1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.hadoop.hbase.http.jmx;
19
20 import java.io.IOException;
21 import java.io.PrintWriter;
22 import java.lang.management.ManagementFactory;
23
24 import javax.management.MBeanServer;
25 import javax.management.MalformedObjectNameException;
26 import javax.management.ObjectName;
27 import javax.management.ReflectionException;
28 import javax.management.RuntimeErrorException;
29 import javax.management.RuntimeMBeanException;
30 import javax.management.openmbean.CompositeData;
31 import javax.management.openmbean.TabularData;
32 import javax.servlet.ServletException;
33 import javax.servlet.http.HttpServlet;
34 import javax.servlet.http.HttpServletRequest;
35 import javax.servlet.http.HttpServletResponse;
36
37 import org.apache.commons.logging.Log;
38 import org.apache.commons.logging.LogFactory;
39 import org.apache.hadoop.hbase.http.HttpServer;
40 import org.apache.hadoop.hbase.util.JSONBean;
41 import org.owasp.esapi.ESAPI;
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117 public class JMXJsonServlet extends HttpServlet {
118 private static final Log LOG = LogFactory.getLog(JMXJsonServlet.class);
119
120 private static final long serialVersionUID = 1L;
121
122 private static final String CALLBACK_PARAM = "callback";
123
124
125
126
127
128 private static final String INCLUDE_DESCRIPTION = "description";
129
130
131
132
133 protected transient MBeanServer mBeanServer;
134
135 protected transient JSONBean jsonBeanWriter;
136
137
138
139
140 @Override
141 public void init() throws ServletException {
142
143 mBeanServer = ManagementFactory.getPlatformMBeanServer();
144 this.jsonBeanWriter = new JSONBean();
145 }
146
147
148
149
150
151
152
153
154
155 @Override
156 @edu.umd.cs.findbugs.annotations.SuppressWarnings(value="XSS_REQUEST_PARAMETER_TO_SERVLET_WRITER",
157 justification="TODO: See HBASE-15122")
158 public void doGet(HttpServletRequest request, HttpServletResponse response) {
159 try {
160 if (!HttpServer.isInstrumentationAccessAllowed(getServletContext(), request, response)) {
161 return;
162 }
163 String jsonpcb = null;
164 PrintWriter writer = null;
165 JSONBean.Writer beanWriter = null;
166 try {
167 writer = response.getWriter();
168 beanWriter = this.jsonBeanWriter.open(writer);
169
170 jsonpcb = request.getParameter(CALLBACK_PARAM);
171 if (jsonpcb != null) {
172 response.setContentType("application/javascript; charset=utf8");
173 writer.write(encodeJS(jsonpcb) + "(");
174 } else {
175 response.setContentType("application/json; charset=utf8");
176 }
177
178 String tmpStr = request.getParameter(INCLUDE_DESCRIPTION);
179 boolean description = tmpStr != null && tmpStr.length() > 0;
180
181
182 String getmethod = request.getParameter("get");
183 if (getmethod != null) {
184 String[] splitStrings = getmethod.split("\\:\\:");
185 if (splitStrings.length != 2) {
186 beanWriter.write("result", "ERROR");
187 beanWriter.write("message", "query format is not as expected.");
188 beanWriter.flush();
189 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
190 return;
191 }
192 if (beanWriter.write(this.mBeanServer, new ObjectName(splitStrings[0]),
193 splitStrings[1], description) != 0) {
194 beanWriter.flush();
195 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
196 }
197 return;
198 }
199
200
201 String qry = request.getParameter("qry");
202 if (qry == null) {
203 qry = "*:*";
204 }
205 if (beanWriter.write(this.mBeanServer, new ObjectName(qry), null, description) != 0) {
206 beanWriter.flush();
207 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
208 }
209 } finally {
210 if (beanWriter != null) beanWriter.close();
211 if (jsonpcb != null) {
212 writer.write(");");
213 }
214 if (writer != null) {
215 writer.close();
216 }
217 }
218 } catch (IOException e) {
219 LOG.error("Caught an exception while processing JMX request", e);
220 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
221 } catch (MalformedObjectNameException e) {
222 LOG.error("Caught an exception while processing JMX request", e);
223 response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
224 }
225 }
226
227 private String encodeJS(String inputStr) {
228 return ESAPI.encoder().encodeForJavaScript(inputStr);
229 }
230
231 }