hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hadoop QA (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-11677) Missing secure session attributed for log and static contexts
Date Wed, 29 Apr 2015 15:30:08 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-11677?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14519557#comment-14519557
] 

Hadoop QA commented on HADOOP-11677:
------------------------------------

\\
\\
| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
| {color:blue}0{color} | pre-patch |  14m 34s | Pre-patch trunk compilation is healthy. |
| {color:green}+1{color} | @author |   0m  0s | The patch does not contain any @author tags.
|
| {color:red}-1{color} | tests included |   0m  0s | The patch doesn't appear to include any
new or modified tests.  Please justify why no new tests are needed for this patch. Also please
list what manual steps were performed to verify this patch. |
| {color:green}+1{color} | whitespace |   0m  0s | The patch has no lines that end in whitespace.
|
| {color:red}-1{color} | javac |   0m 35s | The patch appears to cause the build to fail.
|
\\
\\
|| Subsystem || Report/Notes ||
| Patch URL | http://issues.apache.org/jira/secure/attachment/12729185/HADOOP-11677.1.patch
|
| Optional Tests | javadoc javac unit findbugs checkstyle |
| git revision | trunk / 8f82970 |
| Console output | https://builds.apache.org/job/PreCommit-HADOOP-Build/6214/console |


This message was automatically generated.

> Missing secure session attributed for log and static contexts
> -------------------------------------------------------------
>
>                 Key: HADOOP-11677
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11677
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: nijel
>            Assignee: nijel
>         Attachments: 001-HADOOP-11677.patch, HADOOP-11677.1.patch
>
>
> In HTTPServer2.java for the default context the secure attributes are set.
> {code}
> SessionManager sm = webAppContext.getSessionHandler().getSessionManager();
>     if (sm instanceof AbstractSessionManager) {
>       AbstractSessionManager asm = (AbstractSessionManager)sm;
>       asm.setHttpOnly(true);
>       asm.setSecureCookies(true);
>     }
> {code}
> But when the contexts are created for /logs and /static, new contexts are created and
the session handler is assigned as null. 
> Here also the secure attributes needs to be set.
> Is it not done intentionally ? please give your thought
> Background 
> trying to add login action for HTTP pages. After this when security test tool is used,
it reports error for these 2 urls (/logs and /static).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message