incubator-atlas git commit: ATLAS-1427: Support an option to exclude protocols in SSL mode

Thu, 05 Jan 2017 09:12:56 -0800 

Repository: incubator-atlas
Updated Branches:
  refs/heads/0.7-incubating 0dcfd21bb -> 77ea77286


ATLAS-1427: Support an option to exclude protocols in SSL mode

Signed-off-by: Madhan Neethiraj <[email protected]>


Project: http://git-wip-us.apache.org/repos/asf/incubator-atlas/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-atlas/commit/77ea7728
Tree: http://git-wip-us.apache.org/repos/asf/incubator-atlas/tree/77ea7728
Diff: http://git-wip-us.apache.org/repos/asf/incubator-atlas/diff/77ea7728

Branch: refs/heads/0.7-incubating
Commit: 77ea772863b9c7d793a1eb0c6bcd4623a9b0ede7
Parents: 0dcfd21
Author: nixonrodrigues <[email protected]>
Authored: Thu Jan 5 19:12:29 2017 +0530
Committer: Madhan Neethiraj <[email protected]>
Committed: Thu Jan 5 09:12:09 2017 -0800

----------------------------------------------------------------------
 .../java/org/apache/atlas/security/SecurityProperties.java   | 3 +++
 release-log.txt                                              | 4 ++++
 .../org/apache/atlas/web/service/SecureEmbeddedServer.java   | 8 ++++++++
 3 files changed, 15 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/77ea7728/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
----------------------------------------------------------------------
diff --git 
a/common/src/main/java/org/apache/atlas/security/SecurityProperties.java 
b/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
index 191d869..4bba3b3 100644
--- a/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
+++ b/common/src/main/java/org/apache/atlas/security/SecurityProperties.java
@@ -43,4 +43,7 @@ public final class SecurityProperties {
     public static final String ATLAS_SSL_EXCLUDE_CIPHER_SUITES = 
"atlas.ssl.exclude.cipher.suites";
     public static final List<String> DEFAULT_CIPHER_SUITES = Arrays.asList(
             ".*NULL.*", ".*RC4.*", ".*MD5.*", ".*DES.*", ".*DSS.*");
+    public static final String ATLAS_SSL_EXCLUDE_PROTOCOLS = 
"atlas.ssl.exclude.protocols";
+    public static final String[] DEFAULT_EXCLUDE_PROTOCOLS = new 
String[]{"TLSv1", "TLSv1.1"};
+
 }

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/77ea7728/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index 73867e8..b226eca 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -32,6 +32,10 @@ ATLAS-409 Atlas will not import avro tables with schema read 
from a file (dosset
 ATLAS-379 Create sqoop and falcon metadata addons 
(venkatnrangan,bvellanki,sowmyaramesh via shwethags)
 
 ALL CHANGES:
+ATLAS-1427 Support an option to exclude protocols in SSL mode (nixonrodrigues 
via mneethiraj)
+ATLAS-1424 Avoid stack-trace in REST API error response (nixonrodrigues via 
mneethiraj)
+ATLAS-1420 use ATLASSESSIONID as cookie name instead of JSESSIONID 
(nixonrodrigues via mneethiraj)
+ATLAS-1417 HIveHook: synchronous execution fails to notify (sumasai)
 ATLAS-1419 fix entity-update to retain value of attributes when not provided 
(sumasai)
 ATLAS-1364 HiveHook : Fix Auth issue with doAs (sumasai)
 ATLAS-1403 Performance fixes for search, lineage

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/77ea7728/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
----------------------------------------------------------------------
diff --git 
a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java 
b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
index b433e71..401b86e 100755
--- 
a/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
+++ 
b/webapp/src/main/java/org/apache/atlas/web/service/SecureEmbeddedServer.java
@@ -48,6 +48,8 @@ import static 
org.apache.atlas.security.SecurityProperties.TRUSTSTORE_FILE_KEY;
 import static 
org.apache.atlas.security.SecurityProperties.TRUSTSTORE_PASSWORD_KEY;
 import static 
org.apache.atlas.security.SecurityProperties.ATLAS_SSL_EXCLUDE_CIPHER_SUITES;
 import static 
org.apache.atlas.security.SecurityProperties.DEFAULT_CIPHER_SUITES;
+import static 
org.apache.atlas.security.SecurityProperties.ATLAS_SSL_EXCLUDE_PROTOCOLS;
+import static 
org.apache.atlas.security.SecurityProperties.DEFAULT_EXCLUDE_PROTOCOLS;
 
 /**
  * This is a jetty server which requires client auth via certificates.
@@ -77,6 +79,12 @@ public class SecureEmbeddedServer extends EmbeddedServer {
         sslContextFactory.setExcludeCipherSuites(cipherList.toArray(new 
String[cipherList.size()]));
         sslContextFactory.setRenegotiationAllowed(false);
 
+        String[] excludedProtocols = 
config.containsKey(ATLAS_SSL_EXCLUDE_PROTOCOLS) ?
+                config.getStringArray(ATLAS_SSL_EXCLUDE_PROTOCOLS) : 
DEFAULT_EXCLUDE_PROTOCOLS;
+        if (excludedProtocols != null && excludedProtocols.length > 0) {
+            sslContextFactory.addExcludeProtocols(excludedProtocols);
+        }
+
         // SSL HTTP Configuration
         // HTTP Configuration
         HttpConfiguration http_config = new HttpConfiguration();

Reply via email to