You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by dh...@apache.org on 2021/12/09 13:26:48 UTC
[ranger] branch ranger-2.3 updated: RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797
This is an automated email from the ASF dual-hosted git repository.
dhavalshah9131 pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-2.3 by this push:
new 183b5c2 RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797
183b5c2 is described below
commit 183b5c2b9c5bea22d81a2142ef9fa6759dff6ead
Author: Dhaval Shah <dh...@gmail.com>
AuthorDate: Mon Nov 29 11:56:42 2021 +0530
RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797
---
.../org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
index f0e92b8..1174f0b 100644
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
@@ -27,6 +27,8 @@ import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import java.io.IOException;
/**
@@ -73,9 +75,11 @@ public class KMSMDCFilter implements Filter {
throws IOException, ServletException {
try {
String path = ((HttpServletRequest) request).getRequestURI();
+ HttpServletResponse resp = (HttpServletResponse) response;
+ resp.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
if (path.startsWith(RANGER_KMS_REST_API_PATH)) {
- chain.doFilter(request, response);
+ chain.doFilter(request, resp);
} else {
DATA_TL.remove();
UserGroupInformation ugi = HttpUserGroupInformation.get();
@@ -86,7 +90,7 @@ public class KMSMDCFilter implements Filter {
requestURL.append("?").append(queryString);
}
DATA_TL.set(new Data(ugi, method, requestURL.toString()));
- chain.doFilter(request, response);
+ chain.doFilter(request, resp);
}
} finally {
DATA_TL.remove();