Repository: hadoop Updated Branches: refs/heads/branch-2.8 74c05e535 -> 3fced13ea
HADOOP-12584. Disable browsing the static directory in HttpServer2. Contributed by Robert Kanter. (cherry picked from commit 9c89bcd04212543ae279d34938ec2ad319e5ba6d) (cherry picked from commit 6f80be98758ff5d53a192f86ada6cc4062fcdef8) Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/3fced13e Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/3fced13e Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/3fced13e Branch: refs/heads/branch-2.8 Commit: 3fced13eae942212a530f72bca9cc75f1ad2f26d Parents: 74c05e5 Author: Akira Ajisaka <[email protected]> Authored: Tue Jan 12 13:30:58 2016 +0900 Committer: Akira Ajisaka <[email protected]> Committed: Tue Jan 12 13:35:03 2016 +0900 ---------------------------------------------------------------------- hadoop-common-project/hadoop-common/CHANGES.txt | 3 +++ .../src/main/java/org/apache/hadoop/http/HttpServer2.java | 3 +++ .../src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java | 4 +--- 3 files changed, 7 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/3fced13e/hadoop-common-project/hadoop-common/CHANGES.txt ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/CHANGES.txt b/hadoop-common-project/hadoop-common/CHANGES.txt index b7367d8..264c53d 100644 --- a/hadoop-common-project/hadoop-common/CHANGES.txt +++ b/hadoop-common-project/hadoop-common/CHANGES.txt @@ -917,6 +917,9 @@ Release 2.8.0 - UNRELEASED HADOOP-12551. Introduce FileNotFoundException for WASB FileSystem API (Dushyanth via cnauroth) + HADOOP-12584. Disable browsing the static directory in HttpServer2. + (Robert Kanter via aajisaka) + Release 2.7.3 - UNRELEASED INCOMPATIBLE CHANGES http://git-wip-us.apache.org/repos/asf/hadoop/blob/3fced13e/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java index 717c9e3..9fb4356 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java @@ -571,6 +571,9 @@ public final class HttpServer2 implements FilterContainer { staticContext.setResourceBase(appDir + "/static"); staticContext.addServlet(DefaultServlet.class, "/*"); staticContext.setDisplayName("static"); + @SuppressWarnings("unchecked") + Map<String, String> params = staticContext.getInitParams(); + params.put("org.mortbay.jetty.servlet.Default.dirAllowed", "false"); SessionHandler handler = new SessionHandler(); SessionManager sm = handler.getSessionManager(); if (sm instanceof AbstractSessionManager) { http://git-wip-us.apache.org/repos/asf/hadoop/blob/3fced13e/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java index 6eaeb2b..acec205 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-common/src/test/java/org/apache/hadoop/yarn/webapp/TestWebApp.java @@ -261,7 +261,7 @@ public class TestWebApp { } // This is to test the GuiceFilter should only be applied to webAppContext, - // not to staticContext and logContext; + // not to logContext; @Test public void testYARNWebAppContext() throws Exception { // setting up the log context System.setProperty("hadoop.log.dir", "/Not/Existing/dir"); @@ -272,8 +272,6 @@ public class TestWebApp { }); String baseUrl = baseUrl(app); try { - // should not redirect to foo - assertFalse("foo".equals(getContent(baseUrl +"static").trim())); // Not able to access a non-existing dir, should not redirect to foo. assertEquals(404, getResponseCode(baseUrl +"logs")); // should be able to redirect to foo.
