From 3ea676d2fb0a6b878bbf9bea5f7df59ef5eb4495 Mon Sep 17 00:00:00 2001 From: ydodeja365 Date: Thu, 27 Apr 2023 11:59:32 +0530 Subject: [PATCH 1/3] HBASE-27812 Provide option in HBase UI to disable stack trace for security --- .../org/apache/hadoop/hbase/http/HttpServer.java | 12 ++++++++++++ src/main/asciidoc/_chapters/security.adoc | 9 +++++++++ 2 files changed, 21 insertions(+) diff --git a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java index ce1b387bc152..1f8a29a321c0 100644 --- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java +++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java @@ -81,6 +81,7 @@ import org.apache.hbase.thirdparty.org.eclipse.jetty.server.ServerConnector; import org.apache.hbase.thirdparty.org.eclipse.jetty.server.SslConnectionFactory; import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.ContextHandlerCollection; +import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.ErrorHandler; import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.HandlerCollection; import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.RequestLogHandler; import org.apache.hbase.thirdparty.org.eclipse.jetty.server.handler.gzip.GzipHandler; @@ -153,6 +154,7 @@ public class HttpServer implements FilterContainer { public static final String SPNEGO_PROXYUSER_FILTER = "SpnegoProxyUserFilter"; public static final String NO_CACHE_FILTER = "NoCacheFilter"; public static final String APP_DIR = "webapps"; + public static final String HTTP_UI_SHOW_STACKTRACE_KEY = "hbase.ui.showStackTraces"; public static final String METRIC_SERVLETS_CONF_KEY = "hbase.http.metrics.servlets"; public static final String[] METRICS_SERVLETS_DEFAULT = { "jmx", "metrics", "prometheus" }; @@ -652,6 +654,16 @@ private void initializeWebServer(String name, String hostName, Configuration con addFilterPathMapping(path, webAppContext); } } + // Check if disable stack trace property is configured + if (null != conf.get(HTTP_UI_SHOW_STACKTRACE_KEY, null)) { + // Get the configured value + boolean showStackTraces = conf.getBoolean(HTTP_UI_SHOW_STACKTRACE_KEY, false); + // Disable stack traces for server errors in UI + webServer.setErrorHandler(new ErrorHandler()); + webServer.getErrorHandler().setShowStacks(showStackTraces); + // Disable stack traces for web app errors in UI + webAppContext.getErrorHandler().setShowStacks(showStackTraces); + } } private void addManagedListener(ServerConnector connector) { diff --git a/src/main/asciidoc/_chapters/security.adoc b/src/main/asciidoc/_chapters/security.adoc index 2d43abc08c2b..26898417fa8a 100644 --- a/src/main/asciidoc/_chapters/security.adoc +++ b/src/main/asciidoc/_chapters/security.adoc @@ -203,6 +203,15 @@ Users who wish to change this would set the following in their hbase-site.xml: ---- +To disable showing stack traces in HBase UI for hiding sensitive information, set the following in hbase-site: +[source,xml] +---- + + hbase.ui.showStackTraces + false + +---- + [[hbase.secure.configuration]] == Secure Client Access to Apache HBase From 921243f8b31e1b715f101696f621690996199eda Mon Sep 17 00:00:00 2001 From: ydodeja365 Date: Tue, 2 May 2023 23:35:10 +0530 Subject: [PATCH 2/3] Addressed review comments --- .../src/main/java/org/apache/hadoop/hbase/http/HttpServer.java | 2 +- src/main/asciidoc/_chapters/security.adoc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java index 1f8a29a321c0..1334b5f29214 100644 --- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java +++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java @@ -154,7 +154,7 @@ public class HttpServer implements FilterContainer { public static final String SPNEGO_PROXYUSER_FILTER = "SpnegoProxyUserFilter"; public static final String NO_CACHE_FILTER = "NoCacheFilter"; public static final String APP_DIR = "webapps"; - public static final String HTTP_UI_SHOW_STACKTRACE_KEY = "hbase.ui.showStackTraces"; + public static final String HTTP_UI_SHOW_STACKTRACE_KEY = "hbase.ui.show-stack-traces"; public static final String METRIC_SERVLETS_CONF_KEY = "hbase.http.metrics.servlets"; public static final String[] METRICS_SERVLETS_DEFAULT = { "jmx", "metrics", "prometheus" }; diff --git a/src/main/asciidoc/_chapters/security.adoc b/src/main/asciidoc/_chapters/security.adoc index 26898417fa8a..6c7c69493530 100644 --- a/src/main/asciidoc/_chapters/security.adoc +++ b/src/main/asciidoc/_chapters/security.adoc @@ -207,7 +207,7 @@ To disable showing stack traces in HBase UI for hiding sensitive information, se [source,xml] ---- - hbase.ui.showStackTraces + hbase.ui.show-stack-traces false ---- From 71fd968ee029f2eeb84dae5e023d04668262a1f4 Mon Sep 17 00:00:00 2001 From: ydodeja365 Date: Thu, 4 May 2023 10:04:08 +0530 Subject: [PATCH 3/3] Review comment for the if block --- .../java/org/apache/hadoop/hbase/http/HttpServer.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java index 1334b5f29214..6c2b71a0b90b 100644 --- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java +++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java @@ -655,14 +655,12 @@ private void initializeWebServer(String name, String hostName, Configuration con } } // Check if disable stack trace property is configured - if (null != conf.get(HTTP_UI_SHOW_STACKTRACE_KEY, null)) { - // Get the configured value - boolean showStackTraces = conf.getBoolean(HTTP_UI_SHOW_STACKTRACE_KEY, false); + if (!conf.getBoolean(HTTP_UI_SHOW_STACKTRACE_KEY, true)) { // Disable stack traces for server errors in UI webServer.setErrorHandler(new ErrorHandler()); - webServer.getErrorHandler().setShowStacks(showStackTraces); + webServer.getErrorHandler().setShowStacks(false); // Disable stack traces for web app errors in UI - webAppContext.getErrorHandler().setShowStacks(showStackTraces); + webAppContext.getErrorHandler().setShowStacks(false); } }