You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ambari.apache.org by Robert Levas <rl...@hortonworks.com> on 2015/09/30 15:12:56 UTC

Review Request 38893: Backport from 2.1.0 - Set HttpOnly and Secure flags for Ambari session cookies

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38893/
-----------------------------------------------------------

Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, and Vitalyi Brodetskyi.


Bugs: ABMARI-13272
    https://issues.apache.org/jira/browse/ABMARI-13272


Repository: ambari


Description
-------

1) https://www.owasp.org/index.php/HttpOnly

2) https://www.owasp.org/index.php/SecureFlag

This is a backport of the patch that resolved https://issues.apache.org/jira/browse/AMBARI-11129.


Diffs
-----

  ambari-project/pom.xml ddbfdb7 
  ambari-server/pom.xml 05fbd7c 
  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java 4207007 
  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java 24dc23d 
  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariSessionManager.java 721d95b 
  ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java 8061c43 
  ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java afad6ce 
  ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariServerTest.java 484f398 
  ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariSessionManagerTest.java 058baa1 

Diff: https://reviews.apache.org/r/38893/diff/


Testing
-------

Manually tested 
Units tests pass, but there may be a race condition (not related to this patch) causing a test in `org.apache.ambari.server.state.cluster.ClusterTest` to fail.
```
  testRecalculateAllClusterVersionStates(org.apache.ambari.server.state.cluster.ClusterTest): expected:<INSTALLING> but was:<OUT_OF_SYNC>
```


Thanks,

Robert Levas

Re: Review Request 38893: Backport from 2.1.0 - Set HttpOnly and Secure flags for Ambari session cookies

Posted by Vitalyi Brodetskyi <vb...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38893/#review101219
-----------------------------------------------------------

Ship it!


Ship It!

- Vitalyi Brodetskyi


On Вер. 30, 2015, 1:14 після полудня, Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38893/
> -----------------------------------------------------------
> 
> (Updated Вер. 30, 2015, 1:14 після полудня)
> 
> 
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, and Vitalyi Brodetskyi.
> 
> 
> Bugs: AMBARI-13272
>     https://issues.apache.org/jira/browse/AMBARI-13272
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> 1) https://www.owasp.org/index.php/HttpOnly
> 
> 2) https://www.owasp.org/index.php/SecureFlag
> 
> This is a backport of the patch that resolved https://issues.apache.org/jira/browse/AMBARI-11129.
> 
> 
> Diffs
> -----
> 
>   ambari-project/pom.xml ddbfdb7 
>   ambari-server/pom.xml 05fbd7c 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java 4207007 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java 24dc23d 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariSessionManager.java 721d95b 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java 8061c43 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java afad6ce 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariServerTest.java 484f398 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariSessionManagerTest.java 058baa1 
> 
> Diff: https://reviews.apache.org/r/38893/diff/
> 
> 
> Testing
> -------
> 
> Manually tested 
> Units tests pass, but there may be a race condition (not related to this patch) causing a test in `org.apache.ambari.server.state.cluster.ClusterTest` to fail.
> ```
>   testRecalculateAllClusterVersionStates(org.apache.ambari.server.state.cluster.ClusterTest): expected:<INSTALLING> but was:<OUT_OF_SYNC>
> ```
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 38893: Backport from 2.1.0 - Set HttpOnly and Secure flags for Ambari session cookies

Posted by Myroslav Papirkovskyy <mp...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38893/#review101218
-----------------------------------------------------------

Ship it!


Ship It!

- Myroslav Papirkovskyy


On Вер. 30, 2015, 4:14 після полудня, Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/38893/
> -----------------------------------------------------------
> 
> (Updated Вер. 30, 2015, 4:14 після полудня)
> 
> 
> Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, and Vitalyi Brodetskyi.
> 
> 
> Bugs: AMBARI-13272
>     https://issues.apache.org/jira/browse/AMBARI-13272
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> 1) https://www.owasp.org/index.php/HttpOnly
> 
> 2) https://www.owasp.org/index.php/SecureFlag
> 
> This is a backport of the patch that resolved https://issues.apache.org/jira/browse/AMBARI-11129.
> 
> 
> Diffs
> -----
> 
>   ambari-project/pom.xml ddbfdb7 
>   ambari-server/pom.xml 05fbd7c 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java 4207007 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java 24dc23d 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariSessionManager.java 721d95b 
>   ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java 8061c43 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java afad6ce 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariServerTest.java 484f398 
>   ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariSessionManagerTest.java 058baa1 
> 
> Diff: https://reviews.apache.org/r/38893/diff/
> 
> 
> Testing
> -------
> 
> Manually tested 
> Units tests pass, but there may be a race condition (not related to this patch) causing a test in `org.apache.ambari.server.state.cluster.ClusterTest` to fail.
> ```
>   testRecalculateAllClusterVersionStates(org.apache.ambari.server.state.cluster.ClusterTest): expected:<INSTALLING> but was:<OUT_OF_SYNC>
> ```
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 38893: Backport from 2.1.0 - Set HttpOnly and Secure flags for Ambari session cookies

Posted by Robert Levas <rl...@hortonworks.com>.

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/38893/
-----------------------------------------------------------

(Updated Sept. 30, 2015, 9:14 a.m.)


Review request for Ambari, Jonathan Hurley, Myroslav Papirkovskyy, and Vitalyi Brodetskyi.


Bugs: AMBARI-13272
    https://issues.apache.org/jira/browse/AMBARI-13272


Repository: ambari


Description
-------

1) https://www.owasp.org/index.php/HttpOnly

2) https://www.owasp.org/index.php/SecureFlag

This is a backport of the patch that resolved https://issues.apache.org/jira/browse/AMBARI-11129.


Diffs
-----

  ambari-project/pom.xml ddbfdb7 
  ambari-server/pom.xml 05fbd7c 
  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java 4207007 
  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java 24dc23d 
  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariSessionManager.java 721d95b 
  ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java 8061c43 
  ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java afad6ce 
  ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariServerTest.java 484f398 
  ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariSessionManagerTest.java 058baa1 

Diff: https://reviews.apache.org/r/38893/diff/


Testing
-------

Manually tested 
Units tests pass, but there may be a race condition (not related to this patch) causing a test in `org.apache.ambari.server.state.cluster.ClusterTest` to fail.
```
  testRecalculateAllClusterVersionStates(org.apache.ambari.server.state.cluster.ClusterTest): expected:<INSTALLING> but was:<OUT_OF_SYNC>
```


Thanks,

Robert Levas