Repository: cxf Updated Branches: refs/heads/master ef16fd3cc -> 92279f27c
[CXF-7114] Blocking HTTP TRACE in the embedded Jetty handler, patch from Joe Luo applied Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/92279f27 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/92279f27 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/92279f27 Branch: refs/heads/master Commit: 92279f27c298ee0e0c611807ad024d7a8450761d Parents: ef16fd3 Author: Sergey Beryozkin <[email protected]> Authored: Thu Nov 3 16:29:01 2016 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Thu Nov 3 16:31:40 2016 +0000 ---------------------------------------------------------------------- .../transport/http_jetty/JettyHTTPHandler.java | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/92279f27/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPHandler.java ---------------------------------------------------------------------- diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPHandler.java b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPHandler.java index 9904a33..a834734 100644 --- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPHandler.java +++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPHandler.java @@ -31,6 +31,8 @@ import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.handler.AbstractHandler; public class JettyHTTPHandler extends AbstractHandler { + private static final String METHOD_TRACE = "TRACE"; + protected JettyHTTPDestination jettyHTTPDestination; protected ServletContext servletContext; private String urlName; @@ -61,13 +63,18 @@ public class JettyHTTPHandler extends AbstractHandler { public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { - if (contextMatchExact) { - if (target.equals(urlName)) { - jettyHTTPDestination.doService(servletContext, request, response); - } + if (request.getMethod().equals(METHOD_TRACE)) { + baseRequest.setHandled(true); + response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED); } else { - if (target.equals(urlName) || HttpUrlUtil.checkContextPath(urlName, target)) { - jettyHTTPDestination.doService(servletContext, request, response); + if (contextMatchExact) { + if (target.equals(urlName)) { + jettyHTTPDestination.doService(servletContext, request, response); + } + } else { + if (target.equals(urlName) || HttpUrlUtil.checkContextPath(urlName, target)) { + jettyHTTPDestination.doService(servletContext, request, response); + } } }
