port); // allow a little wiggle room to prevent random test failures if // some consecutive ports are already in use assertTrue(boundPort - port < 8); } } catch (Exception e) { server.stop(); throw e; } return server; }
public void stop() throws Exception { this.httpServer.stop(); }
public void start() throws IOException { this.httpServer.start(); }
public void addServlet(String name, String pathSpec, Class<? extends HttpServlet> clazz) { this.httpServer.addServlet(name, pathSpec, clazz); }
/** * Test that the server is alive once started * * @throws Throwable * on failure */ @Ignore ("Hangs on occasion; see HBASE-14430") @Test public void testWepAppContextAfterServerStop() throws Throwable { HttpServer server = null; String key = "test.attribute.key"; String value = "test.attribute.value"; server = createTestServer(); assertNotLive(server); server.start(); server.setAttribute(key, value); assertAlive(server); assertEquals(value, server.getAttribute(key)); stop(server); assertNull("Server context should have cleared", server.getAttribute(key)); } }
HBaseConfiguration.getPassword(sslConf, "ssl.server.truststore.password", null), sslConf.get("ssl.server.truststore.type", "jks")).build(); server.addServlet("echo", "/echo", TestHttpServer.EchoServlet.class); server.start(); baseUrl = new URL("https://" + NetUtils.getHostPortString(server.getConnectorAddress(0))); LOG.info("HTTP server started: " + baseUrl);
/** * Similar to the above test case, except that it uses a different API to add the * filter. Regression test for HADOOP-8786. */ @Test public void testContextSpecificServletFilterWhenInitThrowsException() throws Exception { Configuration conf = new Configuration(); HttpServer http = createTestServer(conf); HttpServer.defineFilter(http.webAppContext, "ErrorFilter", ErrorFilter.class.getName(), null, null); try { http.start(); fail("expecting exception"); } catch (IOException e) { assertExceptionContains("Unable to initialize WebAppContext", e); } }
/** * Return the host and port of the HttpServer, if live * @return the classname and any HTTP URL */ @Override public String toString() { if (listeners.isEmpty()) { return "Inactive HttpServer"; } else { StringBuilder sb = new StringBuilder("HttpServer (") .append(isAlive() ? STATE_DESCRIPTION_ALIVE : STATE_DESCRIPTION_NOT_LIVE).append("), listening at:"); for (ListenerInfo li : listeners) { ServerConnector l = li.listener; sb.append(l.getHost()).append(":").append(l.getPort()).append("/,"); } return sb.toString(); } }
public void setAttribute(String name, Object value) { this.httpServer.setAttribute(name, value); }
try { try { openListeners(); webServer.start(); } catch (IOException ex) {
HttpServer server = new HttpServer(this);
HttpServer server = new HttpServer(this); String scheme = ep.getScheme(); if ("http".equals(scheme)) { listener = HttpServer.createDefaultChannelConnector(); } else if ("https".equals(scheme)) { SslSocketConnector c = new SslSocketConnectorSecure();
String[] pathSpecs = { "/path", "/path/*" }; HttpServer http = createTestServer(conf, pathSpecs); http.start(); + NetUtils.getHostPortString(http.getConnectorAddress(0)); try { for(int i = 0; i < filteredUrls.length; i++) { http.stop();