Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HDFS-12158. Secondary Namenode's web interface lack configs for X-FRAME-OPTIONS protection. Contributed by Mukul Kumar Singh. 

(cherry picked from commit 413b23eb04)
This commit is contained in:
Anu Engineer 2017-07-19 10:29:06 -07:00
parent 979d37ae21
commit e0297ffbc8
2 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hadoop-hdfs-project/hadoop-hdfs/src/main/java/org/apache/hadoop/hdfs/server/namenode/SecondaryNameNode.java
View File

@ -479,6 +479,16 @@ public class SecondaryNameNode implements Runnable,
DFS_SECONDARY_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY, DFS_SECONDARY_NAMENODE_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY); DFSConfigKeys.DFS_SECONDARY_NAMENODE_KEYTAB_FILE_KEY);
final boolean xFrameEnabled = conf.getBoolean(
DFSConfigKeys.DFS_XFRAME_OPTION_ENABLED,
DFSConfigKeys.DFS_XFRAME_OPTION_ENABLED_DEFAULT);
final String xFrameOptionValue = conf.getTrimmed(
DFSConfigKeys.DFS_XFRAME_OPTION_VALUE,
DFSConfigKeys.DFS_XFRAME_OPTION_VALUE_DEFAULT);
builder.configureXFrame(xFrameEnabled).setXFrameOption(xFrameOptionValue);
infoServer = builder.build(); infoServer = builder.build();
infoServer.setAttribute("secondary.name.node", this); infoServer.setAttribute("secondary.name.node", this);
infoServer.setAttribute("name.system.image", checkpointImage); infoServer.setAttribute("name.system.image", checkpointImage);

22
hadoop-hdfs-project/hadoop-hdfs/src/test/java/org/apache/hadoop/hdfs/server/namenode/TestNameNodeHttpServerXFrame.java
View File

@ -18,6 +18,7 @@
package org.apache.hadoop.hdfs.server.namenode; package org.apache.hadoop.hdfs.server.namenode;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hdfs.DFSConfigKeys; import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.HdfsConfiguration; import org.apache.hadoop.hdfs.HdfsConfiguration;
import org.apache.hadoop.http.HttpServer2; import org.apache.hadoop.http.HttpServer2;
@ -32,6 +33,7 @@ import java.net.HttpURLConnection;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.net.MalformedURLException; import java.net.MalformedURLException;
import java.net.URL; import java.net.URL;
import java.net.URI;
/** /**
* A class to test the XFrameoptions of Namenode HTTP Server. We are not reusing * A class to test the XFrameoptions of Namenode HTTP Server. We are not reusing
@ -94,4 +96,24 @@ public class TestNameNodeHttpServerXFrame {
conn.connect(); conn.connect();
return conn; return conn;
} }
@Test
public void testSecondaryNameNodeXFrame() throws IOException {
Configuration conf = new HdfsConfiguration();
FileSystem.setDefaultUri(conf, "hdfs://localhost:0");
SecondaryNameNode sn = new SecondaryNameNode(conf);
sn.startInfoServer();
InetSocketAddress httpAddress = SecondaryNameNode.getHttpAddress(conf);
URL url = URI.create("http://" + httpAddress.getHostName()
+ ":" + httpAddress.getPort()).toURL();
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
conn.connect();
String xfoHeader = conn.getHeaderField("X-FRAME-OPTIONS");
Assert.assertTrue("X-FRAME-OPTIONS is absent in the header",
xfoHeader != null);
Assert.assertTrue(xfoHeader.endsWith(HttpServer2.XFrameOption
.SAMEORIGIN.toString()));
}
} }