Repository: incubator-ranger Updated Branches: refs/heads/master eb31b7e95 -> 4e80d187c
RANGER-1013 : Move some properties from ranger-admin-site.xml to ranger-admin-default-site.xml Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/4e80d187 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/4e80d187 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/4e80d187 Branch: refs/heads/master Commit: 4e80d187cbce27aeecef394287be2fb4c890f9e2 Parents: eb31b7e Author: Ankita Sinha <[email protected]> Authored: Fri Jun 3 11:43:17 2016 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Fri Jun 3 12:56:11 2016 -0400 ---------------------------------------------------------------------- .../java/org/apache/ranger/rest/ServiceREST.java | 9 +++++---- .../web/filter/RangerCSRFPreventionFilter.java | 12 ++++++------ .../conf.dist/ranger-admin-default-site.xml | 16 ++++++++++++++++ .../resources/conf.dist/ranger-admin-site.xml | 18 ------------------ 4 files changed, 27 insertions(+), 28 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4e80d187/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 461feb0..a8c7b52 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -87,6 +87,7 @@ import org.apache.ranger.plugin.util.RangerPerfTracer; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.plugin.util.ServicePolicies; import org.apache.ranger.security.context.RangerAPIList; +import org.apache.ranger.security.web.filter.RangerCSRFPreventionFilter; import org.apache.ranger.service.RangerPolicyService; import org.apache.ranger.service.RangerServiceDefService; import org.apache.ranger.service.RangerServiceService; @@ -2283,10 +2284,10 @@ public class ServiceREST { private HashMap<String, Object> getCSRFPropertiesMap() { HashMap<String, Object> map = new HashMap<String, Object>(); - map.put(isCSRF_ENABLED, PropertiesUtil.getBooleanProperty(isCSRF_ENABLED, false)); - map.put(CUSTOM_HEADER_PARAM, PropertiesUtil.getProperty(CUSTOM_HEADER_PARAM)); - map.put(BROWSER_USER_AGENT_PARAM, PropertiesUtil.getProperty(BROWSER_USER_AGENT_PARAM)); - map.put(CUSTOM_METHODS_TO_IGNORE_PARAM, PropertiesUtil.getProperty(CUSTOM_METHODS_TO_IGNORE_PARAM)); + map.put(isCSRF_ENABLED, PropertiesUtil.getBooleanProperty(isCSRF_ENABLED, true)); + map.put(CUSTOM_HEADER_PARAM, PropertiesUtil.getProperty(CUSTOM_HEADER_PARAM, RangerCSRFPreventionFilter.HEADER_DEFAULT)); + map.put(BROWSER_USER_AGENT_PARAM, PropertiesUtil.getProperty(BROWSER_USER_AGENT_PARAM, RangerCSRFPreventionFilter.BROWSER_USER_AGENTS_DEFAULT)); + map.put(CUSTOM_METHODS_TO_IGNORE_PARAM, PropertiesUtil.getProperty(CUSTOM_METHODS_TO_IGNORE_PARAM, RangerCSRFPreventionFilter.METHODS_TO_IGNORE_DEFAULT)); return map; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4e80d187/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerCSRFPreventionFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerCSRFPreventionFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerCSRFPreventionFilter.java index 42b4ad4..69a9d17 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerCSRFPreventionFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerCSRFPreventionFilter.java @@ -42,11 +42,11 @@ public class RangerCSRFPreventionFilter implements Filter { private static final Logger LOG = Logger.getLogger(RangerCSRFPreventionFilter.class); - public static final boolean isCSRF_ENABLED = PropertiesUtil.getBooleanProperty("ranger.rest-csrf.enabled",true); + public static final boolean isCSRF_ENABLED = PropertiesUtil.getBooleanProperty("ranger.rest-csrf.enabled", true); public static final String BROWSER_USER_AGENT_PARAM = "ranger.rest-csrf.browser-useragents-regex"; - static final String BROWSER_USER_AGENTS_DEFAULT = "^Mozilla.*,^Opera.*"; + public static final String BROWSER_USER_AGENTS_DEFAULT = "^Mozilla.*,^Opera.*"; public static final String CUSTOM_METHODS_TO_IGNORE_PARAM = "ranger.rest-csrf.methods-to-ignore"; - static final String METHODS_TO_IGNORE_DEFAULT = "GET,OPTIONS,HEAD,TRACE"; + public static final String METHODS_TO_IGNORE_DEFAULT = "GET,OPTIONS,HEAD,TRACE"; public static final String CUSTOM_HEADER_PARAM = "ranger.rest-csrf.custom-header"; public static final String HEADER_DEFAULT = "X-XSRF-HEADER"; public static final String HEADER_USER_AGENT = "User-Agent"; @@ -66,18 +66,18 @@ public class RangerCSRFPreventionFilter implements Filter { } public void init(FilterConfig filterConfig) throws ServletException { - String customHeader = PropertiesUtil.getProperty(CUSTOM_HEADER_PARAM); + String customHeader = PropertiesUtil.getProperty(CUSTOM_HEADER_PARAM, HEADER_DEFAULT); if (customHeader != null) { headerName = customHeader; } - String customMethodsToIgnore = PropertiesUtil.getProperty(CUSTOM_METHODS_TO_IGNORE_PARAM); + String customMethodsToIgnore = PropertiesUtil.getProperty(CUSTOM_METHODS_TO_IGNORE_PARAM, METHODS_TO_IGNORE_DEFAULT); if (customMethodsToIgnore != null) { parseMethodsToIgnore(customMethodsToIgnore); } else { parseMethodsToIgnore(METHODS_TO_IGNORE_DEFAULT); } - String agents = PropertiesUtil.getProperty(BROWSER_USER_AGENT_PARAM); + String agents = PropertiesUtil.getProperty(BROWSER_USER_AGENT_PARAM, BROWSER_USER_AGENTS_DEFAULT); if (agents == null) { agents = BROWSER_USER_AGENTS_DEFAULT; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4e80d187/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml index 90ef9f3..75c67d3 100644 --- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml +++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml @@ -467,5 +467,21 @@ <name>ranger.sso.query.param.originalurl</name> <value>originalUrl</value> </property> + <property> + <name>ranger.rest-csrf.enabled</name> + <value>true</value> + </property> + <property> + <name>ranger.rest-csrf.custom-header</name> + <value>X-XSRF-HEADER</value> + </property> + <property> + <name>ranger.rest-csrf.methods-to-ignore</name> + <value>GET,OPTIONS,HEAD,TRACE</value> + </property> + <property> + <name>ranger.rest-csrf.browser-useragents-regex</name> + <value>^Mozilla.*,^Opera.*</value> + </property> </configuration> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4e80d187/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml index ce543ac..5f89caa 100644 --- a/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml +++ b/security-admin/src/main/resources/conf.dist/ranger-admin-site.xml @@ -280,22 +280,4 @@ <name>ranger.kms.service.user.hive</name> <value>hive</value> </property> - <!-- CSRF Properties Starts--> - <property> - <name>ranger.rest-csrf.enabled</name> - <value>true</value> - </property> - <property> - <name>ranger.rest-csrf.custom-header</name> - <value>X-XSRF-HEADER</value> - </property> - <property> - <name>ranger.rest-csrf.methods-to-ignore</name> - <value>GET,OPTIONS,HEAD,TRACE</value> - </property> - <property> - <name>ranger.rest-csrf.browser-useragents-regex</name> - <value>^Mozilla.*,^Opera.*</value> - </property> - <!-- CSRF Properties ENDs--> </configuration>
