You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Robert Levas <rl...@hortonworks.com> on 2015/09/30 15:12:56 UTC
Review Request 38893: Backport from 2.1.0 - Set HttpOnly and Secure
flags for Ambari session cookies
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38893/
-----------------------------------------------------------
Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, and Vitalyi Brodetskyi.
Bugs: ABMARI-13272
https://issues.apache.org/jira/browse/ABMARI-13272
Repository: ambari
Description
-------
1) https://www.owasp.org/index.php/HttpOnly
2) https://www.owasp.org/index.php/SecureFlag
This is a backport of the patch that resolved https://issues.apache.org/jira/browse/AMBARI-11129.
Diffs
-----
ambari-project/pom.xml ddbfdb7
ambari-server/pom.xml 05fbd7c
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java 4207007
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java 24dc23d
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariSessionManager.java 721d95b
ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java 8061c43
ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java afad6ce
ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariServerTest.java 484f398
ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariSessionManagerTest.java 058baa1
Diff: https://reviews.apache.org/r/38893/diff/
Testing
-------
Manually tested
Units tests pass, but there may be a race condition (not related to this patch) causing a test in `org.apache.ambari.server.state.cluster.ClusterTest` to fail.
```
testRecalculateAllClusterVersionStates(org.apache.ambari.server.state.cluster.ClusterTest): expected:<INSTALLING> but was:<OUT_OF_SYNC>
```
Thanks,
Robert Levas
Re: Review Request 38893: Backport from 2.1.0 - Set HttpOnly and
Secure flags for Ambari session cookies
Posted by Vitalyi Brodetskyi <vb...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38893/#review101219
-----------------------------------------------------------
Ship it!
Ship It!
- Vitalyi Brodetskyi
On Вер. 30, 2015, 1:14 після полудня, Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38893/
> -----------------------------------------------------------
>
> (Updated Вер. 30, 2015, 1:14 після полудня)
>
>
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, and Vitalyi Brodetskyi.
>
>
> Bugs: AMBARI-13272
> https://issues.apache.org/jira/browse/AMBARI-13272
>
>
> Repository: ambari
>
>
> Description
> -------
>
> 1) https://www.owasp.org/index.php/HttpOnly
>
> 2) https://www.owasp.org/index.php/SecureFlag
>
> This is a backport of the patch that resolved https://issues.apache.org/jira/browse/AMBARI-11129.
>
>
> Diffs
> -----
>
> ambari-project/pom.xml ddbfdb7
> ambari-server/pom.xml 05fbd7c
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java 4207007
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java 24dc23d
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariSessionManager.java 721d95b
> ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java 8061c43
> ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java afad6ce
> ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariServerTest.java 484f398
> ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariSessionManagerTest.java 058baa1
>
> Diff: https://reviews.apache.org/r/38893/diff/
>
>
> Testing
> -------
>
> Manually tested
> Units tests pass, but there may be a race condition (not related to this patch) causing a test in `org.apache.ambari.server.state.cluster.ClusterTest` to fail.
> ```
> testRecalculateAllClusterVersionStates(org.apache.ambari.server.state.cluster.ClusterTest): expected:<INSTALLING> but was:<OUT_OF_SYNC>
> ```
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 38893: Backport from 2.1.0 - Set HttpOnly and
Secure flags for Ambari session cookies
Posted by Myroslav Papirkovskyy <mp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38893/#review101218
-----------------------------------------------------------
Ship it!
Ship It!
- Myroslav Papirkovskyy
On Вер. 30, 2015, 4:14 після полудня, Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38893/
> -----------------------------------------------------------
>
> (Updated Вер. 30, 2015, 4:14 після полудня)
>
>
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, and Vitalyi Brodetskyi.
>
>
> Bugs: AMBARI-13272
> https://issues.apache.org/jira/browse/AMBARI-13272
>
>
> Repository: ambari
>
>
> Description
> -------
>
> 1) https://www.owasp.org/index.php/HttpOnly
>
> 2) https://www.owasp.org/index.php/SecureFlag
>
> This is a backport of the patch that resolved https://issues.apache.org/jira/browse/AMBARI-11129.
>
>
> Diffs
> -----
>
> ambari-project/pom.xml ddbfdb7
> ambari-server/pom.xml 05fbd7c
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java 4207007
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java 24dc23d
> ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariSessionManager.java 721d95b
> ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java 8061c43
> ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java afad6ce
> ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariServerTest.java 484f398
> ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariSessionManagerTest.java 058baa1
>
> Diff: https://reviews.apache.org/r/38893/diff/
>
>
> Testing
> -------
>
> Manually tested
> Units tests pass, but there may be a race condition (not related to this patch) causing a test in `org.apache.ambari.server.state.cluster.ClusterTest` to fail.
> ```
> testRecalculateAllClusterVersionStates(org.apache.ambari.server.state.cluster.ClusterTest): expected:<INSTALLING> but was:<OUT_OF_SYNC>
> ```
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 38893: Backport from 2.1.0 - Set HttpOnly and
Secure flags for Ambari session cookies
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38893/
-----------------------------------------------------------
(Updated Sept. 30, 2015, 9:14 a.m.)
Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, and Vitalyi Brodetskyi.
Bugs: AMBARI-13272
https://issues.apache.org/jira/browse/AMBARI-13272
Repository: ambari
Description
-------
1) https://www.owasp.org/index.php/HttpOnly
2) https://www.owasp.org/index.php/SecureFlag
This is a backport of the patch that resolved https://issues.apache.org/jira/browse/AMBARI-11129.
Diffs
-----
ambari-project/pom.xml ddbfdb7
ambari-server/pom.xml 05fbd7c
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java 4207007
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java 24dc23d
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariSessionManager.java 721d95b
ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java 8061c43
ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java afad6ce
ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariServerTest.java 484f398
ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariSessionManagerTest.java 058baa1
Diff: https://reviews.apache.org/r/38893/diff/
Testing
-------
Manually tested
Units tests pass, but there may be a race condition (not related to this patch) causing a test in `org.apache.ambari.server.state.cluster.ClusterTest` to fail.
```
testRecalculateAllClusterVersionStates(org.apache.ambari.server.state.cluster.ClusterTest): expected:<INSTALLING> but was:<OUT_OF_SYNC>
```
Thanks,
Robert Levas