atlas-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject incubator-atlas git commit: ATLAS-1427: Support an option to exclude protocols in SSL mode
Date Thu, 05 Jan 2017 17:12:19 GMT
Repository: incubator-atlas
Updated Branches:
  refs/heads/0.7-incubating 0dcfd21bb -> 77ea77286


ATLAS-1427: Support an option to exclude protocols in SSL mode

Signed-off-by: Madhan Neethiraj <madhan@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/77ea7728
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/77ea7728
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/77ea7728

Branch: refs/heads/0.7-incubating
Commit: 77ea772863b9c7d793a1eb0c6bcd4623a9b0ede7
Parents: 0dcfd21
Author: nixonrodrigues <nixon.rodrigues@freestoneinfotech.com>
Authored: Thu Jan 5 19:12:29 2017 +0530
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Thu Jan 5 09:12:09 2017 -0800

----------------------------------------------------------------------
 .../java/org/apache/atlas/security/SecurityProperties.java   | 3 +++
 release-log.txt                                              | 4 ++++
 .../org/apache/atlas/web/service/SecureEmbeddedServer.java   | 8 ++++++++
 3 files changed, 15 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/77ea7728/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/atlas/security/SecurityProperties.java b/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
index 191d869..4bba3b3 100644
--- a/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
+++ b/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
@@ -43,4 +43,7 @@ public final class SecurityProperties {
     public static final String ATLAS_SSL_EXCLUDE_CIPHER_SUITES = "atlas.ssl.exclude.cipher.suites";
     public static final List<String> DEFAULT_CIPHER_SUITES = Arrays.asList(
             ".*NULL.*", ".*RC4.*", ".*MD5.*", ".*DES.*", ".*DSS.*");
+    public static final String ATLAS_SSL_EXCLUDE_PROTOCOLS = "atlas.ssl.exclude.protocols";
+    public static final String[] DEFAULT_EXCLUDE_PROTOCOLS = new String[]{"TLSv1", "TLSv1.1"};
+
 }

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/77ea7728/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index 73867e8..b226eca 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -32,6 +32,10 @@ ATLAS-409 Atlas will not import avro tables with schema read from a file
(dosset
 ATLAS-379 Create sqoop and falcon metadata addons (venkatnrangan,bvellanki,sowmyaramesh via
shwethags)
 
 ALL CHANGES:
+ATLAS-1427 Support an option to exclude protocols in SSL mode (nixonrodrigues via mneethiraj)
+ATLAS-1424 Avoid stack-trace in REST API error response (nixonrodrigues via mneethiraj)
+ATLAS-1420 use ATLASSESSIONID as cookie name instead of JSESSIONID (nixonrodrigues via mneethiraj)
+ATLAS-1417 HIveHook: synchronous execution fails to notify (sumasai)
 ATLAS-1419 fix entity-update to retain value of attributes when not provided (sumasai)
 ATLAS-1364 HiveHook : Fix Auth issue with doAs (sumasai)
 ATLAS-1403 Performance fixes for search, lineage

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/77ea7728/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
index b433e71..401b86e 100755
--- a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
+++ b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
@@ -48,6 +48,8 @@ import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
 import static org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
 import static org.apache.atlas.security.SecurityProperties.ATLAS_SSL_EXCLUDE_CIPHER_SUITES;
 import static org.apache.atlas.security.SecurityProperties.DEFAULT_CIPHER_SUITES;
+import static org.apache.atlas.security.SecurityProperties.ATLAS_SSL_EXCLUDE_PROTOCOLS;
+import static org.apache.atlas.security.SecurityProperties.DEFAULT_EXCLUDE_PROTOCOLS;
 
 /**
  * This is a jetty server which requires client auth via certificates.
@@ -77,6 +79,12 @@ public class SecureEmbeddedServer extends EmbeddedServer {
         sslContextFactory.setExcludeCipherSuites(cipherList.toArray(new String[cipherList.size()]));
         sslContextFactory.setRenegotiationAllowed(false);
 
+        String[] excludedProtocols = config.containsKey(ATLAS_SSL_EXCLUDE_PROTOCOLS) ?
+                config.getStringArray(ATLAS_SSL_EXCLUDE_PROTOCOLS) : DEFAULT_EXCLUDE_PROTOCOLS;
+        if (excludedProtocols != null && excludedProtocols.length > 0) {
+            sslContextFactory.addExcludeProtocols(excludedProtocols);
+        }
+
         // SSL HTTP Configuration
         // HTTP Configuration
         HttpConfiguration http_config = new HttpConfiguration();


Mime
View raw message