You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hbase.apache.org by ni...@apache.org on 2023/05/25 07:28:28 UTC
[hbase] branch master updated: HBASE-27811 Enable cache control for logs endpoint and set max age as 0 (#5204)
This is an automated email from the ASF dual-hosted git repository.
nihaljain pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/master by this push:
new ea3a44ea2d3 HBASE-27811 Enable cache control for logs endpoint and set max age as 0 (#5204)
ea3a44ea2d3 is described below
commit ea3a44ea2d3bb1b25c6168dafaff6d5480c87053
Author: Yash Dodeja <ya...@yahoo.com>
AuthorDate: Thu May 25 12:58:16 2023 +0530
HBASE-27811 Enable cache control for logs endpoint and set max age as 0 (#5204)
---
.../java/org/apache/hadoop/hbase/http/HttpServer.java | 18 ++++++++++++++----
.../org/apache/hadoop/hbase/http/NoCacheFilter.java | 15 ++++++++++++++-
src/main/asciidoc/_chapters/security.adoc | 13 +++++++++++++
3 files changed, 41 insertions(+), 5 deletions(-)
diff --git a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
index 6c2b71a0b90..9f4ce64a880 100644
--- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
+++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
@@ -56,6 +56,7 @@ import org.apache.hadoop.hbase.http.conf.ConfServlet;
import org.apache.hadoop.hbase.http.log.LogLevel;
import org.apache.hadoop.hbase.util.ReflectionUtils;
import org.apache.hadoop.hbase.util.Threads;
+import org.apache.hadoop.security.AuthenticationFilterInitializer;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
@@ -143,6 +144,7 @@ public class HttpServer implements FilterContainer {
HTTP_SPNEGO_AUTHENTICATION_PREFIX + "admin.groups";
public static final String HTTP_PRIVILEGED_CONF_KEY =
"hbase.security.authentication.ui.config.protected";
+ public static final String HTTP_UI_NO_CACHE_ENABLE_KEY = "hbase.http.filter.no-store.enable";
public static final boolean HTTP_PRIVILEGED_CONF_DEFAULT = false;
// The ServletContext attribute where the daemon Configuration
@@ -679,7 +681,7 @@ public class HttpServer implements FilterContainer {
ctx.getServletContext().setAttribute(org.apache.hadoop.http.HttpServer2.CONF_CONTEXT_ATTRIBUTE,
conf);
ctx.getServletContext().setAttribute(ADMINS_ACL, adminsAcl);
- addNoCacheFilter(ctx);
+ addNoCacheFilter(ctx, conf);
return ctx;
}
@@ -701,9 +703,16 @@ public class HttpServer implements FilterContainer {
return gzipHandler;
}
- private static void addNoCacheFilter(WebAppContext ctxt) {
- defineFilter(ctxt, NO_CACHE_FILTER, NoCacheFilter.class.getName(),
- Collections.<String, String> emptyMap(), new String[] { "/*" });
+ private static void addNoCacheFilter(ServletContextHandler ctxt, Configuration conf) {
+ if (conf.getBoolean(HTTP_UI_NO_CACHE_ENABLE_KEY, false)) {
+ Map<String, String> filterConfig =
+ AuthenticationFilterInitializer.getFilterConfigMap(conf, "hbase.http.filter.");
+ defineFilter(ctxt, NO_CACHE_FILTER, NoCacheFilter.class.getName(), filterConfig,
+ new String[] { "/*" });
+ } else {
+ defineFilter(ctxt, NO_CACHE_FILTER, NoCacheFilter.class.getName(),
+ Collections.<String, String> emptyMap(), new String[] { "/*" });
+ }
}
/** Get an array of FilterConfiguration specified in the conf */
@@ -749,6 +758,7 @@ public class HttpServer implements FilterContainer {
}
logContext.setDisplayName("logs");
setContextAttributes(logContext, conf);
+ addNoCacheFilter(logContext, conf);
defaultContexts.put(logContext, true);
}
// set up the context for "/static/*"
diff --git a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/NoCacheFilter.java b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/NoCacheFilter.java
index 0c6aaa05079..54b458d8b9f 100644
--- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/NoCacheFilter.java
+++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/NoCacheFilter.java
@@ -31,15 +31,28 @@ import org.apache.yetus.audience.InterfaceAudience;
@InterfaceAudience.LimitedPrivate(HBaseInterfaceAudience.CONFIG)
public class NoCacheFilter implements Filter {
+
+ /**
+ * Constant for the configuration property that indicates no-store cache control is enabled.
+ */
+ public static final String NO_STORE = "no-store.enable";
+
+ private boolean noStoreEnabled = false;
+
@Override
public void init(FilterConfig filterConfig) throws ServletException {
+ this.noStoreEnabled = Boolean.valueOf(filterConfig.getInitParameter(NO_STORE));
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse httpRes = (HttpServletResponse) res;
- httpRes.setHeader("Cache-Control", "no-cache");
+ StringBuilder header = new StringBuilder("no-cache");
+ if (noStoreEnabled) {
+ header.append(", no-store, max-age=0");
+ }
+ httpRes.setHeader("Cache-Control", header.toString());
long now = EnvironmentEdgeManager.currentTime();
httpRes.addDateHeader("Expires", now);
httpRes.addDateHeader("Date", now);
diff --git a/src/main/asciidoc/_chapters/security.adoc b/src/main/asciidoc/_chapters/security.adoc
index 7032cd2dfc5..b2110a6fbcd 100644
--- a/src/main/asciidoc/_chapters/security.adoc
+++ b/src/main/asciidoc/_chapters/security.adoc
@@ -71,6 +71,19 @@ See Nick Dimiduk's contribution on this link:http://stackoverflow.com/questions/
If you know how to fix this without opening a second port for HTTPS, patches are appreciated.
====
+[[hbase.ui.cache]]
+=== Disable cache in HBase UI
+
+Set the following configuration in hbase-site to set max age to zero and disable cache for the web UI:
+
+[source,xml]
+----
+<property>
+ <name>hbase.http.filter.no-store.enable</name>
+ <value>true</value>
+</property>
+----
+
[[hbase.secure.spnego.ui]]
=== Using SPNEGO for Kerberos authentication with Web UIs