You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by zh...@apache.org on 2023/05/21 11:46:22 UTC
[hbase] branch master updated: HBASE-27812 Provide option in HBase UI to disable stack trace for security (#5205)
This is an automated email from the ASF dual-hosted git repository.
zhangduo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/master by this push:
new cf9684de445 HBASE-27812 Provide option in HBase UI to disable stack trace for security (#5205)
cf9684de445 is described below
commit cf9684de445c9543bc0a8cc49d1eff17c9833990
Author: Yash Dodeja <ya...@yahoo.com>
AuthorDate: Sun May 21 17:16:10 2023 +0530
HBASE-27812 Provide option in HBase UI to disable stack trace for security (#5205)
Signed-off-by: Duo Zhang <zh...@apache.org>
---
.../src/main/java/org/apache/hadoop/hbase/http/HttpServer.java | 10 ++++++++++
src/main/asciidoc/_chapters/security.adoc | 9 +++++++++
2 files changed, 19 insertions(+)
diff --git a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
index ce1b387bc15..6c2b71a0b90 100644
--- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
+++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
@@ -81,6 +81,7 @@ import org.apache.hbase.thirdparty.org.eclipse.jetty.server.Server;
import org.apache.hbase.thirdparty.org.eclipse.jetty.server.ServerConnector;
import org.apache.hbase.thirdparty.org.eclipse.jetty.server.SslConnectionFactory;
import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.ContextHandlerCollection;
+import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.ErrorHandler;
import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.HandlerCollection;
import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.RequestLogHandler;
import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.gzip.GzipHandler;
@@ -153,6 +154,7 @@ public class HttpServer implements FilterContainer {
public static final String SPNEGO_PROXYUSER_FILTER = "SpnegoProxyUserFilter";
public static final String NO_CACHE_FILTER = "NoCacheFilter";
public static final String APP_DIR = "webapps";
+ public static final String HTTP_UI_SHOW_STACKTRACE_KEY = "hbase.ui.show-stack-traces";
public static final String METRIC_SERVLETS_CONF_KEY = "hbase.http.metrics.servlets";
public static final String[] METRICS_SERVLETS_DEFAULT = { "jmx", "metrics", "prometheus" };
@@ -652,6 +654,14 @@ public class HttpServer implements FilterContainer {
addFilterPathMapping(path, webAppContext);
}
}
+ // Check if disable stack trace property is configured
+ if (!conf.getBoolean(HTTP_UI_SHOW_STACKTRACE_KEY, true)) {
+ // Disable stack traces for server errors in UI
+ webServer.setErrorHandler(new ErrorHandler());
+ webServer.getErrorHandler().setShowStacks(false);
+ // Disable stack traces for web app errors in UI
+ webAppContext.getErrorHandler().setShowStacks(false);
+ }
}
private void addManagedListener(ServerConnector connector) {
diff --git a/src/main/asciidoc/_chapters/security.adoc b/src/main/asciidoc/_chapters/security.adoc
index 604967978ce..7032cd2dfc5 100644
--- a/src/main/asciidoc/_chapters/security.adoc
+++ b/src/main/asciidoc/_chapters/security.adoc
@@ -261,6 +261,15 @@ Users who wish to change this would set the following in their hbase-site.xml:
</property>
----
+To disable showing stack traces in HBase UI for hiding sensitive information, set the following in hbase-site:
+[source,xml]
+----
+<property>
+ <name>hbase.ui.show-stack-traces</name>
+ <value>false</value>
+</property>
+----
+
[[hbase.secure.configuration]]
== Secure Client Access to Apache HBase