ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tom Beerbower" <tbeerbo...@hortonworks.com>
Subject Review Request 34212: Set HttpOnly and Secure flags for Ambari session cookies
Date Thu, 14 May 2015 13:22:07 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34212/
-----------------------------------------------------------

Review request for Ambari, Jonathan Hurley and Nate Cole.


Bugs: AMBARI-11129
    https://issues.apache.org/jira/browse/AMBARI-11129


Repository: ambari


Description
-------

Ambari should set the following flags for session cookies.

1) https://www.owasp.org/index.php/HttpOnly
2) https://www.owasp.org/index.php/SecureFlag

SecureFlag only needs to be set when people configure for Ambari HTTPS.


Requires changing to servlet 3.0 and Jetty 8.


Diffs
-----

  ambari-project/pom.xml 378a998 
  ambari-server/pom.xml 8efd1ec 
  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java 4207007

  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java 77f6d2c

  ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariSessionManager.java
721d95b 
  ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java 432e41a

  ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java
afad6ce 
  ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariServerTest.java 484f398

  ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariSessionManagerTest.java
058baa1 

Diff: https://reviews.apache.org/r/34212/diff/


Testing
-------

Manual tested.

Added new unit tests.

mvn clean test


Thanks,

Tom Beerbower


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message