Review Request 34212: Set HttpOnly and Secure flags for Ambari session cookies

Thu, 14 May 2015 06:23:00 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/34212/
-----------------------------------------------------------

Review request for Ambari, Jonathan Hurley and Nate Cole.


Bugs: AMBARI-11129
    https://issues.apache.org/jira/browse/AMBARI-11129


Repository: ambari


Description
-------

Ambari should set the following flags for session cookies.

1) https://www.owasp.org/index.php/HttpOnly
2) https://www.owasp.org/index.php/SecureFlag

SecureFlag only needs to be set when people configure for Ambari HTTPS.


Requires changing to servlet 3.0 and Jetty 8.


Diffs
-----

  ambari-project/pom.xml 378a998 
  ambari-server/pom.xml 8efd1ec 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariHandlerList.java
 4207007 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java
 77f6d2c 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariSessionManager.java
 721d95b 
  
ambari-server/src/main/java/org/apache/ambari/server/controller/ControllerModule.java
 432e41a 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariHandlerListTest.java
 afad6ce 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariServerTest.java
 484f398 
  
ambari-server/src/test/java/org/apache/ambari/server/controller/AmbariSessionManagerTest.java
 058baa1 

Diff: https://reviews.apache.org/r/34212/diff/


Testing
-------

Manual tested.

Added new unit tests.

mvn clean test


Thanks,

Tom Beerbower

Reply via email to