This is an automated email from the ASF dual-hosted git repository.

dhavalshah9131 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new a3d7982  RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT 
DEFINED BY RFC 6797
a3d7982 is described below

commit a3d798253605b5cb51cbce03489a9e36c3b338b8
Author: Dhaval Shah <[email protected]>
AuthorDate: Mon Nov 29 11:56:42 2021 +0530

    RANGER-3521 : Ranger KMS IS NOT ENFORCING HSTS ON SSL PORT DEFINED BY RFC 
6797
---
 .../org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java     | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git 
a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java 
b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
index f0e92b8..1174f0b 100644
--- 
a/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
+++ 
b/kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMSMDCFilter.java
@@ -27,6 +27,8 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import java.io.IOException;
 
 /**
@@ -73,9 +75,11 @@ public class KMSMDCFilter implements Filter {
       throws IOException, ServletException {
     try {
         String path = ((HttpServletRequest) request).getRequestURI();
+         HttpServletResponse resp = (HttpServletResponse) response;
+         resp.setHeader("Strict-Transport-Security", "max-age=31536000; 
includeSubDomains");
            
             if (path.startsWith(RANGER_KMS_REST_API_PATH)) {
-               chain.doFilter(request, response);
+                 chain.doFilter(request, resp);
              } else {
                              DATA_TL.remove();
                              UserGroupInformation ugi = 
HttpUserGroupInformation.get();
@@ -86,7 +90,7 @@ public class KMSMDCFilter implements Filter {
                                requestURL.append("?").append(queryString);
                              }
                              DATA_TL.set(new Data(ugi, method, 
requestURL.toString()));
-                             chain.doFilter(request, response);
+                             chain.doFilter(request, resp);
            }
     } finally {
       DATA_TL.remove();

Reply via email to