Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11677

Add cookie flags for logs and static contexts

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.8.0, 3.0.0-alpha1
    • Component/s: None
    • Labels:
    • Hadoop Flags:
      Reviewed

      Description

      In HTTPServer2.java for the default context the secure attributes are set.

      SessionManager sm = webAppContext.getSessionHandler().getSessionManager();
          if (sm instanceof AbstractSessionManager) {
            AbstractSessionManager asm = (AbstractSessionManager)sm;
            asm.setHttpOnly(true);
            asm.setSecureCookies(true);
          }
      

      But when the contexts are created for /logs and /static, new contexts are created and the session handler is assigned as null.

      Here also the secure attributes needs to be set.

      Is it not done intentionally ? please give your thought

      Background
      trying to add login action for HTTP pages. After this when security test tool is used, it reports error for these 2 urls (/logs and /static).

      1. HADOOP-11677-2.patch
        2 kB
        nijel
      2. HADOOP-11677.1.patch
        2 kB
        nijel
      3. 001-HADOOP-11677.patch
        2 kB
        nijel

        Activity

        Hide
        nijel nijel added a comment -

        attaching the patch with the change.
        Please review if the change make sense.

        Show
        nijel nijel added a comment - attaching the patch with the change. Please review if the change make sense.
        Hide
        nijel nijel added a comment -

        Please review the patch

        Show
        nijel nijel added a comment - Please review the patch
        Hide
        hadoopqa Hadoop QA added a comment -



        -1 overall



        Vote Subsystem Runtime Comment
        0 pre-patch 14m 34s Pre-patch trunk compilation is healthy.
        +1 @author 0m 0s The patch does not contain any @author tags.
        -1 tests included 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
        +1 whitespace 0m 0s The patch has no lines that end in whitespace.
        -1 javac 0m 35s The patch appears to cause the build to fail.



        Subsystem Report/Notes
        Patch URL http://issues.apache.org/jira/secure/attachment/12729185/HADOOP-11677.1.patch
        Optional Tests javadoc javac unit findbugs checkstyle
        git revision trunk / 8f82970
        Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/6214/console

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 pre-patch 14m 34s Pre-patch trunk compilation is healthy. +1 @author 0m 0s The patch does not contain any @author tags. -1 tests included 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 whitespace 0m 0s The patch has no lines that end in whitespace. -1 javac 0m 35s The patch appears to cause the build to fail. Subsystem Report/Notes Patch URL http://issues.apache.org/jira/secure/attachment/12729185/HADOOP-11677.1.patch Optional Tests javadoc javac unit findbugs checkstyle git revision trunk / 8f82970 Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/6214/console This message was automatically generated.
        Hide
        nijel nijel added a comment -

        Added missing import.

        Could not find any test class for HTTPServer2. I will try to add tests for this class

        Show
        nijel nijel added a comment - Added missing import. Could not find any test class for HTTPServer2. I will try to add tests for this class
        Hide
        hadoopqa Hadoop QA added a comment -



        -1 overall



        Vote Subsystem Runtime Comment
        0 pre-patch 14m 34s Pre-patch trunk compilation is healthy.
        +1 @author 0m 0s The patch does not contain any @author tags.
        -1 tests included 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch.
        +1 whitespace 0m 0s The patch has no lines that end in whitespace.
        +1 javac 7m 26s There were no new javac warning messages.
        +1 javadoc 9m 35s There were no new javadoc warning messages.
        +1 release audit 0m 23s The applied patch does not increase the total number of release audit warnings.
        +1 checkstyle 5m 30s There were no new checkstyle issues.
        +1 install 1m 34s mvn install still works.
        +1 eclipse:eclipse 0m 32s The patch built with eclipse:eclipse.
        +1 findbugs 1m 41s The patch does not introduce any new Findbugs (version 2.0.3) warnings.
        +1 common tests 22m 55s Tests passed in hadoop-common.
            64m 15s  



        Subsystem Report/Notes
        Patch URL http://issues.apache.org/jira/secure/attachment/12729379/HADOOP-11677-2.patch
        Optional Tests javadoc javac unit findbugs checkstyle
        git revision trunk / aa22450
        hadoop-common test log https://builds.apache.org/job/PreCommit-HADOOP-Build/6224/artifact/patchprocess/testrun_hadoop-common.txt
        Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/6224/testReport/
        Java 1.7.0_55
        uname Linux asf906.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
        Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/6224/console

        This message was automatically generated.

        Show
        hadoopqa Hadoop QA added a comment - -1 overall Vote Subsystem Runtime Comment 0 pre-patch 14m 34s Pre-patch trunk compilation is healthy. +1 @author 0m 0s The patch does not contain any @author tags. -1 tests included 0m 0s The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. +1 whitespace 0m 0s The patch has no lines that end in whitespace. +1 javac 7m 26s There were no new javac warning messages. +1 javadoc 9m 35s There were no new javadoc warning messages. +1 release audit 0m 23s The applied patch does not increase the total number of release audit warnings. +1 checkstyle 5m 30s There were no new checkstyle issues. +1 install 1m 34s mvn install still works. +1 eclipse:eclipse 0m 32s The patch built with eclipse:eclipse. +1 findbugs 1m 41s The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 common tests 22m 55s Tests passed in hadoop-common.     64m 15s   Subsystem Report/Notes Patch URL http://issues.apache.org/jira/secure/attachment/12729379/HADOOP-11677-2.patch Optional Tests javadoc javac unit findbugs checkstyle git revision trunk / aa22450 hadoop-common test log https://builds.apache.org/job/PreCommit-HADOOP-Build/6224/artifact/patchprocess/testrun_hadoop-common.txt Test Results https://builds.apache.org/job/PreCommit-HADOOP-Build/6224/testReport/ Java 1.7.0_55 uname Linux asf906.gq1.ygridcore.net 3.13.0-36-lowlatency #63-Ubuntu SMP PREEMPT Wed Sep 3 21:56:12 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux Console output https://builds.apache.org/job/PreCommit-HADOOP-Build/6224/console This message was automatically generated.
        Hide
        wheat9 Haohui Mai added a comment -

        I think it is a bug as the spnego filter might set cookies for both the logs and static context.

        +1. Committing.

        Show
        wheat9 Haohui Mai added a comment - I think it is a bug as the spnego filter might set cookies for both the logs and static context. +1. Committing.
        Hide
        wheat9 Haohui Mai added a comment -

        I've committed the patch to trunk and branch-2. Thanks nijel for the contribution.

        Show
        wheat9 Haohui Mai added a comment - I've committed the patch to trunk and branch-2. Thanks nijel for the contribution.
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-trunk-Commit #8856 (See https://builds.apache.org/job/Hadoop-trunk-Commit/8856/)
        HADOOP-11677. Add cookie flags for logs and static contexts. Contributed (wheat9: rev 611aa77f750986190a94ee88d1148a05f66513d0)

        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
        • hadoop-common-project/hadoop-common/CHANGES.txt
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-trunk-Commit #8856 (See https://builds.apache.org/job/Hadoop-trunk-Commit/8856/ ) HADOOP-11677 . Add cookie flags for logs and static contexts. Contributed (wheat9: rev 611aa77f750986190a94ee88d1148a05f66513d0) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java hadoop-common-project/hadoop-common/CHANGES.txt
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #700 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/700/)
        HADOOP-11677. Add cookie flags for logs and static contexts. Contributed (wheat9: rev 611aa77f750986190a94ee88d1148a05f66513d0)

        • hadoop-common-project/hadoop-common/CHANGES.txt
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk-Java8 #700 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk-Java8/700/ ) HADOOP-11677 . Add cookie flags for logs and static contexts. Contributed (wheat9: rev 611aa77f750986190a94ee88d1148a05f66513d0) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Mapreduce-trunk #2641 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2641/)
        HADOOP-11677. Add cookie flags for logs and static contexts. Contributed (wheat9: rev 611aa77f750986190a94ee88d1148a05f66513d0)

        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
        • hadoop-common-project/hadoop-common/CHANGES.txt
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Mapreduce-trunk #2641 (See https://builds.apache.org/job/Hadoop-Mapreduce-trunk/2641/ ) HADOOP-11677 . Add cookie flags for logs and static contexts. Contributed (wheat9: rev 611aa77f750986190a94ee88d1148a05f66513d0) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java hadoop-common-project/hadoop-common/CHANGES.txt
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Yarn-trunk #1435 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/1435/)
        HADOOP-11677. Add cookie flags for logs and static contexts. Contributed (wheat9: rev 611aa77f750986190a94ee88d1148a05f66513d0)

        • hadoop-common-project/hadoop-common/CHANGES.txt
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Yarn-trunk #1435 (See https://builds.apache.org/job/Hadoop-Yarn-trunk/1435/ ) HADOOP-11677 . Add cookie flags for logs and static contexts. Contributed (wheat9: rev 611aa77f750986190a94ee88d1148a05f66513d0) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
        Hide
        hudson Hudson added a comment -

        SUCCESS: Integrated in Hadoop-Yarn-trunk-Java8 #711 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/711/)
        HADOOP-11677. Add cookie flags for logs and static contexts. Contributed (wheat9: rev 611aa77f750986190a94ee88d1148a05f66513d0)

        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
        • hadoop-common-project/hadoop-common/CHANGES.txt
        Show
        hudson Hudson added a comment - SUCCESS: Integrated in Hadoop-Yarn-trunk-Java8 #711 (See https://builds.apache.org/job/Hadoop-Yarn-trunk-Java8/711/ ) HADOOP-11677 . Add cookie flags for logs and static contexts. Contributed (wheat9: rev 611aa77f750986190a94ee88d1148a05f66513d0) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java hadoop-common-project/hadoop-common/CHANGES.txt
        Hide
        hudson Hudson added a comment -

        FAILURE: Integrated in Hadoop-Hdfs-trunk #2568 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2568/)
        HADOOP-11677. Add cookie flags for logs and static contexts. Contributed (wheat9: rev 611aa77f750986190a94ee88d1148a05f66513d0)

        • hadoop-common-project/hadoop-common/CHANGES.txt
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
        Show
        hudson Hudson added a comment - FAILURE: Integrated in Hadoop-Hdfs-trunk #2568 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk/2568/ ) HADOOP-11677 . Add cookie flags for logs and static contexts. Contributed (wheat9: rev 611aa77f750986190a94ee88d1148a05f66513d0) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
        Hide
        hudson Hudson added a comment -

        ABORTED: Integrated in Hadoop-Hdfs-trunk-Java8 #630 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/630/)
        HADOOP-11677. Add cookie flags for logs and static contexts. Contributed (wheat9: rev 611aa77f750986190a94ee88d1148a05f66513d0)

        • hadoop-common-project/hadoop-common/CHANGES.txt
        • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
        Show
        hudson Hudson added a comment - ABORTED: Integrated in Hadoop-Hdfs-trunk-Java8 #630 (See https://builds.apache.org/job/Hadoop-Hdfs-trunk-Java8/630/ ) HADOOP-11677 . Add cookie flags for logs and static contexts. Contributed (wheat9: rev 611aa77f750986190a94ee88d1148a05f66513d0) hadoop-common-project/hadoop-common/CHANGES.txt hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java

          People

          • Assignee:
            nijel nijel
            Reporter:
            nijel nijel
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development