ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sangee...@apache.org
Subject ambari git commit: AMBARI-18871 HTTP responses needs to have the character encoding specified in the content type header (Anita Jebaraj via sangeetar)
Date Tue, 29 Nov 2016 21:04:29 GMT
Repository: ambari
Updated Branches:
  refs/heads/AMBARI-18871 [created] 51aab93f3
  refs/remotes/origin/trunk [created] 85c9104ec


AMBARI-18871 HTTP responses needs to have the character encoding specified in the content
type header (Anita Jebaraj via sangeetar)


Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/51aab93f
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/51aab93f
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/51aab93f

Branch: refs/heads/AMBARI-18871
Commit: 51aab93f31376fcdd155983bacc69491ff278671
Parents: 1a8a538
Author: Sangeeta Ravindran <sangeetar@apache.org>
Authored: Tue Nov 29 12:44:26 2016 -0800
Committer: Sangeeta Ravindran <sangeetar@apache.org>
Committed: Tue Nov 29 12:44:26 2016 -0800

----------------------------------------------------------------------
 ambari-server/conf/unix/ambari.properties       |  4 +-
 ambari-server/conf/windows/ambari.properties    |  2 +
 .../server/configuration/Configuration.java     | 46 ++++++++++++++++++++
 .../security/AbstractSecurityHeaderFilter.java  | 14 ++++++
 .../AmbariServerSecurityHeaderFilter.java       |  1 +
 .../AmbariViewsSecurityHeaderFilter.java        |  1 +
 .../AbstractSecurityHeaderFilterTest.java       | 29 ++++++++----
 7 files changed, 87 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ambari/blob/51aab93f/ambari-server/conf/unix/ambari.properties
----------------------------------------------------------------------
diff --git a/ambari-server/conf/unix/ambari.properties b/ambari-server/conf/unix/ambari.properties
index 371653f..30a22d1 100644
--- a/ambari-server/conf/unix/ambari.properties
+++ b/ambari-server/conf/unix/ambari.properties
@@ -116,6 +116,7 @@ http.x-frame-options=DENY
 http.x-content-type-options=nosniff
 http.cache-control=no-store
 http.pragma=no-cache
+http.charset=utf-8
 
 # HTTP Header settings for Ambari Views
 views.http.strict-transport-security=max-age=31536000
@@ -124,6 +125,7 @@ views.http.x-frame-options=SAMEORIGIN
 views.http.x-content-type-options=nosniff
 views.http.cache-control=no-store
 views.http.pragma=no-cache
+views.http.charset=utf-8
 
 mpacks.staging.path=$ROOT/var/lib/ambari-server/resources/mpacks
 
@@ -132,4 +134,4 @@ security.server.disabled.ciphers=TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384|TLS_ECD
 
 server.python.log.name=ambari-server-command.log
 # server.pyton.log.level=(INFO/DEBUG)
-server.python.log.level=INFO
\ No newline at end of file
+server.python.log.level=INFO

http://git-wip-us.apache.org/repos/asf/ambari/blob/51aab93f/ambari-server/conf/windows/ambari.properties
----------------------------------------------------------------------
diff --git a/ambari-server/conf/windows/ambari.properties b/ambari-server/conf/windows/ambari.properties
index e47319e..d84cf4b 100644
--- a/ambari-server/conf/windows/ambari.properties
+++ b/ambari-server/conf/windows/ambari.properties
@@ -97,6 +97,7 @@ http.x-frame-options=DENY
 http.x-content-type-options=nosniff
 http.cache-control=no-store
 http.pragma=no-cache
+http.charset=utf-8
 
 # HTTP Header settings for Ambari Views
 views.http.strict-transport-security=max-age=31536000
@@ -105,5 +106,6 @@ views.http.x-frame-options=SAMEORIGIN
 views.http.x-content-type-options=nosniff
 views.http.cache-control=no-store
 views.http.pragma=no-cache
+views.http.charset=utf-8
 
 mpacks.staging.path=resources\\mpacks

http://git-wip-us.apache.org/repos/asf/ambari/blob/51aab93f/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
index 5676091..9be8751 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/configuration/Configuration.java
@@ -2290,6 +2290,14 @@ public class Configuration {
   public static final ConfigurationProperty<String> HTTP_PRAGMA_HEADER_VALUE = new
ConfigurationProperty<>(
       "http.pragma", "no-cache");
 
+   /**
+   * The value that will be used to set the {@code Charset} HTTP response header.
+   */
+  @Markdown(description = "The value that will be used to set the Character encoding to HTTP
response header.")
+  public static final ConfigurationProperty<String> HTTP_CHARSET = new ConfigurationProperty<>(
+      "http.charset", "utf-8");
+
+
   /**
    * The value that will be used to set the {@code Strict-Transport-Security}
    * HTTP response header for Ambari View requests.
@@ -2339,6 +2347,14 @@ public class Configuration {
   public static final ConfigurationProperty<String> VIEWS_HTTP_PRAGMA_HEADER_VALUE
= new ConfigurationProperty<>(
       "views.http.pragma", "no-cache");
 
+   /**
+   * The value that will be used to set the {@code CHARSET} to HTTP response header.
+   */
+  @Markdown(description = "The value that will be used to set the Character encoding to HTTP
response header for Ambari View requests.")
+  public static final ConfigurationProperty<String> VIEWS_HTTP_CHARSET = new ConfigurationProperty<>(
+      "views.http.charset", "utf-8");
+
+
   /**
    * The time, in milliseconds, that requests to connect to a URL to retrieve
    * Version Definition Files (VDF) will wait before being terminated.
@@ -3536,6 +3552,21 @@ public class Configuration {
     return getProperty(HTTP_PRAGMA_HEADER_VALUE);
   }
 
+   /**
+   * Get the value that should be set for the <code>Charset</code> HTTP response
header for Ambari Server UI.
+   * <p/>
+   * By default this will be <code>utf-8</code>. For example:
+   * <p/>
+   * <code>
+   * utf-8
+   * </code>
+   *
+   * @return the Charset value - null or "" indicates that the value is not set
+   */
+  public String getCharsetHTTPResponseHeader() {
+    return getProperty(HTTP_CHARSET);
+  }
+
   /**
    * Get the value that should be set for the <code>Strict-Transport-Security</code>
HTTP response header for Ambari Views.
    * <p/>
@@ -3629,6 +3660,21 @@ public class Configuration {
   }
 
   /**
+   * Get the value that should be set for the <code>Charset</code> HTTP response
header for Ambari Views.
+   * <p/>
+   * By default this will be <code>utf-8</code>. For example:
+   * <p/>
+   * <code>
+   * utf-8
+   * </code>
+   *
+   * @return the Charset value - null or "" indicates that the value is not set
+   */
+  public String getViewsCharsetHTTPResponseHeader() {
+    return getProperty(VIEWS_HTTP_CHARSET);
+  }
+
+  /**
    * Check to see if the hostname of the agent is to be validated as a proper hostname or
not
    *
    * @return true if agent hostnames should be checked as a valid hostnames; otherwise false

http://git-wip-us.apache.org/repos/asf/ambari/blob/51aab93f/ambari-server/src/main/java/org/apache/ambari/server/security/AbstractSecurityHeaderFilter.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/AbstractSecurityHeaderFilter.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/AbstractSecurityHeaderFilter.java
index 423a013..b8631f8 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/AbstractSecurityHeaderFilter.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/AbstractSecurityHeaderFilter.java
@@ -103,6 +103,11 @@ public abstract class AbstractSecurityHeaderFilter implements Filter
{
    */
   private String pragmaHeader = Configuration.HTTP_PRAGMA_HEADER_VALUE.getDefaultValue();
 
+  /**
+   * The value for the Charset HTTP response header.
+   */
+  private String charset = Configuration.HTTP_CHARSET.getDefaultValue();
+
 
   @Override
   public void init(FilterConfig filterConfig) throws ServletException {
@@ -169,6 +174,10 @@ public abstract class AbstractSecurityHeaderFilter implements Filter
{
     this.pragmaHeader = pragmaHeader;
   }
 
+  protected void setCharset(String charset) {
+    this.charset = charset;
+  }
+
   private void doFilterInternal(ServletRequest servletRequest, ServletResponse servletResponse)
{
     if (servletResponse instanceof HttpServletResponse) {
       HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
@@ -202,6 +211,11 @@ public abstract class AbstractSecurityHeaderFilter implements Filter
{
       if (!StringUtils.isEmpty(pragmaHeader)) {
         httpServletResponse.setHeader(PRAGMA_HEADER, pragmaHeader);
       }
+
+      // Conditionally set the Charset HTTP response header if a value is supplied
+      if (!StringUtils.isEmpty(charset)) {
+        httpServletResponse.setCharacterEncoding(charset);
+      }
     }
   }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/51aab93f/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariServerSecurityHeaderFilter.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariServerSecurityHeaderFilter.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariServerSecurityHeaderFilter.java
index aa00ac2..f9dc2aa 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariServerSecurityHeaderFilter.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariServerSecurityHeaderFilter.java
@@ -50,6 +50,7 @@ public class AmbariServerSecurityHeaderFilter extends AbstractSecurityHeaderFilt
     setXContentTypeHeader(configuration.getXContentTypeHTTPResponseHeader());
     setCacheControlHeader(configuration.getCacheControlHTTPResponseHeader());
     setPragmaHeader(configuration.getPragmaHTTPResponseHeader());
+    setCharset(configuration.getCharsetHTTPResponseHeader());
   }
 
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/51aab93f/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariViewsSecurityHeaderFilter.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariViewsSecurityHeaderFilter.java
b/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariViewsSecurityHeaderFilter.java
index d1be8cc..02fb4b3 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariViewsSecurityHeaderFilter.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/AmbariViewsSecurityHeaderFilter.java
@@ -46,5 +46,6 @@ public class AmbariViewsSecurityHeaderFilter extends AbstractSecurityHeaderFilte
     setXContentTypeHeader(configuration.getViewsXContentTypeHTTPResponseHeader());
     setCacheControlHeader(configuration.getViewsCacheControlHTTPResponseHeader());
     setPragmaHeader(configuration.getViewsPragmaHTTPResponseHeader());
+    setCharset(configuration.getViewsCharsetHTTPResponseHeader());
   }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/51aab93f/ambari-server/src/test/java/org/apache/ambari/server/security/AbstractSecurityHeaderFilterTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/AbstractSecurityHeaderFilterTest.java
b/ambari-server/src/test/java/org/apache/ambari/server/security/AbstractSecurityHeaderFilterTest.java
index d812ee6..dc97725 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/AbstractSecurityHeaderFilterTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/AbstractSecurityHeaderFilterTest.java
@@ -79,7 +79,7 @@ public abstract class AbstractSecurityHeaderFilterTest extends EasyMockSupport
{
       protected void configure() {
         Properties properties = new Properties();
         properties.setProperty(Configuration.API_USE_SSL.getKey(), "false");
-
+        properties.setProperty(Configuration.HTTP_CHARSET.getKey(), Configuration.HTTP_CHARSET.getDefaultValue());
         bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
         bind(Configuration.class).toInstance(new Configuration(properties));
       }
@@ -101,7 +101,9 @@ public abstract class AbstractSecurityHeaderFilterTest extends EasyMockSupport
{
     expectLastCall().once();        
     servletResponse.setHeader(AbstractSecurityHeaderFilter.PRAGMA_HEADER, defatulPropertyValueMap.get(AbstractSecurityHeaderFilter.PRAGMA_HEADER));
     expectLastCall().once();
-    
+    servletResponse.setCharacterEncoding(Configuration.HTTP_CHARSET.getDefaultValue());
+    expectLastCall().once();
+
     FilterChain filterChain = createStrictMock(FilterChain.class);
     filterChain.doFilter(servletRequest, servletResponse);
     expectLastCall().once();
@@ -129,7 +131,7 @@ public abstract class AbstractSecurityHeaderFilterTest extends EasyMockSupport
{
         properties.setProperty(Configuration.API_USE_SSL.getKey(), "true");
         properties.setProperty(Configuration.CLIENT_API_SSL_KSTR_DIR_NAME.getKey(), httpPassFile.getParent());
         properties.setProperty(Configuration.CLIENT_API_SSL_CRT_PASS_FILE_NAME.getKey(),
httpPassFile.getName());
-
+        properties.setProperty(Configuration.HTTP_CHARSET.getKey(), Configuration.HTTP_CHARSET.getDefaultValue());
         bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
         bind(Configuration.class).toInstance(new Configuration(properties));
       }
@@ -153,7 +155,8 @@ public abstract class AbstractSecurityHeaderFilterTest extends EasyMockSupport
{
     expectLastCall().once();
     servletResponse.setHeader(AbstractSecurityHeaderFilter.PRAGMA_HEADER, defatulPropertyValueMap.get(AbstractSecurityHeaderFilter.PRAGMA_HEADER));
     expectLastCall().once();
-
+    servletResponse.setCharacterEncoding(Configuration.HTTP_CHARSET.getDefaultValue());
+    expectLastCall().once();
     FilterChain filterChain = createStrictMock(FilterChain.class);
     filterChain.doFilter(servletRequest, servletResponse);
     expectLastCall().once();
@@ -186,7 +189,8 @@ public abstract class AbstractSecurityHeaderFilterTest extends EasyMockSupport
{
         properties.setProperty(propertyNameMap.get(AbstractSecurityHeaderFilter.X_CONTENT_TYPE_HEADER),
"custom4");
         properties.setProperty(propertyNameMap.get(AbstractSecurityHeaderFilter.CACHE_CONTROL_HEADER),
"custom5");
         properties.setProperty(propertyNameMap.get(AbstractSecurityHeaderFilter.PRAGMA_HEADER),
"custom6");
-
+        properties.setProperty(Configuration.HTTP_CHARSET.getKey(), "custom7");
+        properties.setProperty(Configuration.VIEWS_HTTP_CHARSET.getKey(), "custom7");
         bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
         bind(Configuration.class).toInstance(new Configuration(properties));
       }
@@ -208,7 +212,8 @@ public abstract class AbstractSecurityHeaderFilterTest extends EasyMockSupport
{
     expectLastCall().once();
     servletResponse.setHeader(AbstractSecurityHeaderFilter.PRAGMA_HEADER, "custom6");
     expectLastCall().once();
-
+    servletResponse.setCharacterEncoding("custom7");
+    expectLastCall().once();
     FilterChain filterChain = createStrictMock(FilterChain.class);
     filterChain.doFilter(servletRequest, servletResponse);
     expectLastCall().once();
@@ -242,7 +247,8 @@ public abstract class AbstractSecurityHeaderFilterTest extends EasyMockSupport
{
         properties.setProperty(propertyNameMap.get(AbstractSecurityHeaderFilter.X_CONTENT_TYPE_HEADER),
"custom4");
         properties.setProperty(propertyNameMap.get(AbstractSecurityHeaderFilter.CACHE_CONTROL_HEADER),
"custom5");
         properties.setProperty(propertyNameMap.get(AbstractSecurityHeaderFilter.PRAGMA_HEADER),
"custom6");
-
+        properties.setProperty(Configuration.HTTP_CHARSET.getKey(), "custom7");
+        properties.setProperty(Configuration.VIEWS_HTTP_CHARSET.getKey(), "custom7");
         bind(OsFamily.class).toInstance(createNiceMock(OsFamily.class));
         bind(Configuration.class).toInstance(new Configuration(properties));
       }
@@ -266,7 +272,8 @@ public abstract class AbstractSecurityHeaderFilterTest extends EasyMockSupport
{
     expectLastCall().once();
     servletResponse.setHeader(AbstractSecurityHeaderFilter.PRAGMA_HEADER, "custom6");
     expectLastCall().once();
-
+    servletResponse.setCharacterEncoding("custom7");
+    expectLastCall().once();
     FilterChain filterChain = createStrictMock(FilterChain.class);
     filterChain.doFilter(servletRequest, servletResponse);
     expectLastCall().once();
@@ -293,6 +300,8 @@ public abstract class AbstractSecurityHeaderFilterTest extends EasyMockSupport
{
         Properties properties = new Properties();
         properties.setProperty(Configuration.CLIENT_API_SSL_KSTR_DIR_NAME.getKey(), httpPassFile.getParent());
         properties.setProperty(Configuration.CLIENT_API_SSL_CRT_PASS_FILE_NAME.getKey(),
httpPassFile.getName());
+        properties.setProperty(Configuration.HTTP_CHARSET.getKey(), "");
+        properties.setProperty(Configuration.VIEWS_HTTP_CHARSET.getKey(), "");
         properties.setProperty(propertyNameMap.get(AbstractSecurityHeaderFilter.STRICT_TRANSPORT_HEADER),
"");
         properties.setProperty(propertyNameMap.get(AbstractSecurityHeaderFilter.X_FRAME_OPTIONS_HEADER),
"");
         properties.setProperty(propertyNameMap.get(AbstractSecurityHeaderFilter.X_XSS_PROTECTION_HEADER),
"");
@@ -339,6 +348,8 @@ public abstract class AbstractSecurityHeaderFilterTest extends EasyMockSupport
{
         properties.setProperty(Configuration.API_USE_SSL.getKey(), "true");
         properties.setProperty(Configuration.CLIENT_API_SSL_KSTR_DIR_NAME.getKey(), httpPassFile.getParent());
         properties.setProperty(Configuration.CLIENT_API_SSL_CRT_PASS_FILE_NAME.getKey(),
httpPassFile.getName());
+        properties.setProperty(Configuration.HTTP_CHARSET.getKey(), "");
+        properties.setProperty(Configuration.VIEWS_HTTP_CHARSET.getKey(), "");
         properties.setProperty(propertyNameMap.get(AbstractSecurityHeaderFilter.STRICT_TRANSPORT_HEADER),
"");
         properties.setProperty(propertyNameMap.get(AbstractSecurityHeaderFilter.X_FRAME_OPTIONS_HEADER),
"");
         properties.setProperty(propertyNameMap.get(AbstractSecurityHeaderFilter.X_XSS_PROTECTION_HEADER),
"");
@@ -373,4 +384,4 @@ public abstract class AbstractSecurityHeaderFilterTest extends EasyMockSupport
{
     verifyAll();
   }
 
-}
\ No newline at end of file
+}


Mime
View raw message