You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by dh...@apache.org on 2021/12/09 13:23:09 UTC
[ranger] branch master updated: RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797
This is an automated email from the ASF dual-hosted git repository.
dhavalshah9131 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new a3d7982 RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797
a3d7982 is described below
commit a3d798253605b5cb51cbce03489a9e36c3b338b8
Author: Dhaval Shah <dh...@gmail.com>
AuthorDate: Mon Nov 29 11:56:42 2021 +0530
RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797
---
.../org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
index f0e92b8..1174f0b 100644
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
@@ -27,6 +27,8 @@ import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import java.io.IOException;
/**
@@ -73,9 +75,11 @@ public class KMSMDCFilter implements Filter {
throws IOException, ServletException {
try {
String path = ((HttpServletRequest) request).getRequestURI();
+ HttpServletResponse resp = (HttpServletResponse) response;
+ resp.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
if (path.startsWith(RANGER_KMS_REST_API_PATH)) {
- chain.doFilter(request, response);
+ chain.doFilter(request, resp);
} else {
DATA_TL.remove();
UserGroupInformation ugi = HttpUserGroupInformation.get();
@@ -86,7 +90,7 @@ public class KMSMDCFilter implements Filter {
requestURL.append("?").append(queryString);
}
DATA_TL.set(new Data(ugi, method, requestURL.toString()));
- chain.doFilter(request, response);
+ chain.doFilter(request, resp);
}
} finally {
DATA_TL.remove();