From c9a8c787555a03ae741232e88d6184c9e786888c Mon Sep 17 00:00:00 2001
From: ydodeja365 <yashdodeja@yahoo.com>
Date: Thu, 27 Apr 2023 10:46:54 +0530
Subject: [PATCH 1/3] HBASE-27811 Enable cache control for logs endpoint and
 set max age as 0

---
 .../apache/hadoop/hbase/http/HttpServer.java    | 17 +++++++++++++----
 .../apache/hadoop/hbase/http/NoCacheFilter.java | 15 ++++++++++++++-
 src/main/asciidoc/_chapters/security.adoc       | 13 +++++++++++++
 3 files changed, 40 insertions(+), 5 deletions(-)

diff --git a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
index ce1b387bc152..f34ac7c2f413 100644
--- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
+++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
@@ -56,6 +56,7 @@
 import org.apache.hadoop.hbase.http.log.LogLevel;
 import org.apache.hadoop.hbase.util.ReflectionUtils;
 import org.apache.hadoop.hbase.util.Threads;
+import org.apache.hadoop.security.AuthenticationFilterInitializer;
 import org.apache.hadoop.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.authentication.server.AuthenticationFilter;
@@ -669,7 +670,7 @@ private static WebAppContext createWebAppContext(String name, Configuration conf
     ctx.getServletContext().setAttribute(org.apache.hadoop.http.HttpServer2.CONF_CONTEXT_ATTRIBUTE,
       conf);
     ctx.getServletContext().setAttribute(ADMINS_ACL, adminsAcl);
-    addNoCacheFilter(ctx);
+    addNoCacheFilter(ctx, conf);
     return ctx;
   }
 
@@ -691,9 +692,16 @@ public static GzipHandler buildGzipHandler(final Handler wrapped) {
     return gzipHandler;
   }
 
-  private static void addNoCacheFilter(WebAppContext ctxt) {
-    defineFilter(ctxt, NO_CACHE_FILTER, NoCacheFilter.class.getName(),
-      Collections.<String, String> emptyMap(), new String[] { "/*" });
+  private static void addNoCacheFilter(ServletContextHandler ctxt, Configuration conf) {
+    if (conf != null) {
+      Map<String, String> filterConfig =
+        AuthenticationFilterInitializer.getFilterConfigMap(conf, "hbase.http.filter.");
+      defineFilter(ctxt, NO_CACHE_FILTER, NoCacheFilter.class.getName(), filterConfig,
+        new String[] { "/*" });
+    } else {
+      defineFilter(ctxt, NO_CACHE_FILTER, NoCacheFilter.class.getName(),
+        Collections.<String, String> emptyMap(), new String[] { "/*" });
+    }
   }
 
   /** Get an array of FilterConfiguration specified in the conf */
@@ -739,6 +747,7 @@ protected void addDefaultApps(ContextHandlerCollection parent, final String appD
       }
       logContext.setDisplayName("logs");
       setContextAttributes(logContext, conf);
+      addNoCacheFilter(logContext, conf);
       defaultContexts.put(logContext, true);
     }
     // set up the context for "/static/*"
diff --git a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/NoCacheFilter.java b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/NoCacheFilter.java
index 0c6aaa05079b..54b458d8b9fb 100644
--- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/NoCacheFilter.java
+++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/NoCacheFilter.java
@@ -31,15 +31,28 @@
 
 @InterfaceAudience.LimitedPrivate(HBaseInterfaceAudience.CONFIG)
 public class NoCacheFilter implements Filter {
+
+  /**
+   * Constant for the configuration property that indicates no-store cache control is enabled.
+   */
+  public static final String NO_STORE = "no-store.enable";
+
+  private boolean noStoreEnabled = false;
+
   @Override
   public void init(FilterConfig filterConfig) throws ServletException {
+    this.noStoreEnabled = Boolean.valueOf(filterConfig.getInitParameter(NO_STORE));
   }
 
   @Override
   public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
     throws IOException, ServletException {
     HttpServletResponse httpRes = (HttpServletResponse) res;
-    httpRes.setHeader("Cache-Control", "no-cache");
+    StringBuilder header = new StringBuilder("no-cache");
+    if (noStoreEnabled) {
+      header.append(", no-store, max-age=0");
+    }
+    httpRes.setHeader("Cache-Control", header.toString());
     long now = EnvironmentEdgeManager.currentTime();
     httpRes.addDateHeader("Expires", now);
     httpRes.addDateHeader("Date", now);
diff --git a/src/main/asciidoc/_chapters/security.adoc b/src/main/asciidoc/_chapters/security.adoc
index 2d43abc08c2b..51c637b54ebf 100644
--- a/src/main/asciidoc/_chapters/security.adoc
+++ b/src/main/asciidoc/_chapters/security.adoc
@@ -71,6 +71,19 @@ See Nick Dimiduk's contribution on this link:http://stackoverflow.com/questions/
 If you know how to fix this without opening a second port for HTTPS, patches are appreciated.
 ====
 
+[[hbase.ui.cache]]
+=== Disable cache in HBase UI
+
+Set the following configuration in hbase-site to set max age to zero and disable cache for the web UI:
+
+[source,xml]
+----
+<property>
+  <name>hbase.http.filter.no-store.enable</name>
+  <value>true</value>
+</property>
+---
+
 [[hbase.secure.spnego.ui]]
 === Using SPNEGO for Kerberos authentication with Web UIs
 

From 9d32291d2431eacfb66635643d3706a1bb3053ec Mon Sep 17 00:00:00 2001
From: ydodeja365 <yashdodeja@yahoo.com>
Date: Thu, 4 May 2023 10:26:17 +0530
Subject: [PATCH 2/3] addressed review comments

---
 .../src/main/java/org/apache/hadoop/hbase/http/HttpServer.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
index f34ac7c2f413..5047a5df6937 100644
--- a/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
+++ b/hbase-http/src/main/java/org/apache/hadoop/hbase/http/HttpServer.java
@@ -143,6 +143,7 @@ public class HttpServer implements FilterContainer {
     HTTP_SPNEGO_AUTHENTICATION_PREFIX + "admin.groups";
   public static final String HTTP_PRIVILEGED_CONF_KEY =
     "hbase.security.authentication.ui.config.protected";
+  public static final String HTTP_UI_NO_CACHE_ENABLE_KEY = "hbase.http.filter.no-store.enable";
   public static final boolean HTTP_PRIVILEGED_CONF_DEFAULT = false;
 
   // The ServletContext attribute where the daemon Configuration
@@ -693,7 +694,7 @@ public static GzipHandler buildGzipHandler(final Handler wrapped) {
   }
 
   private static void addNoCacheFilter(ServletContextHandler ctxt, Configuration conf) {
-    if (conf != null) {
+    if (conf.getBoolean(HTTP_UI_NO_CACHE_ENABLE_KEY, false)) {
       Map<String, String> filterConfig =
         AuthenticationFilterInitializer.getFilterConfigMap(conf, "hbase.http.filter.");
       defineFilter(ctxt, NO_CACHE_FILTER, NoCacheFilter.class.getName(), filterConfig,

From a4880520263af9678f6c9639853e9d882396cdde Mon Sep 17 00:00:00 2001
From: ydodeja365 <yashdodeja@yahoo.com>
Date: Wed, 17 May 2023 23:12:22 +0530
Subject: [PATCH 3/3] Fix documentation syntax issue

---
 src/main/asciidoc/_chapters/security.adoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/asciidoc/_chapters/security.adoc b/src/main/asciidoc/_chapters/security.adoc
index 51c637b54ebf..e31e70a36388 100644
--- a/src/main/asciidoc/_chapters/security.adoc
+++ b/src/main/asciidoc/_chapters/security.adoc
@@ -82,7 +82,7 @@ Set the following configuration in hbase-site to set max age to zero and disable
   <name>hbase.http.filter.no-store.enable</name>
   <value>true</value>
 </property>
----
+----
 
 [[hbase.secure.spnego.ui]]
 === Using SPNEGO for Kerberos authentication with Web UIs