Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11677

Add cookie flags for logs and static contexts

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.8.0, 3.0.0-alpha1
    • Component/s: None
    • Labels:
    • Hadoop Flags:
      Reviewed

      Description

      In HTTPServer2.java for the default context the secure attributes are set.

      SessionManager sm = webAppContext.getSessionHandler().getSessionManager();
          if (sm instanceof AbstractSessionManager) {
            AbstractSessionManager asm = (AbstractSessionManager)sm;
            asm.setHttpOnly(true);
            asm.setSecureCookies(true);
          }
      

      But when the contexts are created for /logs and /static, new contexts are created and the session handler is assigned as null.

      Here also the secure attributes needs to be set.

      Is it not done intentionally ? please give your thought

      Background
      trying to add login action for HTTP pages. After this when security test tool is used, it reports error for these 2 urls (/logs and /static).

        Attachments

        1. 001-HADOOP-11677.patch
          2 kB
          nijel
        2. HADOOP-11677.1.patch
          2 kB
          nijel
        3. HADOOP-11677-2.patch
          2 kB
          nijel

          Activity

            People

            • Assignee:
              nijel nijel
              Reporter:
              nijel nijel
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: