From cf9684de445c9543bc0a8cc49d1eff17c9833990 Mon Sep 17 00:00:00 2001 From: Yash Dodeja Date: Sun, 21 May 2023 17:16:10 +0530 Subject: [PATCH] HBASE-27812 Provide option in HBase UI to disable stack trace for security (#5205) Signed-off-by: Duo Zhang --- .../java/org/apache/hadoop/hbase/http/HttpServer.java | 10 ++++++++++ src/main/asciidoc/_chapters/security.adoc | 9 +++++++++ 2 files changed, 19 insertions(+) diff --git a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java index ce1b387bc15..6c2b71a0b90 100644 --- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java +++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java @@ -81,6 +81,7 @@ import org.apache.hbase.thirdparty.org.eclipse.jetty.server.Server; import org.apache.hbase.thirdparty.org.eclipse.jetty.server.ServerConnector; import org.apache.hbase.thirdparty.org.eclipse.jetty.server.SslConnectionFactory; import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.ContextHandlerCollection; +import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.ErrorHandler; import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.HandlerCollection; import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.RequestLogHandler; import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.gzip.GzipHandler; @@ -153,6 +154,7 @@ public class HttpServer implements FilterContainer { public static final String SPNEGO_PROXYUSER_FILTER = "SpnegoProxyUserFilter"; public static final String NO_CACHE_FILTER = "NoCacheFilter"; public static final String APP_DIR = "webapps"; + public static final String HTTP_UI_SHOW_STACKTRACE_KEY = "hbase.ui.show-stack-traces"; public static final String METRIC_SERVLETS_CONF_KEY = "hbase.http.metrics.servlets"; public static final String[] METRICS_SERVLETS_DEFAULT = { "jmx", "metrics", "prometheus" }; @@ -652,6 +654,14 @@ public class HttpServer implements FilterContainer { addFilterPathMapping(path, webAppContext); } } + // Check if disable stack trace property is configured + if (!conf.getBoolean(HTTP_UI_SHOW_STACKTRACE_KEY, true)) { + // Disable stack traces for server errors in UI + webServer.setErrorHandler(new ErrorHandler()); + webServer.getErrorHandler().setShowStacks(false); + // Disable stack traces for web app errors in UI + webAppContext.getErrorHandler().setShowStacks(false); + } } private void addManagedListener(ServerConnector connector) { diff --git a/src/main/asciidoc/_chapters/security.adoc b/src/main/asciidoc/_chapters/security.adoc index 604967978ce..7032cd2dfc5 100644 --- a/src/main/asciidoc/_chapters/security.adoc +++ b/src/main/asciidoc/_chapters/security.adoc @@ -261,6 +261,15 @@ Users who wish to change this would set the following in their hbase-site.xml: ---- +To disable showing stack traces in HBase UI for hiding sensitive information, set the following in hbase-site: +[source,xml] +---- + + hbase.ui.show-stack-traces + false + +---- + [[hbase.secure.configuration]] == Secure Client Access to Apache HBase