HADOOP-13008. Add XFS Filter for UIs to Hadoop Common. Contributed by Larry McCay.

This commit is contained in:
Chris Nauroth 2016-05-11 10:58:32 -07:00
parent 39f2bac38b
commit dee279b532
6 changed files with 384 additions and 29 deletions

View File

@ -2536,6 +2536,27 @@ public Iterator<Map.Entry<String, String>> iterator() {
return result.entrySet().iterator();
}
/**
* Constructs a mapping of configuration and includes all properties that
* start with the specified configuration prefix. Property names in the
* mapping are trimmed to remove the configuration prefix.
*
* @param confPrefix configuration prefix
* @return mapping of configuration properties with prefix stripped
*/
public Map<String, String> getPropsWithPrefix(String confPrefix) {
Map<String, String> configMap = new HashMap<>();
for (Map.Entry<String, String> entry : this) {
String name = entry.getKey();
if (name.startsWith(confPrefix)) {
String value = this.get(name);
name = name.substring(confPrefix.length());
configMap.put(name, value);
}
}
return configMap;
}
private Document parse(DocumentBuilder builder, URL url)
throws IOException, SAXException {
if (!quietmode) {

View File

@ -18,7 +18,6 @@
package org.apache.hadoop.security.http;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.regex.Matcher;
@ -228,16 +227,7 @@ public void destroy() {
*/
public static Map<String, String> getFilterParams(Configuration conf,
String confPrefix) {
Map<String, String> filterConfigMap = new HashMap<>();
for (Map.Entry<String, String> entry : conf) {
String name = entry.getKey();
if (name.startsWith(confPrefix)) {
String value = conf.get(name);
name = name.substring(confPrefix.length());
filterConfigMap.put(name, value);
}
}
return filterConfigMap;
return conf.getPropsWithPrefix(confPrefix);
}
/**

View File

@ -0,0 +1,167 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.security.http;
import java.io.IOException;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletResponseWrapper;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
/**
* This filter protects webapps from clickjacking attacks that
* are possible through use of Frames to embed the resources in another
* application and intercept clicks to accomplish nefarious things.
*/
@InterfaceAudience.Public
@InterfaceStability.Evolving
public class XFrameOptionsFilter implements Filter {
public static final String X_FRAME_OPTIONS = "X-Frame-Options";
public static final String CUSTOM_HEADER_PARAM = "xframe-options";
private String option = "DENY";
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
((HttpServletResponse) res).setHeader(X_FRAME_OPTIONS, option);
chain.doFilter(req,
new XFrameOptionsResponseWrapper((HttpServletResponse) res));
}
@Override
public void init(FilterConfig config) throws ServletException {
String customOption = config.getInitParameter(CUSTOM_HEADER_PARAM);
if (customOption != null) {
option = customOption;
}
}
/**
* Constructs a mapping of configuration properties to be used for filter
* initialization. The mapping includes all properties that start with the
* specified configuration prefix. Property names in the mapping are trimmed
* to remove the configuration prefix.
*
* @param conf configuration to read
* @param confPrefix configuration prefix
* @return mapping of configuration properties to be used for filter
* initialization
*/
public static Map<String, String> getFilterParams(Configuration conf,
String confPrefix) {
return conf.getPropsWithPrefix(confPrefix);
}
/**
* This wrapper allows the rest of the filter pipeline to
* see the configured value when interrogating the response.
* It also blocks other filters from setting the value to
* anything other than what is configured.
*
*/
public class XFrameOptionsResponseWrapper
extends HttpServletResponseWrapper {
/**
* Ctor to take wrap the provided response.
* @param response the response to wrap
*/
public XFrameOptionsResponseWrapper(HttpServletResponse response) {
super(response);
}
@Override
public void addHeader(String name, String value) {
// don't allow additional values to be added along
// with the configured options value
if (!name.equals(X_FRAME_OPTIONS)) {
super.addHeader(name, value);
}
}
@Override
public void setHeader(String name, String value) {
// don't allow overwriting of configured value
if (!name.equals(X_FRAME_OPTIONS)) {
super.setHeader(name, value);
}
}
@Override
public void setDateHeader(String name, long date) {
// don't allow overwriting of configured value
if (!name.equals(X_FRAME_OPTIONS)) {
super.setDateHeader(name, date);
}
}
@Override
public void addDateHeader(String name, long date) {
// don't allow additional values to be added along
// with the configured options value
if (!name.equals(X_FRAME_OPTIONS)) {
super.addDateHeader(name, date);
}
}
@Override
public void setIntHeader(String name, int value) {
// don't allow overwriting of configured value
if (!name.equals(X_FRAME_OPTIONS)) {
super.setIntHeader(name, value);
}
}
@Override
// don't allow additional values to be added along
// with the configured options value
public void addIntHeader(String name, int value) {
if (!name.equals(X_FRAME_OPTIONS)) {
super.addIntHeader(name, value);
}
}
@Override
public boolean containsHeader(String name) {
boolean contains = false;
// allow the filterchain and subsequent
// filters to see that the header is set
if (name.equals(X_FRAME_OPTIONS)) {
return (option != null);
} else {
super.containsHeader(name);
}
return contains;
}
}
}

View File

@ -0,0 +1,22 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
@InterfaceAudience.Public
@InterfaceStability.Evolving
package org.apache.hadoop.security.http;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;

View File

@ -32,6 +32,10 @@
import org.junit.Test;
import org.mockito.Mockito;
/**
* This class tests the behavior of the RestCsrfPreventionFilter.
*
*/
public class TestRestCsrfPreventionFilter {
private static final String NON_BROWSER = "java";
@ -43,7 +47,7 @@ public class TestRestCsrfPreventionFilter {
private static final String X_CUSTOM_HEADER = "X-CUSTOM_HEADER";
@Test
public void testNoHeaderDefaultConfig_badRequest()
public void testNoHeaderDefaultConfigBadRequest()
throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
@ -56,7 +60,7 @@ public void testNoHeaderDefaultConfig_badRequest()
// CSRF has not been sent
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).
thenReturn(null);
thenReturn(null);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).
thenReturn(BROWSER_AGENT);
@ -75,7 +79,7 @@ public void testNoHeaderDefaultConfig_badRequest()
}
@Test
public void testNoHeaderCustomAgentConfig_badRequest()
public void testNoHeaderCustomAgentConfigBadRequest()
throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
@ -91,7 +95,7 @@ public void testNoHeaderCustomAgentConfig_badRequest()
// CSRF has not been sent
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).
thenReturn(null);
thenReturn(null);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).
thenReturn("curl");
@ -110,7 +114,7 @@ public void testNoHeaderCustomAgentConfig_badRequest()
}
@Test
public void testNoHeaderDefaultConfigNonBrowser_goodRequest()
public void testNoHeaderDefaultConfigNonBrowserGoodRequest()
throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
@ -123,7 +127,7 @@ public void testNoHeaderDefaultConfigNonBrowser_goodRequest()
// CSRF has not been sent
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).
thenReturn(null);
thenReturn(null);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).
thenReturn(NON_BROWSER);
@ -140,7 +144,7 @@ public void testNoHeaderDefaultConfigNonBrowser_goodRequest()
}
@Test
public void testHeaderPresentDefaultConfig_goodRequest()
public void testHeaderPresentDefaultConfigGoodRequest()
throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
@ -168,7 +172,7 @@ public void testHeaderPresentDefaultConfig_goodRequest()
}
@Test
public void testHeaderPresentCustomHeaderConfig_goodRequest()
public void testHeaderPresentCustomHeaderConfigGoodRequest()
throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
@ -197,7 +201,7 @@ public void testHeaderPresentCustomHeaderConfig_goodRequest()
}
@Test
public void testMissingHeaderWithCustomHeaderConfig_badRequest()
public void testMissingHeaderWithCustomHeaderConfigBadRequest()
throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
@ -209,7 +213,7 @@ public void testMissingHeaderWithCustomHeaderConfig_badRequest()
thenReturn(null);
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).
thenReturn(BROWSER_AGENT);
thenReturn(BROWSER_AGENT);
// CSRF has not been sent
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).
@ -228,7 +232,7 @@ public void testMissingHeaderWithCustomHeaderConfig_badRequest()
}
@Test
public void testMissingHeaderNoMethodsToIgnoreConfig_badRequest()
public void testMissingHeaderNoMethodsToIgnoreConfigBadRequest()
throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
@ -239,7 +243,7 @@ public void testMissingHeaderNoMethodsToIgnoreConfig_badRequest()
thenReturn("");
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).
thenReturn(BROWSER_AGENT);
thenReturn(BROWSER_AGENT);
// CSRF has not been sent
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).
@ -260,7 +264,7 @@ public void testMissingHeaderNoMethodsToIgnoreConfig_badRequest()
}
@Test
public void testMissingHeaderIgnoreGETMethodConfig_goodRequest()
public void testMissingHeaderIgnoreGETMethodConfigGoodRequest()
throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
@ -271,7 +275,7 @@ public void testMissingHeaderIgnoreGETMethodConfig_goodRequest()
thenReturn("GET");
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).
thenReturn(BROWSER_AGENT);
thenReturn(BROWSER_AGENT);
// CSRF has not been sent
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).
@ -292,7 +296,7 @@ public void testMissingHeaderIgnoreGETMethodConfig_goodRequest()
}
@Test
public void testMissingHeaderMultipleIgnoreMethodsConfig_goodRequest()
public void testMissingHeaderMultipleIgnoreMethodsConfigGoodRequest()
throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
@ -303,7 +307,7 @@ public void testMissingHeaderMultipleIgnoreMethodsConfig_goodRequest()
thenReturn("GET,OPTIONS");
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).
thenReturn(BROWSER_AGENT);
thenReturn(BROWSER_AGENT);
// CSRF has not been sent
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).
@ -324,7 +328,7 @@ public void testMissingHeaderMultipleIgnoreMethodsConfig_goodRequest()
}
@Test
public void testMissingHeaderMultipleIgnoreMethodsConfig_badRequest()
public void testMissingHeaderMultipleIgnoreMethodsConfigBadRequest()
throws ServletException, IOException {
// Setup the configuration settings of the server
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
@ -335,7 +339,7 @@ public void testMissingHeaderMultipleIgnoreMethodsConfig_badRequest()
thenReturn("GET,OPTIONS");
HttpServletRequest mockReq = Mockito.mock(HttpServletRequest.class);
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_USER_AGENT)).
thenReturn(BROWSER_AGENT);
thenReturn(BROWSER_AGENT);
// CSRF has not been sent
Mockito.when(mockReq.getHeader(RestCsrfPreventionFilter.HEADER_DEFAULT)).

View File

@ -0,0 +1,151 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.hadoop.security.http;
import java.util.Collection;
import java.util.ArrayList;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;
/**
* Test the default and customized behaviors of XFrameOptionsFilter.
*
*/
public class TestXFrameOptionsFilter {
private static final String X_FRAME_OPTIONS = "X-Frame-Options";
@Test
public void testDefaultOptionsValue() throws Exception {
final Collection<String> headers = new ArrayList<String>();
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(
XFrameOptionsFilter.CUSTOM_HEADER_PARAM)).thenReturn(null);
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
HttpServletResponse response = Mockito.mock(HttpServletResponse.class);
FilterChain chain = Mockito.mock(FilterChain.class);
Mockito.doAnswer(
new Answer() {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
Assert.assertTrue(
"header should be visible inside chain and filters.",
((HttpServletResponse)args[1]).
containsHeader(X_FRAME_OPTIONS));
return null;
}
}
).when(chain).doFilter(Mockito.<ServletRequest>anyObject(),
Mockito.<ServletResponse>anyObject());
Mockito.doAnswer(
new Answer() {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
Assert.assertTrue(
"Options value incorrect should be DENY but is: "
+ args[1], "DENY".equals(args[1]));
headers.add((String)args[1]);
return null;
}
}
).when(response).setHeader(Mockito.<String>anyObject(),
Mockito.<String>anyObject());
XFrameOptionsFilter filter = new XFrameOptionsFilter();
filter.init(filterConfig);
filter.doFilter(request, response, chain);
Assert.assertEquals("X-Frame-Options count not equal to 1.",
headers.size(), 1);
}
@Test
public void testCustomOptionsValueAndNoOverrides() throws Exception {
final Collection<String> headers = new ArrayList<String>();
FilterConfig filterConfig = Mockito.mock(FilterConfig.class);
Mockito.when(filterConfig.getInitParameter(
XFrameOptionsFilter.CUSTOM_HEADER_PARAM)).thenReturn("SAMEORIGIN");
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
final HttpServletResponse response =
Mockito.mock(HttpServletResponse.class);
FilterChain chain = Mockito.mock(FilterChain.class);
Mockito.doAnswer(
new Answer() {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
HttpServletResponse resp = (HttpServletResponse) args[1];
Assert.assertTrue(
"Header should be visible inside chain and filters.",
resp.containsHeader(X_FRAME_OPTIONS));
// let's try and set another value for the header and make
// sure that it doesn't overwrite the configured value
Assert.assertTrue(resp instanceof
XFrameOptionsFilter.XFrameOptionsResponseWrapper);
resp.setHeader(X_FRAME_OPTIONS, "LJM");
return null;
}
}
).when(chain).doFilter(Mockito.<ServletRequest>anyObject(),
Mockito.<ServletResponse>anyObject());
Mockito.doAnswer(
new Answer() {
@Override
public Object answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
Assert.assertEquals(
"Options value incorrect should be SAMEORIGIN but is: "
+ args[1], "SAMEORIGIN", args[1]);
headers.add((String)args[1]);
return null;
}
}
).when(response).setHeader(Mockito.<String>anyObject(),
Mockito.<String>anyObject());
XFrameOptionsFilter filter = new XFrameOptionsFilter();
filter.init(filterConfig);
filter.doFilter(request, response, chain);
Assert.assertEquals("X-Frame-Options count not equal to 1.",
headers.size(), 1);
Assert.assertEquals("X-Frame-Options count not equal to 1.",
headers.toArray()[0], "SAMEORIGIN");
}
}