You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2015/10/07 15:52:08 UTC
[27/31] ambari git commit: AMBARI-13304. Add security-related HTTP
headers to Views to keep Ambari up to date with best-practices (rlevas)
AMBARI-13304. Add security-related HTTP headers to Views to keep Ambari up to date with best-practices (rlevas)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/20d08834
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/20d08834
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/20d08834
Branch: refs/heads/branch-dev-patch-upgrade
Commit: 20d08834df93376d9845facc2581e5c8267fe436
Parents: 8eceffe
Author: Robert Levas <rl...@hortonworks.com>
Authored: Wed Oct 7 01:59:20 2015 -0700
Committer: Robert Levas <rl...@hortonworks.com>
Committed: Wed Oct 7 01:59:24 2015 -0700
----------------------------------------------------------------------
.../apache/ambari/server/controller/AmbariHandlerList.java | 8 ++++++++
.../ambari/server/controller/AmbariHandlerListTest.java | 6 ++++++
2 files changed, 14 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/20d08834/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java
index d1a7fde..1265b6a 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java
@@ -20,6 +20,7 @@ package org.apache.ambari.server.controller;
import org.apache.ambari.server.api.AmbariPersistFilter;
import org.apache.ambari.server.orm.entities.ViewEntity;
import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
+import org.apache.ambari.server.security.SecurityHeaderFilter;
import org.apache.ambari.server.view.ViewContextImpl;
import org.apache.ambari.server.view.ViewInstanceHandlerList;
import org.apache.ambari.server.view.ViewRegistry;
@@ -94,6 +95,12 @@ public class AmbariHandlerList extends HandlerCollection implements ViewInstance
DelegatingFilterProxy springSecurityFilter;
/**
+ * The security header filter - conditionlly adds security-related headers to the HTTP response.
+ */
+ @Inject
+ SecurityHeaderFilter securityHeaderFilter;
+
+ /**
* Mapping of view instance entities to handlers.
*/
private final Map<ViewInstanceEntity, Handler> viewHandlerMap = new HashMap<ViewInstanceEntity, Handler>();
@@ -234,6 +241,7 @@ public class AmbariHandlerList extends HandlerCollection implements ViewInstance
webAppContext.setClassLoader(viewInstanceDefinition.getViewEntity().getClassLoader());
webAppContext.setAttribute(ViewContext.CONTEXT_ATTRIBUTE, new ViewContextImpl(viewInstanceDefinition, viewRegistry));
webAppContext.setSessionHandler(new SharedSessionHandler(sessionManager));
+ webAppContext.addFilter(new FilterHolder(securityHeaderFilter), "/*", AmbariServer.DISPATCHER_TYPES);
webAppContext.addFilter(new FilterHolder(persistFilter), "/*", AmbariServer.DISPATCHER_TYPES);
webAppContext.addFilter(new FilterHolder(springSecurityFilter), "/*", AmbariServer.DISPATCHER_TYPES);
webAppContext.setAllowNullPathInfo(true);
http://git-wip-us.apache.org/repos/asf/ambari/blob/20d08834/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java
index 03bf6c4..a0cb8d0 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java
@@ -22,6 +22,7 @@ import org.apache.ambari.server.api.AmbariPersistFilter;
import org.apache.ambari.server.orm.entities.ViewEntity;
import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
import org.apache.ambari.server.orm.entities.ViewInstanceEntityTest;
+import org.apache.ambari.server.security.SecurityHeaderFilter;
import org.apache.ambari.server.view.ViewRegistry;
import org.easymock.Capture;
import org.eclipse.jetty.server.Handler;
@@ -51,6 +52,7 @@ import static org.easymock.EasyMock.verify;
*/
public class AmbariHandlerListTest {
+ private final SecurityHeaderFilter securityHeaderFilter = createNiceMock(SecurityHeaderFilter.class);
private final AmbariPersistFilter persistFilter = createNiceMock(AmbariPersistFilter.class);
private final DelegatingFilterProxy springSecurityFilter = createNiceMock(DelegatingFilterProxy.class);
@@ -66,9 +68,11 @@ public class AmbariHandlerListTest {
expect(handler.getServer()).andReturn(server);
handler.setServer(null);
+ Capture<FilterHolder> securityHeaderFilterCapture = new Capture<FilterHolder>();
Capture<FilterHolder> persistFilterCapture = new Capture<FilterHolder>();
Capture<FilterHolder> securityFilterCapture = new Capture<FilterHolder>();
+ handler.addFilter(capture(securityHeaderFilterCapture), eq("/*"), eq(AmbariServer.DISPATCHER_TYPES));
handler.addFilter(capture(persistFilterCapture), eq("/*"), eq(AmbariServer.DISPATCHER_TYPES));
handler.addFilter(capture(securityFilterCapture), eq("/*"), eq(AmbariServer.DISPATCHER_TYPES));
handler.setAllowNullPathInfo(true);
@@ -83,6 +87,7 @@ public class AmbariHandlerListTest {
Assert.assertTrue(handlers.contains(handler));
+ Assert.assertEquals(securityHeaderFilter, securityHeaderFilterCapture.getValue().getFilter());
Assert.assertEquals(persistFilter, persistFilterCapture.getValue().getFilter());
Assert.assertEquals(springSecurityFilter, securityFilterCapture.getValue().getFilter());
@@ -156,6 +161,7 @@ public class AmbariHandlerListTest {
AmbariHandlerList handlerList = new AmbariHandlerList();
handlerList.webAppContextProvider = new HandlerProvider(handler);
+ handlerList.securityHeaderFilter = securityHeaderFilter;
handlerList.persistFilter = persistFilter;
handlerList.springSecurityFilter = springSecurityFilter;