Commit Graph

28 Commits

Author SHA1 Message Date
Duo Zhang 8601416ee8
HBASE-24309 Avoid introducing log4j and slf4j-log4j dependencies for modules other than hbase-assembly (#1640)
Signed-off-by: stack <stack@apache.org>
2020-05-12 12:03:30 +08:00
Duo Zhang fddb2dd65c
HBASE-24310 Use Slf4jRequestLog for hbase-http (#1634)
Signed-off-by: stack <stack@apache.org>
2020-05-08 11:16:18 +08:00
Michael Stack 33eadb5bb1 HBASE-24307 [Flakey Tests] krb server for secure thrift tests throws BindException (#1656)
Move the random free port generate back into hbasecommontestingutility
  from hbasetestingutility.

  Add a create simple kdc server utility that will start a kdc server and
  if a bindexception, create a new one on a new random port in hbase-common.

  Add new BoundSocketMaker helpful when trying to manufacture
  BindExceptions because of port clash.

  Change thrift and http kdc tests to use this new utility (removes
  code duplication around kdc server setup).
2020-05-05 21:36:59 -07:00
Josh Elser 6eb5cafe34 HBASE-24252 Implement proxyuser/doAs mechanism for hbase-http
copy ProxyUserAuthenticationFilter from Hadoop
add hbase.security.authentication.spnego.kerberos.proxyuser.enable parameter (default false)
wire ProxyUserAuthenticationFilter into HttpServer

Closes #1576

Signed-off-by: Sean Busbey <busbey@apache.org>
Signed-off-by: Josh Elser <elserj@apache.org>
2020-04-27 15:07:55 -04:00
Nick Dimiduk 059c189451 HBASE-23829 Get `-PrunSmallTests` passing on JDK11
Signed-off-by: stack <stack@apache.org>
2020-03-16 15:21:37 -07:00
Mark Robert Miller 299b6bebc5
HBASE-23783: Address tests writing and reading SSL/Security files in a common location. (#1116)
This is causing me issues with parallel test runs.

Also allow setting the surefire reports and temp directories via command line.

Signed-off-by: stack <stack@apache.org>
2020-02-04 14:38:56 -08:00
Michael Stack 661abeb730 HBASE-23780 Edit of test classifications (#1109)
These classifications come of running at various fork counts.. A test
may complete quick if low fork count but if it is accessing disk, it
will run much slower if fork count is high. This edit accommodates
some of this phenomenon.

Signed-off-by: Bharath Vissapragada <bharathv@apache.org>
Signed-off-by: Viraj Jasani <vjasani@apache.org>
Signed-off-by: Jan Hentschel <janh@apache.org>
2020-02-03 10:28:19 -08:00
Josh Elser 8b00f9f0b1 HBASE-17115 Define UI admins via an ACL
The Hadoop AccessControlList allows us to specify admins of the webUI
via a list of users and/or groups. Admins of the WebUI can mutate the
system, potentially seeing sensitive data or modifying the system.

hbase.security.authentication.spnego.admin.users is a comma-separated
list of users who are admins.
hbase.security.authentication.spnego.admin.groups is a comma-separated
list of groups whose membership are admins. Either of these
configuration properties may also contain an asterisk (*) which denotes
"any entity" (e.g user, group).

Previously, when a user was denied from some endpoint that was
designated for admins, they received an HTTP/401. In this case, it is
more correct to return HTTP/403 as they were correctly authenticated,
but they were disallowed from fetching the given resource. This commit
incorporates this change.

hbase.security.authentication.ui.config.protected also exists for users
who have sensitive information stored in the Hadoop service
configuration and want to limit access to this endpoint. By default,
the Hadoop configuration endpoint is not protected and any
authenticated user can access it.

The test is based off of work by Nihal Jain in HBASE-20472.

Co-authored-by: Nihal Jain <nihaljain.cs@gmail.com>
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-01-29 16:36:55 -05:00
Peter Somogyi 54af279ce0
HBASE-23663 Allow dot and hyphen in Profiler's URL (#1002)
Signed-off-by: Sean Busbey <busbey@apache.org>
Signed-off-by: Viraj Jasani <vjasani@apache.org>
2020-01-09 10:31:32 +01:00
Andor Molnár 978546b2f2 HBASE-23303 Add security headers to REST server/info page (#843)
Signed-off-by: Toshihiro Suzuki <brfrn169@gmail.com>
Signed-off-by: Sean Busbey <busbey@apache.org>
2019-12-08 22:06:40 +09:00
康智冬 97fbaa658e HBASE-22962 Fix typo in javadoc description (#569)
Signed-off-by: Duo Zhang <zhangduo@apache.org>
2019-09-01 20:14:31 +08:00
Mingliang Liu 934d469fd5 HBASE-22545 TestLogLevel broken
Signed-off-by: Josh Elser <elserj@apache.org>
2019-06-11 14:28:00 -04:00
Guanghao ca00cbeed2
HBASE-22488 Cleanup the explicit timeout value for test methods 2019-05-29 14:09:16 +08:00
Josh Elser 858d30dd30 HBASE-22467 UI fixes to enable Knox proxying
Closes #261

Signed-off-by: Sean Busbey <busbey@apache.org>
2019-05-28 16:32:41 -04:00
Xu Cang 1c1638f698
HBASE-20782 Fix duplication of TestServletFilter.access
Signed-off-by: Jan Hentschel <jan.hentschel@ultratendency.com>
2019-05-27 22:49:01 +02:00
Wei-Chiu Chuang 6ea6573b74 HBASE-22184 [security] Support get|set LogLevel in HTTPS mode.
Signed-off-by: Reid Chan <reidchan@apache.org>
2019-05-17 10:47:26 +08:00
Wei-Chiu Chuang 16146a1839 HBASE-21048 Get LogLevel is not working from console in secure environment
Signed-off-by: Reid Chan <reidchan@apache.org>
Amend author: Reid Chan <reidchan@apache.org>
2019-04-13 19:00:36 +08:00
Jan Hentschel fc6e3fc9d7 HBASE-19762 Fixed Checkstyle errors in hbase-http 2019-04-11 12:55:44 +02:00
Mike Drob a110e1eff5 HBASE-20478 Update checkstyle to v8.2
Cannot go to latest (8.9) yet due to
  https://github.com/checkstyle/checkstyle/issues/5279

* move hbaseanti import checks to checkstyle
* implment a few missing equals checks, and ignore one
* fix lots of javadoc errors

Signed-off-by: Sean Busbey <busbey@apache.org>
2018-05-29 10:12:31 -05:00
Kevin Risden 46cb5dfa22 HBASE-20406 HBase Thrift HTTP - Shouldn't handle TRACE/OPTIONS methods
Signed-off-by: Josh Elser <elserj@apache.org>
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
Signed-off-by: Sean Busbey <busbey@apache.org>
2018-04-20 22:42:03 -05:00
Sean Busbey eb3f5b2812 Revert "HBase Thrift HTTP - Shouldn't handle TRACE/OPTIONS methods"
This reverts commit 273d252838.

missing jira id
2018-04-20 22:41:50 -05:00
Kevin Risden 273d252838 HBase Thrift HTTP - Shouldn't handle TRACE/OPTIONS methods
Signed-off-by: Josh Elser <elserj@apache.org>
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
Signed-off-by: Sean Busbey <busbey@apache.org>
2018-04-20 14:38:59 -05:00
Michael Stack 0593dda663 HBASE-19951 Cleanup the explicit timeout value for test method 2018-02-10 09:24:31 -08:00
zhangduo 918599ef12 HBASE-19873 Add a CategoryBasedTimeout ClassRule for all UTs 2018-01-29 08:43:56 +08:00
tedyu 3a1e433adf HBASE-19832 TestConfServlet#testWriteJson fails against hadoop3 due to spelling change 2018-01-22 10:46:00 -08:00
Balazs Meszaros f572c4b80e HBASE-10092 Move up on to log4j2
Changes:
- replaced commons-logging to slf4j everywhere
- log.XXX(Throwable) calls were replaced with log.XXX(t.toString(), t)
- log.XXX(Object) calls were replaced with log.XXX(Objects.toString(obj))
- log.fatal() calls were replaced with log.error(HBaseMarkers.FATAL, ...)
- programmatic log4j configuration was removed from the unit test

This commit does not affect the current logging configurations, because log4j
is still on the classpath. slf4j-log4j12 binds log4j to slf4j.

Signed-off-by: Michael Stack <stack@apache.org>
2017-12-20 22:21:33 -08:00
Apekshit Sharma 71a55dcd64 HBASE-18925 Update mockito dependency from mockito-all:1.10.19 to mockito-core:2.1.0 for JDK8 support.
Last mockito-all release was in Dec'14. Mockito-core has had many releases since then.

From mockito's site:
- "Mockito does not produce the mockito-all artifact anymore ; this one was primarily
aimed at ant users, and contained other dependencies. We felt it was time to move on
and remove such artifacts as they cause problems in dependency management system like
maven or gradle."
- anyX() and any(SomeType.class) matchers now reject nulls and check type.
2017-11-01 14:21:38 -07:00
Apekshit Sharma 3969b853b2 HBASE-19053 Split out o.a.h.h.http from hbase-server into a separate module
Change-Id: Ie3a688b789104df7feaf34ac9fb326a79d6a3960
2017-10-23 22:52:24 -07:00