This is an automated email from the ASF dual-hosted git repository.
stoty pushed a commit to branch branch-2.6
in repository https://gitbox.apache.org/repos/asf/hbase.git
The following commit(s) were added to refs/heads/branch-2.6 by this push:
new 058fe41c726 HBASE-29508 Define HBase specific TLS config properties
for InfoServer (#7204)
058fe41c726 is described below
commit 058fe41c72669cc6b8c93dff8830099c18196a27
Author: Istvan Toth <[email protected]>
AuthorDate: Mon Aug 11 14:25:46 2025 +0200
HBASE-29508 Define HBase specific TLS config properties for InfoServer
(#7204)
Signed-off-by: Nihal Jain <[email protected]>
(cherry picked from commit 70b49d7ae6c49b011d57c60db3f4918bcbad5a32)
---
.../org/apache/hadoop/hbase/http/InfoServer.java | 38 +++++++++++++++-------
1 file changed, 26 insertions(+), 12 deletions(-)
diff --git
a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/InfoServer.java
b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/InfoServer.java
index 6a08e21df97..ea73be808f0 100644
--- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/InfoServer.java
+++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/InfoServer.java
@@ -42,6 +42,9 @@ public class InfoServer {
private static final String HBASE_APP_DIR = "hbase-webapps";
private final org.apache.hadoop.hbase.http.HttpServer httpServer;
+ private static final String HADOOP_WEB_TLS_CONFIG_PREFIX = "ssl.server.";
+ private static final String HBASE_WEB_TLS_CONFIG_PREFIX = "hbase.ui.ssl.";
+
/**
* Create a status server on the given port. The jsp scripts are taken from
* src/hbase-webapps/<code>name</code>.
@@ -70,19 +73,16 @@ public class InfoServer {
// We are using the Hadoop HTTP server config properties.
// This makes it easy to keep in sync with Hadoop's UI servers, but hard
to set this
// separately for HBase.
- builder
- .keyPassword(HBaseConfiguration.getPassword(c,
"ssl.server.keystore.keypassword", null))
- .keyStore(c.get("ssl.server.keystore.location"),
- HBaseConfiguration.getPassword(c, "ssl.server.keystore.password",
null),
- c.get("ssl.server.keystore.type", "jks"))
- .trustStore(c.get("ssl.server.truststore.location"),
- HBaseConfiguration.getPassword(c, "ssl.server.truststore.password",
null),
- c.get("ssl.server.truststore.type", "jks"))
+ builder.keyPassword(getTLSPassword(c, "keystore.keypassword"))
+ .keyStore(getTLSProperty(c, "keystore.location"), getTLSPassword(c,
"keystore.password"),
+ getTLSProperty(c, "keystore.type", "jks"))
+ .trustStore(getTLSProperty(c, "truststore.location"),
+ getTLSPassword(c, "truststore.password"), getTLSProperty(c,
"truststore.type", "jks"))
// The ssl.server.*.protocols properties do not exist in Hadoop at the
time of writing.
- .setIncludeProtocols(c.get("ssl.server.include.protocols"))
- .setExcludeProtocols(c.get("ssl.server.exclude.protocols"))
- .setIncludeCiphers(c.get("ssl.server.include.cipher.list"))
- .setExcludeCiphers(c.get("ssl.server.exclude.cipher.list"));
+ .setIncludeProtocols(getTLSProperty(c, "include.protocols"))
+ .setExcludeProtocols(getTLSProperty(c, "exclude.protocols"))
+ .setIncludeCiphers(getTLSProperty(c, "include.cipher.list"))
+ .setExcludeCiphers(getTLSProperty(c, "exclude.cipher.list"));
}
final String httpAuthType = c.get(HttpServer.HTTP_UI_AUTHENTICATION,
"").toLowerCase();
@@ -104,6 +104,20 @@ public class InfoServer {
this.httpServer = builder.build();
}
+ private String getTLSPassword(Configuration c, String postfix) throws
IOException {
+ return HBaseConfiguration.getPassword(c, HBASE_WEB_TLS_CONFIG_PREFIX +
postfix,
+ HBaseConfiguration.getPassword(c, HADOOP_WEB_TLS_CONFIG_PREFIX +
postfix, null));
+ }
+
+ private String getTLSProperty(Configuration c, String postfix) {
+ return getTLSProperty(c, postfix, null);
+ }
+
+ private String getTLSProperty(Configuration c, String postfix, String
defaultValue) {
+ return c.get(HBASE_WEB_TLS_CONFIG_PREFIX + postfix,
+ c.get(HADOOP_WEB_TLS_CONFIG_PREFIX + postfix, defaultValue));
+ }
+
/**
* Builds an ACL that will restrict the users who can issue commands to
endpoints on the UI which
* are meant only for administrators.
