Repository: cxf Updated Branches: refs/heads/3.1.x-fixes cfe80c486 -> a331c5420
[CXF-7114] Blocking HTTP TRACE in the embedded Jetty handler, patch from Joe Luo applied Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a331c542 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a331c542 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a331c542 Branch: refs/heads/3.1.x-fixes Commit: a331c54206d31c5090061b7d8a2faf8bc6d4786a Parents: cfe80c4 Author: Sergey Beryozkin <[email protected]> Authored: Thu Nov 3 16:29:01 2016 +0000 Committer: Sergey Beryozkin <[email protected]> Committed: Thu Nov 3 16:30:35 2016 +0000 ---------------------------------------------------------------------- .../transport/http_jetty/JettyHTTPHandler.java | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/a331c542/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPHandler.java ---------------------------------------------------------------------- diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPHandler.java b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPHandler.java index 9904a33..a834734 100644 --- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPHandler.java +++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPHandler.java @@ -31,6 +31,8 @@ import org.eclipse.jetty.server.Request; import org.eclipse.jetty.server.handler.AbstractHandler; public class JettyHTTPHandler extends AbstractHandler { + private static final String METHOD_TRACE = "TRACE"; + protected JettyHTTPDestination jettyHTTPDestination; protected ServletContext servletContext; private String urlName; @@ -61,13 +63,18 @@ public class JettyHTTPHandler extends AbstractHandler { public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { - if (contextMatchExact) { - if (target.equals(urlName)) { - jettyHTTPDestination.doService(servletContext, request, response); - } + if (request.getMethod().equals(METHOD_TRACE)) { + baseRequest.setHandled(true); + response.setStatus(HttpServletResponse.SC_METHOD_NOT_ALLOWED); } else { - if (target.equals(urlName) || HttpUrlUtil.checkContextPath(urlName, target)) { - jettyHTTPDestination.doService(servletContext, request, response); + if (contextMatchExact) { + if (target.equals(urlName)) { + jettyHTTPDestination.doService(servletContext, request, response); + } + } else { + if (target.equals(urlName) || HttpUrlUtil.checkContextPath(urlName, target)) { + jettyHTTPDestination.doService(servletContext, request, response); + } } }
