Commit Graph

65 Commits

Author SHA1 Message Date
Mate Szalay-Beko 0611ca49ec
HBASE-25267 Add SSL keystore type and truststore related configs for HBase RESTServer (#2642)
HBASE-25267 Make SSL keystore type configurable in HBase RESTServer

In this patch I want to introduce the hbase.rest.ssl.keystore.type parameter,
enabling us to customize the keystore type for the REST server. If the
parameter is not provided, then we should fall-back to the current behaviour
(which assumes keystore type JKS).

This is similar to how we already configure the InfoServer objects with the
ssl.server.keystore.type parameter to set up HTTPS for the various admin UIs.

Signed-off-by: Wellington Chevreuil <wellington.chevreuil@gmail.com>
Signed-off-by: Balazs Meszaros <meszibalu@apache.org>
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-11-12 12:37:43 +01:00
申胜利 9f238bd79e
HBASE-24054 To be safe, jetty's version number should be blocked. 2020-10-05 17:36:13 -07:00
ramkrish86 a3f40287ad
HBASE-25002 Create simple pattern matching query for retrieving metri… (#2370)
* HBASE-25002 Create simple pattern matching query for retrieving metrics matching the pattern

* Address review comments

* Final set of comments addressed

* Address checkstyle comments
2020-09-14 19:07:40 +05:30
Esteban Gutierrez 19b8a2a64a
HBASE-19352 Port HADOOP-10379: Protect authentication cookies with the HttpOnly and Secure flags (#2348)
HBASE-19352 Port HADOOP-10379: Protect authentication cookies with the HttpOnly and Secure flags

Signed-off-by: Sean Busbey <busbey@apache.org>
2020-09-03 13:20:44 -05:00
Duo Zhang 57e49b3959
HBASE-23834 HBase fails to run on Hadoop 3.3.0/3.2.2/3.1.4 due to jetty version mismatch (#2222)
Signed-off-by: Viraj Jasani <vjasani@apache.org>
Signed-off-by: Josh Elser <elserj@apache.org>
Signed-off-by: Peter Somogyi <psomogyi@apache.org>
2020-08-25 12:05:52 +08:00
YeChao Chen 82d09904f2
HBASE-24777 InfoServer support ipv6 host and port
Closes #2147

Signed-off-by: Duo Zhang <zhangduo@apache.org>
Signed-off-by: Viraj Jasani <vjasani@apache.org>
2020-07-27 20:45:45 +05:30
David Manning e614b89c33
HBASE-24657 add unit test for JSONBean.java
Closes #2004

Signed-off-by: Viraj Jasani <vjasani@apache.org>
2020-07-02 18:48:02 +05:30
Duo Zhang 8601416ee8
HBASE-24309 Avoid introducing log4j and slf4j-log4j dependencies for modules other than hbase-assembly (#1640)
Signed-off-by: stack <stack@apache.org>
2020-05-12 12:03:30 +08:00
shahrs87 ff85daf1e2
[HBASE-24190] Make kerberos value of hbase.security.authentication property case insensitive (#1687)
Signed-off-by: binlijin <binlijin@gmail.com>
Signed-off-by: Viraj Jasani <vjasani@apache.org>
2020-05-11 10:54:45 +05:30
Duo Zhang fddb2dd65c
HBASE-24310 Use Slf4jRequestLog for hbase-http (#1634)
Signed-off-by: stack <stack@apache.org>
2020-05-08 11:16:18 +08:00
Michael Stack 33eadb5bb1 HBASE-24307 [Flakey Tests] krb server for secure thrift tests throws BindException (#1656)
Move the random free port generate back into hbasecommontestingutility
  from hbasetestingutility.

  Add a create simple kdc server utility that will start a kdc server and
  if a bindexception, create a new one on a new random port in hbase-common.

  Add new BoundSocketMaker helpful when trying to manufacture
  BindExceptions because of port clash.

  Change thrift and http kdc tests to use this new utility (removes
  code duplication around kdc server setup).
2020-05-05 21:36:59 -07:00
Michael Stack 5488124be0 HBASE-24284 [h3/jdk11] REST server won't start Exclude transitive includes of jax-rs 1.x and then explicitly include jax-rs 2.x glassfish impl for REST context when hadoop3. (#1625) 2020-05-05 15:36:01 -07:00
Josh Elser 6eb5cafe34 HBASE-24252 Implement proxyuser/doAs mechanism for hbase-http
copy ProxyUserAuthenticationFilter from Hadoop
add hbase.security.authentication.spnego.kerberos.proxyuser.enable parameter (default false)
wire ProxyUserAuthenticationFilter into HttpServer

Closes #1576

Signed-off-by: Sean Busbey <busbey@apache.org>
Signed-off-by: Josh Elser <elserj@apache.org>
2020-04-27 15:07:55 -04:00
Duo Zhang 1f66806c96
HBASE-24170 Remove hadoop-2.0 profile (#1495)
Signed-off-by: stack <stack@apache.org>
2020-04-16 18:57:40 +08:00
Istvan Toth 94b4101841
HBASE-24197 TestHttpServer.testBindAddress failure with latest jetty (#1524)
use the findPort logic even if the BindException is wrapped in an IOException

Signed-off-by: Viraj Jasani <vjasani@apache.org>
Signed-off-by: Jan Hentschel <jan.hentschel@ultratendency.com>
Signed-off-by: Peter Somogyi <psomogyi@apache.org>
2020-04-16 11:51:59 +02:00
Nick Dimiduk 059c189451 HBASE-23829 Get `-PrunSmallTests` passing on JDK11
Signed-off-by: stack <stack@apache.org>
2020-03-16 15:21:37 -07:00
Duo Zhang c5aa2bc121
HBASE-23077 move entirely to spotbugs (#1265)
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-03-12 10:18:09 +08:00
Mark Robert Miller 299b6bebc5
HBASE-23783: Address tests writing and reading SSL/Security files in a common location. (#1116)
This is causing me issues with parallel test runs.

Also allow setting the surefire reports and temp directories via command line.

Signed-off-by: stack <stack@apache.org>
2020-02-04 14:38:56 -08:00
Michael Stack 661abeb730 HBASE-23780 Edit of test classifications (#1109)
These classifications come of running at various fork counts.. A test
may complete quick if low fork count but if it is accessing disk, it
will run much slower if fork count is high. This edit accommodates
some of this phenomenon.

Signed-off-by: Bharath Vissapragada <bharathv@apache.org>
Signed-off-by: Viraj Jasani <vjasani@apache.org>
Signed-off-by: Jan Hentschel <janh@apache.org>
2020-02-03 10:28:19 -08:00
Josh Elser 8b00f9f0b1 HBASE-17115 Define UI admins via an ACL
The Hadoop AccessControlList allows us to specify admins of the webUI
via a list of users and/or groups. Admins of the WebUI can mutate the
system, potentially seeing sensitive data or modifying the system.

hbase.security.authentication.spnego.admin.users is a comma-separated
list of users who are admins.
hbase.security.authentication.spnego.admin.groups is a comma-separated
list of groups whose membership are admins. Either of these
configuration properties may also contain an asterisk (*) which denotes
"any entity" (e.g user, group).

Previously, when a user was denied from some endpoint that was
designated for admins, they received an HTTP/401. In this case, it is
more correct to return HTTP/403 as they were correctly authenticated,
but they were disallowed from fetching the given resource. This commit
incorporates this change.

hbase.security.authentication.ui.config.protected also exists for users
who have sensitive information stored in the Hadoop service
configuration and want to limit access to this endpoint. By default,
the Hadoop configuration endpoint is not protected and any
authenticated user can access it.

The test is based off of work by Nihal Jain in HBASE-20472.

Co-authored-by: Nihal Jain <nihaljain.cs@gmail.com>
Signed-off-by: Sean Busbey <busbey@apache.org>
2020-01-29 16:36:55 -05:00
Peter Somogyi 54af279ce0
HBASE-23663 Allow dot and hyphen in Profiler's URL (#1002)
Signed-off-by: Sean Busbey <busbey@apache.org>
Signed-off-by: Viraj Jasani <vjasani@apache.org>
2020-01-09 10:31:32 +01:00
Michael Stack 2d76457577
HBASE-23570 Point users to the async-profiler home page if diagrams are coming up blank (#937) 2019-12-12 16:51:04 -08:00
Andor Molnár 978546b2f2 HBASE-23303 Add security headers to REST server/info page (#843)
Signed-off-by: Toshihiro Suzuki <brfrn169@gmail.com>
Signed-off-by: Sean Busbey <busbey@apache.org>
2019-12-08 22:06:40 +09:00
stack ca6e67a6de HBASE-23315 Miscellaneous HBCK Report page cleanup
* Add a bit of javadoc around SerialReplicationChecker.
 * Miniscule edit to the profiler jsp page and then a bit of doc on how to make it work that might help.
 * Add some detail if NPE getting BitSetNode to help w/ debug.
 * Change HbckChore to log region names instead of encoded names; helps doing diagnostics; can take region name and query in shell to find out all about the region according to hbase:meta.
 * Add some fix-it help inline in the HBCK Report page – how to fix.
 * Add counts in procedures page so can see if making progress; move listing of WALs to end of the page.
2019-11-19 07:34:24 -08:00
康智冬 97fbaa658e HBASE-22962 Fix typo in javadoc description (#569)
Signed-off-by: Duo Zhang <zhangduo@apache.org>
2019-09-01 20:14:31 +08:00
Mingliang Liu 934d469fd5 HBASE-22545 TestLogLevel broken
Signed-off-by: Josh Elser <elserj@apache.org>
2019-06-11 14:28:00 -04:00
Guanghao ca00cbeed2
HBASE-22488 Cleanup the explicit timeout value for test methods 2019-05-29 14:09:16 +08:00
Josh Elser 858d30dd30 HBASE-22467 UI fixes to enable Knox proxying
Closes #261

Signed-off-by: Sean Busbey <busbey@apache.org>
2019-05-28 16:32:41 -04:00
Xu Cang 1c1638f698
HBASE-20782 Fix duplication of TestServletFilter.access
Signed-off-by: Jan Hentschel <jan.hentschel@ultratendency.com>
2019-05-27 22:49:01 +02:00
Duo Zhang 73267d9ab1 HBASE-22478 Add jackson dependency for hbase-http module
Signed-off-by: Guanghao Zhang <zghao@apache.org>
2019-05-27 18:03:34 +08:00
Andrew Purtell a30b186568
HBASE-22449 https everywhere in Maven metadata (#247) 2019-05-21 12:34:25 -07:00
Wei-Chiu Chuang 6ea6573b74 HBASE-22184 [security] Support get|set LogLevel in HTTPS mode.
Signed-off-by: Reid Chan <reidchan@apache.org>
2019-05-17 10:47:26 +08:00
Andrew Purtell 4b84ab32b3
HBASE-22225 Profiler tab on Master/RS UI not working w/o comprehensive message 2019-04-29 13:24:11 -07:00
Sean Busbey bf140acd20 HBASE-22083 move eclipse settings into a profile.
Signed-off-by: stack <stack@apache.org>
2019-04-25 14:17:18 -05:00
Wei-Chiu Chuang 16146a1839 HBASE-21048 Get LogLevel is not working from console in secure environment
Signed-off-by: Reid Chan <reidchan@apache.org>
Amend author: Reid Chan <reidchan@apache.org>
2019-04-13 19:00:36 +08:00
Jan Hentschel fc6e3fc9d7 HBASE-19762 Fixed Checkstyle errors in hbase-http 2019-04-11 12:55:44 +02:00
stack 089a639724 HBASE-22052 pom cleaning; filter out jersey-core in hadoop2 to match hadoop3 and remove redunant version specifications
This is a reapply of a reverted commit. This commit includes
HBASE-22059 amendment and subsequent ammendments to HBASE-22052.
See HBASE-22052 for full story.

jersey-core is problematic. It was transitively included from hadoop
and polluting our CLASSPATH with an implementation of a 1.x version
of the javax.ws.rs.core.Response Interface from jsr311-api when we
want the javax.ws.rs-api 2.x version.

    M hbase-endpoint/pom.xml
    M hbase-http/pom.xml
    M hbase-mapreduce/pom.xml
    M hbase-rest/pom.xml
    M hbase-server/pom.xml
    M hbase-zookeeper/pom.xml
     Remove redundant version specification (and the odd property define
     done already up in parent pom).
    M hbase-it/pom.xml
    M hbase-rest/pom.xml
     Exclude jersey-core explicitly.

    M hbase-procedure/pom.xml
     Remove redundant version and classifier.

    M pom.xml
     Add jersey-core exclusions to all dependencies that pull it in
     except hadoop-minicluster. mr tests fail w/o the jersey-core
     so let it in for minicluster and then in modules, exclude it
     where it causes damage as in hbase-it.
2019-03-25 09:30:09 -04:00
Andrew Purtell 6cd78e899f
HBASE-21926 Profiler servlet 2019-03-17 18:48:12 -07:00
Duo Zhang f0032c9255 HBASE-20587 Replace Jackson with shaded thirdparty gson
Signed-off-by: Michael Stack <stack@apache.org>
2019-02-22 16:24:51 +08:00
Josh Elser ae0198084c HBASE-21872 Use a call that defaults to UTF-8 charset for string to byte encoding
Fixed commit message

Signed-off-by: Sean Busbey <busbey@apache.org>
2019-02-15 12:11:40 -05:00
Josh Elser d0e4912f67 Revert "HBASE-21782 Use a call that defaults to UTF-8 charset for string to byte encoding"
This reverts commit 3d4e1d57e5. Fixing incorrect Jira id.
2019-02-15 12:11:29 -05:00
Josh Elser 3d4e1d57e5 HBASE-21782 Use a call that defaults to UTF-8 charset for string to byte encoding
Signed-off-by: Sean Busbey <busbey@apache.org>
2019-02-14 12:02:49 -05:00
Josh Elser 8b66dea2ff HBASE-21281 Upgrade bouncycastle to latest
BC 1.47 introduced some incompatible API changes which came in via
a new Maven artifact. We don't use any changed API in HBase. This
also removes some unnecessary dependencies on bcprov in other
modules (presumably, they are vestiges)

Signed-off-by: Mike Drob <mdrob@apache.org>
Signed-off-by: Ted Yu <tedyu@apache.org>
2018-10-11 11:02:32 -04:00
Nihal Jain 1413522f6f HBASE-20577 Addendum Fall back to old design if FNF
Signed-off-by: tedyu <yuzhihong@gmail.com>
2018-06-06 13:52:59 -07:00
Mike Drob a110e1eff5 HBASE-20478 Update checkstyle to v8.2
Cannot go to latest (8.9) yet due to
  https://github.com/checkstyle/checkstyle/issues/5279

* move hbaseanti import checks to checkstyle
* implment a few missing equals checks, and ignore one
* fix lots of javadoc errors

Signed-off-by: Sean Busbey <busbey@apache.org>
2018-05-29 10:12:31 -05:00
Nihal Jain 60bdaf7846 HBASE-20577 Make Log Level page design consistent with the design of other pages in UI
Signed-off-by: tedyu <yuzhihong@gmail.com>
2018-05-16 21:21:36 -07:00
Ashish Singhi c60578d982 HBASE-20004 Client is not able to execute REST queries in a secure cluster
Signed-off-by: Ashish Singhi <ashishsinghi@apache.org>
2018-05-10 22:39:43 +05:30
Kevin Risden 46cb5dfa22 HBASE-20406 HBase Thrift HTTP - Shouldn't handle TRACE/OPTIONS methods
Signed-off-by: Josh Elser <elserj@apache.org>
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
Signed-off-by: Sean Busbey <busbey@apache.org>
2018-04-20 22:42:03 -05:00
Sean Busbey eb3f5b2812 Revert "HBase Thrift HTTP - Shouldn't handle TRACE/OPTIONS methods"
This reverts commit 273d252838.

missing jira id
2018-04-20 22:41:50 -05:00
Kevin Risden 273d252838 HBase Thrift HTTP - Shouldn't handle TRACE/OPTIONS methods
Signed-off-by: Josh Elser <elserj@apache.org>
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
Signed-off-by: Sean Busbey <busbey@apache.org>
2018-04-20 14:38:59 -05:00