You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by dh...@apache.org on 2021/12/09 13:26:48 UTC

[ranger] branch ranger-2.3 updated: RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797

This is an automated email from the ASF dual-hosted git repository.

dhavalshah9131 pushed a commit to branch ranger-2.3
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-2.3 by this push:
     new 183b5c2  RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797
183b5c2 is described below

commit 183b5c2b9c5bea22d81a2142ef9fa6759dff6ead
Author: Dhaval Shah <dh...@gmail.com>
AuthorDate: Mon Nov 29 11:56:42 2021 +0530

    RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 6797
---
 .../org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java     | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
index f0e92b8..1174f0b 100644
--- a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
+++ b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
@@ -27,6 +27,8 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import java.io.IOException;
 
 /**
@@ -73,9 +75,11 @@ public class KMSMDCFilter implements Filter {
       throws IOException, ServletException {
     try {
     	 String path = ((HttpServletRequest) request).getRequestURI();
+         HttpServletResponse resp = (HttpServletResponse) response;
+         resp.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
     	    
     	     if (path.startsWith(RANGER_KMS_REST_API_PATH)) {
-    	    	chain.doFilter(request, response);
+                 chain.doFilter(request, resp);
     	      } else {
 			      DATA_TL.remove();
 			      UserGroupInformation ugi = HttpUserGroupInformation.get();
@@ -86,7 +90,7 @@ public class KMSMDCFilter implements Filter {
 			        requestURL.append("?").append(queryString);
 			      }
 			      DATA_TL.set(new Data(ugi, method, requestURL.toString()));
-			      chain.doFilter(request, response);
+			      chain.doFilter(request, resp);
     	    }
     } finally {
       DATA_TL.remove();