You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by rl...@apache.org on 2015/10/07 10:59:30 UTC

ambari git commit: AMBARI-13304. Add security-related HTTP headers to Views to keep Ambari up to date with best-practices (rlevas)

Repository: ambari
Updated Branches:
  refs/heads/trunk 8eceffe5d -> 20d08834d


AMBARI-13304. Add security-related HTTP headers to Views to keep Ambari up to date with best-practices (rlevas)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/20d08834
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/20d08834
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/20d08834

Branch: refs/heads/trunk
Commit: 20d08834df93376d9845facc2581e5c8267fe436
Parents: 8eceffe
Author: Robert Levas <rl...@hortonworks.com>
Authored: Wed Oct 7 01:59:20 2015 -0700
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Wed Oct 7 01:59:24 2015 -0700

----------------------------------------------------------------------
 .../apache/ambari/server/controller/AmbariHandlerList.java   | 8 ++++++++
 .../ambari/server/controller/AmbariHandlerListTest.java      | 6 ++++++
 2 files changed, 14 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/20d08834/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java
index d1a7fde..1265b6a 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java
@@ -20,6 +20,7 @@ package org.apache.ambari.server.controller;
 import org.apache.ambari.server.api.AmbariPersistFilter;
 import org.apache.ambari.server.orm.entities.ViewEntity;
 import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
+import org.apache.ambari.server.security.SecurityHeaderFilter;
 import org.apache.ambari.server.view.ViewContextImpl;
 import org.apache.ambari.server.view.ViewInstanceHandlerList;
 import org.apache.ambari.server.view.ViewRegistry;
@@ -94,6 +95,12 @@ public class AmbariHandlerList extends HandlerCollection implements ViewInstance
   DelegatingFilterProxy springSecurityFilter;
 
   /**
+   * The security header filter - conditionlly adds security-related headers to the HTTP response.
+   */
+  @Inject
+  SecurityHeaderFilter securityHeaderFilter;
+
+  /**
    * Mapping of view instance entities to handlers.
    */
   private final Map<ViewInstanceEntity, Handler> viewHandlerMap = new HashMap<ViewInstanceEntity, Handler>();
@@ -234,6 +241,7 @@ public class AmbariHandlerList extends HandlerCollection implements ViewInstance
     webAppContext.setClassLoader(viewInstanceDefinition.getViewEntity().getClassLoader());
     webAppContext.setAttribute(ViewContext.CONTEXT_ATTRIBUTE, new ViewContextImpl(viewInstanceDefinition, viewRegistry));
     webAppContext.setSessionHandler(new SharedSessionHandler(sessionManager));
+    webAppContext.addFilter(new FilterHolder(securityHeaderFilter), "/*", AmbariServer.DISPATCHER_TYPES);
     webAppContext.addFilter(new FilterHolder(persistFilter), "/*", AmbariServer.DISPATCHER_TYPES);
     webAppContext.addFilter(new FilterHolder(springSecurityFilter), "/*", AmbariServer.DISPATCHER_TYPES);
     webAppContext.setAllowNullPathInfo(true);

http://git-wip-us.apache.org/repos/asf/ambari/blob/20d08834/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java
index 03bf6c4..a0cb8d0 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java
@@ -22,6 +22,7 @@ import org.apache.ambari.server.api.AmbariPersistFilter;
 import org.apache.ambari.server.orm.entities.ViewEntity;
 import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
 import org.apache.ambari.server.orm.entities.ViewInstanceEntityTest;
+import org.apache.ambari.server.security.SecurityHeaderFilter;
 import org.apache.ambari.server.view.ViewRegistry;
 import org.easymock.Capture;
 import org.eclipse.jetty.server.Handler;
@@ -51,6 +52,7 @@ import static org.easymock.EasyMock.verify;
  */
 public class AmbariHandlerListTest {
 
+  private final SecurityHeaderFilter securityHeaderFilter = createNiceMock(SecurityHeaderFilter.class);
   private final AmbariPersistFilter persistFilter = createNiceMock(AmbariPersistFilter.class);
   private final DelegatingFilterProxy springSecurityFilter = createNiceMock(DelegatingFilterProxy.class);
 
@@ -66,9 +68,11 @@ public class AmbariHandlerListTest {
     expect(handler.getServer()).andReturn(server);
     handler.setServer(null);
 
+    Capture<FilterHolder> securityHeaderFilterCapture = new Capture<FilterHolder>();
     Capture<FilterHolder> persistFilterCapture = new Capture<FilterHolder>();
     Capture<FilterHolder> securityFilterCapture = new Capture<FilterHolder>();
 
+    handler.addFilter(capture(securityHeaderFilterCapture), eq("/*"), eq(AmbariServer.DISPATCHER_TYPES));
     handler.addFilter(capture(persistFilterCapture), eq("/*"), eq(AmbariServer.DISPATCHER_TYPES));
     handler.addFilter(capture(securityFilterCapture), eq("/*"), eq(AmbariServer.DISPATCHER_TYPES));
     handler.setAllowNullPathInfo(true);
@@ -83,6 +87,7 @@ public class AmbariHandlerListTest {
 
     Assert.assertTrue(handlers.contains(handler));
 
+    Assert.assertEquals(securityHeaderFilter, securityHeaderFilterCapture.getValue().getFilter());
     Assert.assertEquals(persistFilter, persistFilterCapture.getValue().getFilter());
     Assert.assertEquals(springSecurityFilter, securityFilterCapture.getValue().getFilter());
 
@@ -156,6 +161,7 @@ public class AmbariHandlerListTest {
     AmbariHandlerList handlerList = new AmbariHandlerList();
 
     handlerList.webAppContextProvider = new HandlerProvider(handler);
+    handlerList.securityHeaderFilter = securityHeaderFilter;
     handlerList.persistFilter = persistFilter;
     handlerList.springSecurityFilter = springSecurityFilter;