[GitHub] [hbase] joshelser commented on a change in pull request #936: HBASE-17115 Define UI admins via an ACL

Fri, 24 Jan 2020 15:28:14 -0800 

joshelser commented on a change in pull request #936: HBASE-17115 Define UI 
admins via an ACL
URL: https://github.com/apache/hbase/pull/936#discussion_r370885196
 
 

 ##########
 File path: 
hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
 ##########
 @@ -712,23 +723,24 @@ private void setContextAttributes(ServletContextHandler 
context, Configuration c
    * Add default servlets.
    */
   protected void addDefaultServlets(ContextHandlerCollection contexts) throws 
IOException {
+
     // set up default servlets
-    addServlet("stacks", "/stacks", StackServlet.class);
-    addServlet("logLevel", "/logLevel", LogLevel.Servlet.class);
+    addPrivilegedServlet("stacks", "/stacks", StackServlet.class);
+    addPrivilegedServlet("logLevel", "/logLevel", LogLevel.Servlet.class);
     // Hadoop3 has moved completely to metrics2, and  dropped support for 
Metrics v1's
     // MetricsServlet (see HADOOP-12504).  We'll using reflection to load if 
against hadoop2.
     // Remove when we drop support for hbase on hadoop2.x.
     try {
-      Class clz = Class.forName("org.apache.hadoop.metrics.MetricsServlet");
-      addServlet("metrics", "/metrics", clz);
+      Class<?> clz = Class.forName("org.apache.hadoop.metrics.MetricsServlet");
+      addPrivilegedServlet("metrics", "/metrics", 
clz.asSubclass(HttpServlet.class));
     } catch (Exception e) {
       // do nothing
     }
-    addServlet("jmx", "/jmx", JMXJsonServlet.class);
-    addServlet("conf", "/conf", ConfServlet.class);
+    addPrivilegedServlet("jmx", "/jmx", JMXJsonServlet.class);
+    addUnprivilegedServlet("conf", "/conf", ConfServlet.class);
 
 Review comment:
   > host/ports/usernames applies to conf
   
   There's a difference between well-known daemons (what should be in conf/) 
and HBase clients. We shouldn't be advertising to the world who is talking to 
HBase.
   
   > in a "properly" secured system they'd all be behind Hadoop Credential 
Providers right?
   
   I agree with Busbey here -- I don't think there's a case where we should 
expect to have unprotected secrets in the configuration. However, I will 
concede that folks may do this anyways. I'll add a default-false option to 
protect the conf endpoint, just in case.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to