devapidocs/src-html/org/apache/hadoop/hbase/http/HttpServerUtil.html - hbase-site - Git at Google

 <!DOCTYPE HTML>
 <html lang="en">
 <head>
 <!-- Generated by javadoc (17) -->
 <title>Source code</title>
 <meta name="viewport" content="width=device-width, initial-scale=1">
 <meta name="description" content="source: package: org.apache.hadoop.hbase.http, class: HttpServerUtil">
 <meta name="generator" content="javadoc/SourceToHTMLConverter">
 <link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
 </head>
 <body class="source-page">
 <main role="main">
 <div class="source-container">
 <pre><span class="source-line-no">001</span><span id="line-1">/*</span>
 <span class="source-line-no">002</span><span id="line-2"> * Licensed to the Apache Software Foundation (ASF) under one</span>
 <span class="source-line-no">003</span><span id="line-3"> * or more contributor license agreements.  See the NOTICE file</span>
 <span class="source-line-no">004</span><span id="line-4"> * distributed with this work for additional information</span>
 <span class="source-line-no">005</span><span id="line-5"> * regarding copyright ownership.  The ASF licenses this file</span>
 <span class="source-line-no">006</span><span id="line-6"> * to you under the Apache License, Version 2.0 (the</span>
 <span class="source-line-no">007</span><span id="line-7"> * "License"); you may not use this file except in compliance</span>
 <span class="source-line-no">008</span><span id="line-8"> * with the License.  You may obtain a copy of the License at</span>
 <span class="source-line-no">009</span><span id="line-9"> *</span>
 <span class="source-line-no">010</span><span id="line-10"> *     http://www.apache.org/licenses/LICENSE-2.0</span>
 <span class="source-line-no">011</span><span id="line-11"> *</span>
 <span class="source-line-no">012</span><span id="line-12"> * Unless required by applicable law or agreed to in writing, software</span>
 <span class="source-line-no">013</span><span id="line-13"> * distributed under the License is distributed on an "AS IS" BASIS,</span>
 <span class="source-line-no">014</span><span id="line-14"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span>
 <span class="source-line-no">015</span><span id="line-15"> * See the License for the specific language governing permissions and</span>
 <span class="source-line-no">016</span><span id="line-16"> * limitations under the License.</span>
 <span class="source-line-no">017</span><span id="line-17"> */</span>
 <span class="source-line-no">018</span><span id="line-18">package org.apache.hadoop.hbase.http;</span>
 <span class="source-line-no">019</span><span id="line-19"></span>
 <span class="source-line-no">020</span><span id="line-20">import java.util.EnumSet;</span>
 <span class="source-line-no">021</span><span id="line-21">import javax.servlet.DispatcherType;</span>
 <span class="source-line-no">022</span><span id="line-22">import org.apache.hadoop.conf.Configuration;</span>
 <span class="source-line-no">023</span><span id="line-23">import org.apache.yetus.audience.InterfaceAudience;</span>
 <span class="source-line-no">024</span><span id="line-24"></span>
 <span class="source-line-no">025</span><span id="line-25">import org.apache.hbase.thirdparty.org.eclipse.jetty.ee8.nested.ServletConstraint;</span>
 <span class="source-line-no">026</span><span id="line-26">import org.apache.hbase.thirdparty.org.eclipse.jetty.ee8.security.ConstraintMapping;</span>
 <span class="source-line-no">027</span><span id="line-27">import org.apache.hbase.thirdparty.org.eclipse.jetty.ee8.security.ConstraintSecurityHandler;</span>
 <span class="source-line-no">028</span><span id="line-28">import org.apache.hbase.thirdparty.org.eclipse.jetty.ee8.servlet.FilterHolder;</span>
 <span class="source-line-no">029</span><span id="line-29">import org.apache.hbase.thirdparty.org.eclipse.jetty.ee8.servlet.ServletContextHandler;</span>
 <span class="source-line-no">030</span><span id="line-30"></span>
 <span class="source-line-no">031</span><span id="line-31">/**</span>
 <span class="source-line-no">032</span><span id="line-32"> * HttpServer utility.</span>
 <span class="source-line-no">033</span><span id="line-33"> */</span>
 <span class="source-line-no">034</span><span id="line-34">@InterfaceAudience.Private</span>
 <span class="source-line-no">035</span><span id="line-35">public final class HttpServerUtil {</span>
 <span class="source-line-no">036</span><span id="line-36"></span>
 <span class="source-line-no">037</span><span id="line-37">  public static final String PATH_SPEC_ANY = "/*";</span>
 <span class="source-line-no">038</span><span id="line-38"></span>
 <span class="source-line-no">039</span><span id="line-39">  /**</span>
 <span class="source-line-no">040</span><span id="line-40">   * Add constraints to a Jetty Context to disallow undesirable Http methods.</span>
 <span class="source-line-no">041</span><span id="line-41">   * @param ctxHandler         The context to modify</span>
 <span class="source-line-no">042</span><span id="line-42">   * @param allowOptionsMethod if true then OPTIONS method will not be set in constraint mapping</span>
 <span class="source-line-no">043</span><span id="line-43">   */</span>
 <span class="source-line-no">044</span><span id="line-44">  public static void constrainHttpMethods(ServletContextHandler ctxHandler,</span>
 <span class="source-line-no">045</span><span id="line-45">    boolean allowOptionsMethod) {</span>
 <span class="source-line-no">046</span><span id="line-46">    ServletConstraint c = new ServletConstraint();</span>
 <span class="source-line-no">047</span><span id="line-47">    c.setAuthenticate(true);</span>
 <span class="source-line-no">048</span><span id="line-48"></span>
 <span class="source-line-no">049</span><span id="line-49">    ConstraintMapping cmt = new ConstraintMapping();</span>
 <span class="source-line-no">050</span><span id="line-50">    cmt.setConstraint(c);</span>
 <span class="source-line-no">051</span><span id="line-51">    cmt.setMethod("TRACE");</span>
 <span class="source-line-no">052</span><span id="line-52">    cmt.setPathSpec("/*");</span>
 <span class="source-line-no">053</span><span id="line-53"></span>
 <span class="source-line-no">054</span><span id="line-54">    ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();</span>
 <span class="source-line-no">055</span><span id="line-55"></span>
 <span class="source-line-no">056</span><span id="line-56">    if (!allowOptionsMethod) {</span>
 <span class="source-line-no">057</span><span id="line-57">      ConstraintMapping cmo = new ConstraintMapping();</span>
 <span class="source-line-no">058</span><span id="line-58">      cmo.setConstraint(c);</span>
 <span class="source-line-no">059</span><span id="line-59">      cmo.setMethod("OPTIONS");</span>
 <span class="source-line-no">060</span><span id="line-60">      cmo.setPathSpec("/*");</span>
 <span class="source-line-no">061</span><span id="line-61">      securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt, cmo });</span>
 <span class="source-line-no">062</span><span id="line-62">    } else {</span>
 <span class="source-line-no">063</span><span id="line-63">      securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt });</span>
 <span class="source-line-no">064</span><span id="line-64">    }</span>
 <span class="source-line-no">065</span><span id="line-65"></span>
 <span class="source-line-no">066</span><span id="line-66">    ctxHandler.setSecurityHandler(securityHandler);</span>
 <span class="source-line-no">067</span><span id="line-67">  }</span>
 <span class="source-line-no">068</span><span id="line-68"></span>
 <span class="source-line-no">069</span><span id="line-69">  public static void addClickjackingPreventionFilter(ServletContextHandler ctxHandler,</span>
 <span class="source-line-no">070</span><span id="line-70">    Configuration conf, String pathSpec) {</span>
 <span class="source-line-no">071</span><span id="line-71">    FilterHolder holder = new FilterHolder();</span>
 <span class="source-line-no">072</span><span id="line-72">    holder.setName("clickjackingprevention");</span>
 <span class="source-line-no">073</span><span id="line-73">    holder.setClassName(ClickjackingPreventionFilter.class.getName());</span>
 <span class="source-line-no">074</span><span id="line-74">    holder.setInitParameters(ClickjackingPreventionFilter.getDefaultParameters(conf));</span>
 <span class="source-line-no">075</span><span id="line-75">    ctxHandler.addFilter(holder, pathSpec, EnumSet.allOf(DispatcherType.class));</span>
 <span class="source-line-no">076</span><span id="line-76">  }</span>
 <span class="source-line-no">077</span><span id="line-77"></span>
 <span class="source-line-no">078</span><span id="line-78">  public static void addSecurityHeadersFilter(ServletContextHandler ctxHandler, Configuration conf,</span>
 <span class="source-line-no">079</span><span id="line-79">    boolean isSecure, String pathSpec) {</span>
 <span class="source-line-no">080</span><span id="line-80">    FilterHolder holder = new FilterHolder();</span>
 <span class="source-line-no">081</span><span id="line-81">    holder.setName("securityheaders");</span>
 <span class="source-line-no">082</span><span id="line-82">    holder.setClassName(SecurityHeadersFilter.class.getName());</span>
 <span class="source-line-no">083</span><span id="line-83">    holder.setInitParameters(SecurityHeadersFilter.getDefaultParameters(conf, isSecure));</span>
 <span class="source-line-no">084</span><span id="line-84">    ctxHandler.addFilter(holder, pathSpec, EnumSet.allOf(DispatcherType.class));</span>
 <span class="source-line-no">085</span><span id="line-85">  }</span>
 <span class="source-line-no">086</span><span id="line-86"></span>
 <span class="source-line-no">087</span><span id="line-87">  private HttpServerUtil() {</span>
 <span class="source-line-no">088</span><span id="line-88">  }</span>
 <span class="source-line-no">089</span><span id="line-89">}</span>


 </pre>
 </div>
 </main>
 </body>
 </html>
	<!DOCTYPE HTML>
	<html lang="en">
	<head>
	<!-- Generated by javadoc (17) -->
	<title>Source code</title>
	<meta name="viewport" content="width=device-width, initial-scale=1">
	<meta name="description" content="source: package: org.apache.hadoop.hbase.http, class: HttpServerUtil">
	<meta name="generator" content="javadoc/SourceToHTMLConverter">
	<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
	</head>
	<body class="source-page">
	<main role="main">
	<div class="source-container">
	<pre><span class="source-line-no">001</span><span id="line-1">/*</span>
	<span class="source-line-no">002</span><span id="line-2"> * Licensed to the Apache Software Foundation (ASF) under one</span>
	<span class="source-line-no">003</span><span id="line-3"> * or more contributor license agreements. See the NOTICE file</span>
	<span class="source-line-no">004</span><span id="line-4"> * distributed with this work for additional information</span>
	<span class="source-line-no">005</span><span id="line-5"> * regarding copyright ownership. The ASF licenses this file</span>
	<span class="source-line-no">006</span><span id="line-6"> * to you under the Apache License, Version 2.0 (the</span>
	<span class="source-line-no">007</span><span id="line-7"> * "License"); you may not use this file except in compliance</span>
	<span class="source-line-no">008</span><span id="line-8"> * with the License. You may obtain a copy of the License at</span>
	<span class="source-line-no">009</span><span id="line-9"> *</span>
	<span class="source-line-no">010</span><span id="line-10"> * http://www.apache.org/licenses/LICENSE-2.0</span>
	<span class="source-line-no">011</span><span id="line-11"> *</span>
	<span class="source-line-no">012</span><span id="line-12"> * Unless required by applicable law or agreed to in writing, software</span>
	<span class="source-line-no">013</span><span id="line-13"> * distributed under the License is distributed on an "AS IS" BASIS,</span>
	<span class="source-line-no">014</span><span id="line-14"> * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span>
	<span class="source-line-no">015</span><span id="line-15"> * See the License for the specific language governing permissions and</span>
	<span class="source-line-no">016</span><span id="line-16"> * limitations under the License.</span>
	<span class="source-line-no">017</span><span id="line-17"> */</span>
	<span class="source-line-no">018</span><span id="line-18">package org.apache.hadoop.hbase.http;</span>
	<span class="source-line-no">019</span><span id="line-19"></span>
	<span class="source-line-no">020</span><span id="line-20">import java.util.EnumSet;</span>
	<span class="source-line-no">021</span><span id="line-21">import javax.servlet.DispatcherType;</span>
	<span class="source-line-no">022</span><span id="line-22">import org.apache.hadoop.conf.Configuration;</span>
	<span class="source-line-no">023</span><span id="line-23">import org.apache.yetus.audience.InterfaceAudience;</span>
	<span class="source-line-no">024</span><span id="line-24"></span>
	<span class="source-line-no">025</span><span id="line-25">import org.apache.hbase.thirdparty.org.eclipse.jetty.ee8.nested.ServletConstraint;</span>
	<span class="source-line-no">026</span><span id="line-26">import org.apache.hbase.thirdparty.org.eclipse.jetty.ee8.security.ConstraintMapping;</span>
	<span class="source-line-no">027</span><span id="line-27">import org.apache.hbase.thirdparty.org.eclipse.jetty.ee8.security.ConstraintSecurityHandler;</span>
	<span class="source-line-no">028</span><span id="line-28">import org.apache.hbase.thirdparty.org.eclipse.jetty.ee8.servlet.FilterHolder;</span>
	<span class="source-line-no">029</span><span id="line-29">import org.apache.hbase.thirdparty.org.eclipse.jetty.ee8.servlet.ServletContextHandler;</span>
	<span class="source-line-no">030</span><span id="line-30"></span>
	<span class="source-line-no">031</span><span id="line-31">/**</span>
	<span class="source-line-no">032</span><span id="line-32"> * HttpServer utility.</span>
	<span class="source-line-no">033</span><span id="line-33"> */</span>
	<span class="source-line-no">034</span><span id="line-34">@InterfaceAudience.Private</span>
	<span class="source-line-no">035</span><span id="line-35">public final class HttpServerUtil {</span>
	<span class="source-line-no">036</span><span id="line-36"></span>
	<span class="source-line-no">037</span><span id="line-37"> public static final String PATH_SPEC_ANY = "/*";</span>
	<span class="source-line-no">038</span><span id="line-38"></span>
	<span class="source-line-no">039</span><span id="line-39"> /**</span>
	<span class="source-line-no">040</span><span id="line-40"> * Add constraints to a Jetty Context to disallow undesirable Http methods.</span>
	<span class="source-line-no">041</span><span id="line-41"> * @param ctxHandler The context to modify</span>
	<span class="source-line-no">042</span><span id="line-42"> * @param allowOptionsMethod if true then OPTIONS method will not be set in constraint mapping</span>
	<span class="source-line-no">043</span><span id="line-43"> */</span>
	<span class="source-line-no">044</span><span id="line-44"> public static void constrainHttpMethods(ServletContextHandler ctxHandler,</span>
	<span class="source-line-no">045</span><span id="line-45"> boolean allowOptionsMethod) {</span>
	<span class="source-line-no">046</span><span id="line-46"> ServletConstraint c = new ServletConstraint();</span>
	<span class="source-line-no">047</span><span id="line-47"> c.setAuthenticate(true);</span>
	<span class="source-line-no">048</span><span id="line-48"></span>
	<span class="source-line-no">049</span><span id="line-49"> ConstraintMapping cmt = new ConstraintMapping();</span>
	<span class="source-line-no">050</span><span id="line-50"> cmt.setConstraint(c);</span>
	<span class="source-line-no">051</span><span id="line-51"> cmt.setMethod("TRACE");</span>
	<span class="source-line-no">052</span><span id="line-52"> cmt.setPathSpec("/*");</span>
	<span class="source-line-no">053</span><span id="line-53"></span>
	<span class="source-line-no">054</span><span id="line-54"> ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();</span>
	<span class="source-line-no">055</span><span id="line-55"></span>
	<span class="source-line-no">056</span><span id="line-56"> if (!allowOptionsMethod) {</span>
	<span class="source-line-no">057</span><span id="line-57"> ConstraintMapping cmo = new ConstraintMapping();</span>
	<span class="source-line-no">058</span><span id="line-58"> cmo.setConstraint(c);</span>
	<span class="source-line-no">059</span><span id="line-59"> cmo.setMethod("OPTIONS");</span>
	<span class="source-line-no">060</span><span id="line-60"> cmo.setPathSpec("/*");</span>
	<span class="source-line-no">061</span><span id="line-61"> securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt, cmo });</span>
	<span class="source-line-no">062</span><span id="line-62"> } else {</span>
	<span class="source-line-no">063</span><span id="line-63"> securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt });</span>
	<span class="source-line-no">064</span><span id="line-64"> }</span>
	<span class="source-line-no">065</span><span id="line-65"></span>
	<span class="source-line-no">066</span><span id="line-66"> ctxHandler.setSecurityHandler(securityHandler);</span>
	<span class="source-line-no">067</span><span id="line-67"> }</span>
	<span class="source-line-no">068</span><span id="line-68"></span>
	<span class="source-line-no">069</span><span id="line-69"> public static void addClickjackingPreventionFilter(ServletContextHandler ctxHandler,</span>
	<span class="source-line-no">070</span><span id="line-70"> Configuration conf, String pathSpec) {</span>
	<span class="source-line-no">071</span><span id="line-71"> FilterHolder holder = new FilterHolder();</span>
	<span class="source-line-no">072</span><span id="line-72"> holder.setName("clickjackingprevention");</span>
	<span class="source-line-no">073</span><span id="line-73"> holder.setClassName(ClickjackingPreventionFilter.class.getName());</span>
	<span class="source-line-no">074</span><span id="line-74"> holder.setInitParameters(ClickjackingPreventionFilter.getDefaultParameters(conf));</span>
	<span class="source-line-no">075</span><span id="line-75"> ctxHandler.addFilter(holder, pathSpec, EnumSet.allOf(DispatcherType.class));</span>
	<span class="source-line-no">076</span><span id="line-76"> }</span>
	<span class="source-line-no">077</span><span id="line-77"></span>
	<span class="source-line-no">078</span><span id="line-78"> public static void addSecurityHeadersFilter(ServletContextHandler ctxHandler, Configuration conf,</span>
	<span class="source-line-no">079</span><span id="line-79"> boolean isSecure, String pathSpec) {</span>
	<span class="source-line-no">080</span><span id="line-80"> FilterHolder holder = new FilterHolder();</span>
	<span class="source-line-no">081</span><span id="line-81"> holder.setName("securityheaders");</span>
	<span class="source-line-no">082</span><span id="line-82"> holder.setClassName(SecurityHeadersFilter.class.getName());</span>
	<span class="source-line-no">083</span><span id="line-83"> holder.setInitParameters(SecurityHeadersFilter.getDefaultParameters(conf, isSecure));</span>
	<span class="source-line-no">084</span><span id="line-84"> ctxHandler.addFilter(holder, pathSpec, EnumSet.allOf(DispatcherType.class));</span>
	<span class="source-line-no">085</span><span id="line-85"> }</span>
	<span class="source-line-no">086</span><span id="line-86"></span>
	<span class="source-line-no">087</span><span id="line-87"> private HttpServerUtil() {</span>
	<span class="source-line-no">088</span><span id="line-88"> }</span>
	<span class="source-line-no">089</span><span id="line-89">}</span>




























































	</pre>
	</div>
	</main>
	</body>
	</html>