Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-27812 Provide option in HBase UI to disable stack trace for security (#5205) 

Signed-off-by: Duo Zhang <zhangduo@apache.org>
This commit is contained in:
Yash Dodeja 2023-05-21 17:16:10 +05:30 committed by GitHub
parent 71d7996047
commit cf9684de44
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
View File

@ -81,6 +81,7 @@ import org.apache.hbase.thirdparty.org.eclipse.jetty.server.Server;
import org.apache.hbase.thirdparty.org.eclipse.jetty.server.ServerConnector;
import org.apache.hbase.thirdparty.org.eclipse.jetty.server.SslConnectionFactory;
import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.ErrorHandler;
import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.HandlerCollection;
import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.RequestLogHandler;
import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.gzip.GzipHandler;
@ -153,6 +154,7 @@ public class HttpServer implements FilterContainer {
public static final String SPNEGO_PROXYUSER_FILTER = "SpnegoProxyUserFilter";
public static final String NO_CACHE_FILTER = "NoCacheFilter";
public static final String APP_DIR = "webapps";
public static final String HTTP_UI_SHOW_STACKTRACE_KEY = "hbase.ui.show-stack-traces";
public static final String METRIC_SERVLETS_CONF_KEY = "hbase.http.metrics.servlets";
public static final String[] METRICS_SERVLETS_DEFAULT = { "jmx", "metrics", "prometheus" };
@ -652,6 +654,14 @@ public class HttpServer implements FilterContainer {
addFilterPathMapping(path, webAppContext);
}
}
// Check if disable stack trace property is configured
if (!conf.getBoolean(HTTP_UI_SHOW_STACKTRACE_KEY, true)) {
// Disable stack traces for server errors in UI
webServer.setErrorHandler(new ErrorHandler());
webServer.getErrorHandler().setShowStacks(false);
// Disable stack traces for web app errors in UI
webAppContext.getErrorHandler().setShowStacks(false);
}
}
private void addManagedListener(ServerConnector connector) {

9
src/main/asciidoc/_chapters/security.adoc
View File

@ -261,6 +261,15 @@ Users who wish to change this would set the following in their hbase-site.xml:
</property>
----
To disable showing stack traces in HBase UI for hiding sensitive information, set the following in hbase-site:
[source,xml]
----
<property>
<name>hbase.ui.show-stack-traces</name>
<value>false</value>
</property>
----
[[hbase.secure.configuration]]
== Secure Client Access to Apache HBase