Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.http;
019
020import java.util.EnumSet;
021import javax.servlet.DispatcherType;
022import org.apache.hadoop.conf.Configuration;
023import org.apache.yetus.audience.InterfaceAudience;
024
025import org.apache.hbase.thirdparty.org.eclipse.jetty.security.ConstraintMapping;
026import org.apache.hbase.thirdparty.org.eclipse.jetty.security.ConstraintSecurityHandler;
027import org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.FilterHolder;
028import org.apache.hbase.thirdparty.org.eclipse.jetty.servlet.ServletContextHandler;
029import org.apache.hbase.thirdparty.org.eclipse.jetty.util.security.Constraint;
030
031/**
032 * HttpServer utility.
033 */
034@InterfaceAudience.Private
035public final class HttpServerUtil {
036
037  public static final String PATH_SPEC_ANY = "/*";
038
039  /**
040   * Add constraints to a Jetty Context to disallow undesirable Http methods.
041   * @param ctxHandler         The context to modify
042   * @param allowOptionsMethod if true then OPTIONS method will not be set in constraint mapping
043   */
044  public static void constrainHttpMethods(ServletContextHandler ctxHandler,
045    boolean allowOptionsMethod) {
046    Constraint c = new Constraint();
047    c.setAuthenticate(true);
048
049    ConstraintMapping cmt = new ConstraintMapping();
050    cmt.setConstraint(c);
051    cmt.setMethod("TRACE");
052    cmt.setPathSpec("/*");
053
054    ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
055
056    if (!allowOptionsMethod) {
057      ConstraintMapping cmo = new ConstraintMapping();
058      cmo.setConstraint(c);
059      cmo.setMethod("OPTIONS");
060      cmo.setPathSpec("/*");
061      securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt, cmo });
062    } else {
063      securityHandler.setConstraintMappings(new ConstraintMapping[] { cmt });
064    }
065
066    ctxHandler.setSecurityHandler(securityHandler);
067  }
068
069  public static void addClickjackingPreventionFilter(ServletContextHandler ctxHandler,
070    Configuration conf, String pathSpec) {
071    FilterHolder holder = new FilterHolder();
072    holder.setName("clickjackingprevention");
073    holder.setClassName(ClickjackingPreventionFilter.class.getName());
074    holder.setInitParameters(ClickjackingPreventionFilter.getDefaultParameters(conf));
075    ctxHandler.addFilter(holder, pathSpec, EnumSet.allOf(DispatcherType.class));
076  }
077
078  public static void addSecurityHeadersFilter(ServletContextHandler ctxHandler, Configuration conf,
079    boolean isSecure, String pathSpec) {
080    FilterHolder holder = new FilterHolder();
081    holder.setName("securityheaders");
082    holder.setClassName(SecurityHeadersFilter.class.getName());
083    holder.setInitParameters(SecurityHeadersFilter.getDefaultParameters(conf, isSecure));
084    ctxHandler.addFilter(holder, pathSpec, EnumSet.allOf(DispatcherType.class));
085  }
086
087  private HttpServerUtil() {
088  }
089}