[jira] Subscription: Oozie Patch Available

2019-03-08 Thread jira 
Issue Subscription
Filter: Oozie Patch Available (89 issues)

Subscriber: ooziedaily

Key Summary
OOZIE-3447  Run test case in local : It shows oozie-hsqldb-orm.xml exception
https://issues.apache.org/jira/browse/OOZIE-3447
OOZIE-3446  Migrate from commons-lang 2.x to commons-lang 3.x
https://issues.apache.org/jira/browse/OOZIE-3446
OOZIE-3418  Upgrade to Guava 27
https://issues.apache.org/jira/browse/OOZIE-3418
OOZIE-3404  The env variable of SPARK_HOME needs to be set when running pySpark
https://issues.apache.org/jira/browse/OOZIE-3404
OOZIE-3375  Can't use empty  in coordinator
https://issues.apache.org/jira/browse/OOZIE-3375
OOZIE-3367  Using && in EL expressions in oozie bundle.xml files generates 
parse errors
https://issues.apache.org/jira/browse/OOZIE-3367
OOZIE-3366  Update workflow status and subworkflow status on suspend command
https://issues.apache.org/jira/browse/OOZIE-3366
OOZIE-3364  Rerunning Oozie bundle jobs starts the coordinators in 
indeterminate order
https://issues.apache.org/jira/browse/OOZIE-3364
OOZIE-3362  When killed, SSH action should kill the spawned processes on target 
host
https://issues.apache.org/jira/browse/OOZIE-3362
OOZIE-3335  Cleanup parseFilter methods
https://issues.apache.org/jira/browse/OOZIE-3335
OOZIE-3320  Oozie ShellAction should support absolute bash file path
https://issues.apache.org/jira/browse/OOZIE-3320
OOZIE-3319  Log SSH action callback error output
https://issues.apache.org/jira/browse/OOZIE-3319
OOZIE-3312  Add support for HSTS 
https://issues.apache.org/jira/browse/OOZIE-3312
OOZIE-3301  Update NOTICE file
https://issues.apache.org/jira/browse/OOZIE-3301
OOZIE-3274  Remove slf4j
https://issues.apache.org/jira/browse/OOZIE-3274
OOZIE-3266  Coord action rerun support RERUN_SKIP_NODES option
https://issues.apache.org/jira/browse/OOZIE-3266
OOZIE-3265  properties RERUN_FAIL_NODES and RERUN_SKIP_NODES should be able to 
appear together
https://issues.apache.org/jira/browse/OOZIE-3265
OOZIE-3256  refactor OozieCLI class
https://issues.apache.org/jira/browse/OOZIE-3256
OOZIE-3249  [tools] Instrumentation log parser
https://issues.apache.org/jira/browse/OOZIE-3249
OOZIE-3199  Let system property restriction configurable
https://issues.apache.org/jira/browse/OOZIE-3199
OOZIE-3196  Authorization: restrict world readability by user
https://issues.apache.org/jira/browse/OOZIE-3196
OOZIE-3179  Adding a configurable config-default.xml location to a workflow
https://issues.apache.org/jira/browse/OOZIE-3179
OOZIE-3170  Oozie Diagnostic Bundle tool fails with NPE due to missing service 
class
https://issues.apache.org/jira/browse/OOZIE-3170
OOZIE-3137  Add support for log4j2 in HiveMain
https://issues.apache.org/jira/browse/OOZIE-3137
OOZIE-3135  Configure log4j2 in SqoopMain
https://issues.apache.org/jira/browse/OOZIE-3135
OOZIE-3091  Oozie Sqoop Avro Import fails with "java.lang.NoClassDefFoundError: 
org/apache/avro/mapred/AvroWrapper"
https://issues.apache.org/jira/browse/OOZIE-3091
OOZIE-3071  Oozie 4.3 Spark sharelib ueses a different version of commons-lang3 
than Spark 2.2.0
https://issues.apache.org/jira/browse/OOZIE-3071
OOZIE-3063  Sanitizing variables that are part of openjpa.ConnectionProperties
https://issues.apache.org/jira/browse/OOZIE-3063
OOZIE-3062  Set HADOOP_CONF_DIR for spark action
https://issues.apache.org/jira/browse/OOZIE-3062
OOZIE-2952  Fix Findbugs warnings in oozie-sharelib-oozie
https://issues.apache.org/jira/browse/OOZIE-2952
OOZIE-2927  Append new line character for Hive2 query using query tag
https://issues.apache.org/jira/browse/OOZIE-2927
OOZIE-2834  ParameterVerifier logging non-useful warning for workflow definition
https://issues.apache.org/jira/browse/OOZIE-2834
OOZIE-2833  when using uber mode the regex pattern used in the 
extractHeapSizeMB method does not allow heap sizes specified in bytes.
https://issues.apache.org/jira/browse/OOZIE-2833
OOZIE-2812  SparkConfigurationService should support loading configurations 
from multiple Spark versions
https://issues.apache.org/jira/browse/OOZIE-2812
OOZIE-2795  Create lib directory or symlink for Oozie CLI during packaging
https://issues.apache.org/jira/browse/OOZIE-2795
OOZIE-2784  Include WEEK as a parameter in the Coordinator Expression Language 
Evaulator
https://issues.apache.org/jira/browse/OOZIE-2784
OOZIE-2779  Mask Hive2 action Beeline JDBC password
https://issues.apache.org/jira/browse/OOZIE-2779
OOZIE-2736  Reduce the number of threads during test execution
https://issues.apache.org/jira/browse/OOZIE-2736

[jira] [Commented] (OOZIE-3312) Add support for HSTS

2019-03-08 Thread Andras Salamon (JIRA) 


[ 
https://issues.apache.org/jira/browse/OOZIE-3312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16787995#comment-16787995
 ] 

Andras Salamon commented on OOZIE-3312:
---

[~kmarton] Could you please fix the long line reported by the PreCommit?

> Add support for HSTS 
> -
>
> Key: OOZIE-3312
> URL: https://issues.apache.org/jira/browse/OOZIE-3312
> Project: Oozie
>  Issue Type: Bug
>  Components: security
>Reporter: Peter Cseh
>Assignee: Julia Kinga Marton
>Priority: Major
> Attachments: OOZIE-3312-001.patch, OOZIE-3312-002.patch, 
> OOZIE-3312-003.patch
>
>
> As a security best practice we should add support for HSTS via oozie-site.xml 
> in case of embedded Jetty.
>  [https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet]
>  [http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html] - 
> this page is not available anymore
> [https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html]
>  
> Maybe we should even make it enabled by default when SSL is configured.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3207) Update ASF root pom version

2019-03-08 Thread Julia Kinga Marton (JIRA) 


[ 
https://issues.apache.org/jira/browse/OOZIE-3207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16787987#comment-16787987
 ] 

Julia Kinga Marton commented on OOZIE-3207:
---

LGTM +1

 

> Update ASF root pom version
> ---
>
> Key: OOZIE-3207
> URL: https://issues.apache.org/jira/browse/OOZIE-3207
> Project: Oozie
>  Issue Type: Bug
>  Components: build
>Affects Versions: 5.0.0
>Reporter: Robert Kanter
>Assignee: Andras Salamon
>Priority: Blocker
> Fix For: 5.2.0
>
> Attachments: OOZIE-3207-01.patch
>
>
> The Oozie root pom uses the ASF root pom as it's parent (as required by ASF 
> rules).  We're currently using version 17, which is from 2015.  The current 
> version is 19, from earlier this year (2018).  We should update this.  
> You can see more details about the ASF root pom, including diffs between each 
> version here:
> https://maven.apache.org/pom/asf/index.html
> This may require some testing or at least looking into because the ASF root 
> pom defines the versions of some things, especially maven plugins, and so 
> things may break or be incompatible.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3312) Add support for HSTS

2019-03-08 Thread Hadoop QA (JIRA) 


[ 
https://issues.apache.org/jira/browse/OOZIE-3312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16787988#comment-16787988
 ] 

Hadoop QA commented on OOZIE-3312:
--


Testing JIRA OOZIE-3312

Cleaning local git workspace



{color:green}+1 PATCH_APPLIES{color}
{color:green}+1 CLEAN{color}
{color:red}-1 RAW_PATCH_ANALYSIS{color}
.{color:green}+1{color} the patch does not introduce any @author tags
.{color:green}+1{color} the patch does not introduce any tabs
.{color:green}+1{color} the patch does not introduce any trailing spaces
.{color:green}+1{color} the patch does not introduce any star imports
.{color:red}-1{color} the patch contains 1 line(s) longer than 132 
characters
.{color:green}+1{color} the patch adds/modifies 1 testcase(s)
{color:green}+1 RAT{color}
.{color:green}+1{color} the patch does not seem to introduce new RAT 
warnings
{color:green}+1 JAVADOC{color}
.{color:green}+1{color} Javadoc generation succeeded with the patch
.{color:green}+1{color} the patch does not seem to introduce new Javadoc 
warning(s)
{color:green}+1 COMPILE{color}
.{color:green}+1{color} HEAD compiles
.{color:green}+1{color} patch compiles
.{color:green}+1{color} the patch does not seem to introduce new javac 
warnings
{color:green}+1{color} There are no new bugs found in total.
.{color:green}+1{color} There are no new bugs found in [sharelib/hive2].
.{color:green}+1{color} There are no new bugs found in [sharelib/spark].
.{color:green}+1{color} There are no new bugs found in [sharelib/oozie].
.{color:green}+1{color} There are no new bugs found in [sharelib/pig].
.{color:green}+1{color} There are no new bugs found in [sharelib/streaming].
.{color:green}+1{color} There are no new bugs found in [sharelib/hive].
.{color:green}+1{color} There are no new bugs found in [sharelib/distcp].
.{color:green}+1{color} There are no new bugs found in [sharelib/hcatalog].
.{color:green}+1{color} There are no new bugs found in [sharelib/sqoop].
.{color:green}+1{color} There are no new bugs found in [sharelib/git].
.{color:green}+1{color} There are no new bugs found in [client].
.{color:green}+1{color} There are no new bugs found in [docs].
.{color:green}+1{color} There are no new bugs found in [tools].
.{color:green}+1{color} There are no new bugs found in 
[fluent-job/fluent-job-api].
.{color:green}+1{color} There are no new bugs found in [server].
.{color:green}+1{color} There are no new bugs found in [webapp].
.{color:green}+1{color} There are no new bugs found in [examples].
.{color:green}+1{color} There are no new bugs found in [core].
{color:green}+1 BACKWARDS_COMPATIBILITY{color}
.{color:green}+1{color} the patch does not change any JPA 
Entity/Colum/Basic/Lob/Transient annotations
.{color:green}+1{color} the patch does not modify JPA files
{color:green}+1 TESTS{color}
.Tests run: 3148
.{color:orange}Tests failed at first run:{color}
TestPurgeXCommand#testPurgeableBundleUnpurgeableCoordinatorUnpurgebleWorkflowPurgeableSubWorkflow
TestPurgeXCommand#testPurgeableWorkflowPurgeableSubWorkflowPurgeableSubSubWorkflow
.For the complete list of flaky tests, see TEST-SUMMARY-FULL files.
{color:green}+1 DISTRO{color}
.{color:green}+1{color} distro tarball builds with the patch 


{color:red}*-1 Overall result, please check the reported -1(s)*{color}


The full output of the test-patch run is available at

. https://builds.apache.org/job/PreCommit-OOZIE-Build/1042/



> Add support for HSTS 
> -
>
> Key: OOZIE-3312
> URL: https://issues.apache.org/jira/browse/OOZIE-3312
> Project: Oozie
>  Issue Type: Bug
>  Components: security
>Reporter: Peter Cseh
>Assignee: Julia Kinga Marton
>Priority: Major
> Attachments: OOZIE-3312-001.patch, OOZIE-3312-002.patch, 
> OOZIE-3312-003.patch
>
>
> As a security best practice we should add support for HSTS via oozie-site.xml 
> in case of embedded Jetty.
>  [https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet]
>  [http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html] - 
> this page is not available anymore
> [https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html]
>  
> Maybe we should even make it enabled by default when SSL is configured.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Failed: OOZIE-3312 PreCommit Build #1042

2019-03-08 Thread Apache Jenkins Server 
Jira: https://issues.apache.org/jira/browse/OOZIE-3312
Build: https://builds.apache.org/job/PreCommit-OOZIE-Build/1042/

###
## LAST 100 LINES OF THE CONSOLE 
###
[...truncated 1.91 MB...]
[DEBUG] There are no new bugs found in [tools].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [fluent-job/fluent-job-api].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [server].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [webapp].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [examples].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [core].
[INFO] There are no new bugs found totally].
[TRACE] SpotBugs diffs checked and reports created
[TRACE] Summary file size is 2533 bytes
[TRACE] Full summary file size is 1525 bytes
[TRACE] File 
[/home/jenkins/jenkins-slave/workspace/PreCommit-OOZIE-Build/test-patch/tmp/SPOTBUGS_DIFF/diff/findbugs-diff-0.1.0-all.jar]
 removed
[TRACE] File 
[/home/jenkins/jenkins-slave/workspace/PreCommit-OOZIE-Build/test-patch/tmp/SPOTBUGS_DIFF/diff/findbugs-diff-0.1.0-all.jar.md5]
 removed
  Running test-patch task BACKWARDS_COMPATIBILITY
  Running test-patch task TESTS
  Running test-patch task DISTRO


Testing JIRA OOZIE-3312

Cleaning local git workspace



+1 PATCH_APPLIES
+1 CLEAN
-1 RAW_PATCH_ANALYSIS
+1 the patch does not introduce any @author tags
+1 the patch does not introduce any tabs
+1 the patch does not introduce any trailing spaces
+1 the patch does not introduce any star imports
-1 the patch contains 1 line(s) longer than 132 characters
+1 the patch adds/modifies 1 testcase(s)
+1 RAT
+1 the patch does not seem to introduce new RAT warnings
+1 JAVADOC
+1 Javadoc generation succeeded with the patch
+1 the patch does not seem to introduce new Javadoc warning(s)
+1 COMPILE
+1 HEAD compiles
+1 patch compiles
+1 the patch does not seem to introduce new javac warnings
+1 There are no new bugs found in total.
+1 There are no new bugs found in [sharelib/hive2].
+1 There are no new bugs found in [sharelib/spark].
+1 There are no new bugs found in [sharelib/oozie].
+1 There are no new bugs found in [sharelib/pig].
+1 There are no new bugs found in [sharelib/streaming].
+1 There are no new bugs found in [sharelib/hive].
+1 There are no new bugs found in [sharelib/distcp].
+1 There are no new bugs found in [sharelib/hcatalog].
+1 There are no new bugs found in [sharelib/sqoop].
+1 There are no new bugs found in [sharelib/git].
+1 There are no new bugs found in [client].
+1 There are no new bugs found in [docs].
+1 There are no new bugs found in [tools].
+1 There are no new bugs found in [fluent-job/fluent-job-api].
+1 There are no new bugs found in [server].
+1 There are no new bugs found in [webapp].
+1 There are no new bugs found in [examples].
+1 There are no new bugs found in [core].
+1 BACKWARDS_COMPATIBILITY
+1 the patch does not change any JPA Entity/Colum/Basic/Lob/Transient 
annotations
+1 the patch does not modify JPA files
+1 TESTS
Tests run: 3148
Tests failed at first run:
TestPurgeXCommand#testPurgeableBundleUnpurgeableCoordinatorUnpurgebleWorkflowPurgeableSubWorkflow
TestPurgeXCommand#testPurgeableWorkflowPurgeableSubWorkflowPurgeableSubSubWorkflow
For the complete list of flaky tests, see TEST-SUMMARY-FULL files.
+1 DISTRO
+1 distro tarball builds with the patch 


-1 Overall result, please check the reported -1(s)


The full output of the test-patch run is available at

 https://builds.apache.org/job/PreCommit-OOZIE-Build/1042/

Adding comment to JIRA
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
  0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 0  
0 00 00 0  0  0 --:--:-- --:--:-- --:--:--

[jira] [Updated] (OOZIE-3124) address findbugs warnings

2019-03-08 Thread Andras Salamon (JIRA) 


 [ 
https://issues.apache.org/jira/browse/OOZIE-3124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andras Salamon updated OOZIE-3124:
--
Fix Version/s: (was: 5.2.0)

> address findbugs warnings
> -
>
> Key: OOZIE-3124
> URL: https://issues.apache.org/jira/browse/OOZIE-3124
> Project: Oozie
>  Issue Type: Bug
>Reporter: Artem Ervits
>Priority: Major
>
> {noformat}
> -1 There are [125] new bugs found below threshold in total that must be fixed.
> . -1 There are [67] new bugs found below threshold in [core] that must be 
> fixed, listing only the first [5] ones.
> . You can find the FindBugs diff here (look for the red and orange ones): 
> core/findbugs-new.html
> . The top [5] most important FindBugs errors are:
> . At EmailActionExecutor.java:[line 267]: 
> java/io/File.(Ljava/lang/String;)V reads a file whose location might be 
> specified by user input
> . At EmailActionExecutor.java:[line 162]: At EmailActionExecutor.java:[line 
> 160]
> . At EmailActionExecutor.java:[line 176]: At EmailActionExecutor.java:[line 
> 171]
> . At SshActionExecutor.java:[line 134]: This usage of 
> java/lang/Runtime.exec([Ljava/lang/String;)Ljava/lang/Process; can be 
> vulnerable to Command Injection
> . At SshActionExecutor.java:[line 131]: At SshActionExecutor.java:[line 130]
> . -1 There are [1] new bugs found below threshold in [server] that must be 
> fixed.
> . You can find the FindBugs diff here (look for the red and orange ones): 
> server/findbugs-new.html
> . The most important FindBugs errors are:
> . At JspHandlerProvider.java:[line 43]: 
> java/io/File.(Ljava/lang/String;Ljava/lang/String;)V reads a file whose 
> location might be specified by user input
> . At JspHandlerProvider.java:[line 43]
> . -1 There are [8] new bugs found below threshold in [client] that must be 
> fixed, listing only the first [5] ones.
> . You can find the FindBugs diff here (look for the red and orange ones): 
> client/findbugs-new.html
> . The top [5] most important FindBugs errors are:
> . At OozieCLI.java:[line 841]: java/io/File.(Ljava/lang/String;)V reads 
> a file whose location might be specified by user input
> . java/io/FileInputStream.(Ljava/lang/String;)V reads a file whose 
> location might be specified by user input: At OozieCLI.java:[line 839]
> . At OozieCLI.java:[line 839]: At OozieCLI.java:[line 849]
> . At OozieCLI.java:[line 876]: java/io/File.(Ljava/lang/String;)V reads 
> a file whose location might be specified by user input
> . java/io/File.(Ljava/lang/String;)V reads a file whose location might 
> be specified by user input: At OozieCLI.java:[line 871]
> . +1 There are no new bugs found in [docs].
> . -1 There are [2] new bugs found below threshold in [examples] that must be 
> fixed.
> . You can find the FindBugs diff here (look for the red and orange ones): 
> examples/findbugs-new.html
> . The most important FindBugs errors are:
> . At LocalOozieExample.java:[line 47]: 
> java/io/File.(Ljava/lang/String;)V reads a file whose location might be 
> specified by user input
> . java/io/FileInputStream.(Ljava/lang/String;)V reads a file whose 
> location might be specified by user input: At LocalOozieExample.java:[line 35]
> . At LocalOozieExample.java:[line 35]: At LocalOozieExample.java:[line 72]
> . -1 There are [2] new bugs found below threshold in [sharelib/hive] that 
> must be fixed.
> . You can find the FindBugs diff here (look for the red and orange ones): 
> sharelib/hive/findbugs-new.html
> . The most important FindBugs errors are:
> . At HiveMain.java:[line 317]: 
> java/io/FileInputStream.(Ljava/lang/String;)V reads a file whose 
> location might be specified by user input
> . At HiveMain.java:[line 226]: At HiveMain.java:[line 207]
> . At HiveMain.java:[line 210]: java/io/File.(Ljava/lang/String;)V reads 
> a file whose location might be specified by user input
> . At HiveMain.java:[line 207]
> . -1 There are [3] new bugs found below threshold in [sharelib/pig] that must 
> be fixed.
> . You can find the FindBugs diff here (look for the red and orange ones): 
> sharelib/pig/findbugs-new.html
> . The most important FindBugs errors are:
> . At PigMain.java:[line 258]: java/io/File.(Ljava/lang/String;)V reads 
> a file whose location might be specified by user input
> . At PigMain.java:[line 141]: At PigMain.java:[line 131]
> . At PigMain.java:[line 245]: At PigMain.java:[line 199]
> . At PigMain.java:[line 137]: java/io/File.(Ljava/lang/String;)V reads 
> a file whose location might be specified by user input
> . java/io/File.(Ljava/lang/String;)V reads a file whose location might 
> be specified by user input: At PigMain.java:[line 131]
> . +1 There are no new bugs found in [sharelib/distcp].
> . +1 There are no new bugs found in [sharelib/streaming].
> . -1 There are [2] new bugs found below threshold in [sharelib/spark] that 
>

[jira] [Resolved] (OOZIE-3124) address findbugs warnings

2019-03-08 Thread Andras Salamon (JIRA) 


 [ 
https://issues.apache.org/jira/browse/OOZIE-3124?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andras Salamon resolved OOZIE-3124.
---
Resolution: Duplicate

> address findbugs warnings
> -
>
> Key: OOZIE-3124
> URL: https://issues.apache.org/jira/browse/OOZIE-3124
> Project: Oozie
>  Issue Type: Bug
>Reporter: Artem Ervits
>Priority: Major
> Fix For: 5.2.0
>
>
> {noformat}
> -1 There are [125] new bugs found below threshold in total that must be fixed.
> . -1 There are [67] new bugs found below threshold in [core] that must be 
> fixed, listing only the first [5] ones.
> . You can find the FindBugs diff here (look for the red and orange ones): 
> core/findbugs-new.html
> . The top [5] most important FindBugs errors are:
> . At EmailActionExecutor.java:[line 267]: 
> java/io/File.(Ljava/lang/String;)V reads a file whose location might be 
> specified by user input
> . At EmailActionExecutor.java:[line 162]: At EmailActionExecutor.java:[line 
> 160]
> . At EmailActionExecutor.java:[line 176]: At EmailActionExecutor.java:[line 
> 171]
> . At SshActionExecutor.java:[line 134]: This usage of 
> java/lang/Runtime.exec([Ljava/lang/String;)Ljava/lang/Process; can be 
> vulnerable to Command Injection
> . At SshActionExecutor.java:[line 131]: At SshActionExecutor.java:[line 130]
> . -1 There are [1] new bugs found below threshold in [server] that must be 
> fixed.
> . You can find the FindBugs diff here (look for the red and orange ones): 
> server/findbugs-new.html
> . The most important FindBugs errors are:
> . At JspHandlerProvider.java:[line 43]: 
> java/io/File.(Ljava/lang/String;Ljava/lang/String;)V reads a file whose 
> location might be specified by user input
> . At JspHandlerProvider.java:[line 43]
> . -1 There are [8] new bugs found below threshold in [client] that must be 
> fixed, listing only the first [5] ones.
> . You can find the FindBugs diff here (look for the red and orange ones): 
> client/findbugs-new.html
> . The top [5] most important FindBugs errors are:
> . At OozieCLI.java:[line 841]: java/io/File.(Ljava/lang/String;)V reads 
> a file whose location might be specified by user input
> . java/io/FileInputStream.(Ljava/lang/String;)V reads a file whose 
> location might be specified by user input: At OozieCLI.java:[line 839]
> . At OozieCLI.java:[line 839]: At OozieCLI.java:[line 849]
> . At OozieCLI.java:[line 876]: java/io/File.(Ljava/lang/String;)V reads 
> a file whose location might be specified by user input
> . java/io/File.(Ljava/lang/String;)V reads a file whose location might 
> be specified by user input: At OozieCLI.java:[line 871]
> . +1 There are no new bugs found in [docs].
> . -1 There are [2] new bugs found below threshold in [examples] that must be 
> fixed.
> . You can find the FindBugs diff here (look for the red and orange ones): 
> examples/findbugs-new.html
> . The most important FindBugs errors are:
> . At LocalOozieExample.java:[line 47]: 
> java/io/File.(Ljava/lang/String;)V reads a file whose location might be 
> specified by user input
> . java/io/FileInputStream.(Ljava/lang/String;)V reads a file whose 
> location might be specified by user input: At LocalOozieExample.java:[line 35]
> . At LocalOozieExample.java:[line 35]: At LocalOozieExample.java:[line 72]
> . -1 There are [2] new bugs found below threshold in [sharelib/hive] that 
> must be fixed.
> . You can find the FindBugs diff here (look for the red and orange ones): 
> sharelib/hive/findbugs-new.html
> . The most important FindBugs errors are:
> . At HiveMain.java:[line 317]: 
> java/io/FileInputStream.(Ljava/lang/String;)V reads a file whose 
> location might be specified by user input
> . At HiveMain.java:[line 226]: At HiveMain.java:[line 207]
> . At HiveMain.java:[line 210]: java/io/File.(Ljava/lang/String;)V reads 
> a file whose location might be specified by user input
> . At HiveMain.java:[line 207]
> . -1 There are [3] new bugs found below threshold in [sharelib/pig] that must 
> be fixed.
> . You can find the FindBugs diff here (look for the red and orange ones): 
> sharelib/pig/findbugs-new.html
> . The most important FindBugs errors are:
> . At PigMain.java:[line 258]: java/io/File.(Ljava/lang/String;)V reads 
> a file whose location might be specified by user input
> . At PigMain.java:[line 141]: At PigMain.java:[line 131]
> . At PigMain.java:[line 245]: At PigMain.java:[line 199]
> . At PigMain.java:[line 137]: java/io/File.(Ljava/lang/String;)V reads 
> a file whose location might be specified by user input
> . java/io/File.(Ljava/lang/String;)V reads a file whose location might 
> be specified by user input: At PigMain.java:[line 131]
> . +1 There are no new bugs found in [sharelib/distcp].
> . +1 There are no new bugs found in [sharelib/streaming].
> . -1 There are [2] new bugs found below threshold in

[jira] [Created] (OOZIE-3448) Cleanup of oozie-server copy dependency

2019-03-08 Thread Andras Salamon (JIRA) 
Andras Salamon created OOZIE-3448:
-

 Summary: Cleanup of oozie-server copy dependency
 Key: OOZIE-3448
 URL: https://issues.apache.org/jira/browse/OOZIE-3448
 Project: Oozie
  Issue Type: Bug
Affects Versions: trunk
Reporter: Andras Salamon


There is a section in 
[oozie-server/pom.xml|https://github.com/apache/oozie/blob/branch-5.1/server/pom.xml#L180-L262]
 which is responsible for the copying of the artifacts/dependencies.

We use 
[dependency:copy-dependencies|https://maven.apache.org/plugins/maven-dependency-plugin/examples/copying-project-dependencies.html]
 which copies the dependencies, but still list the artifacts (which is valid 
for 
[dependency:copy|https://maven.apache.org/plugins/maven-dependency-plugin/examples/copying-artifacts.html]).

I think maven copies the dependencies and ignores the listed artifacts. If this 
is true, we can remove the {{artifactItems}}. If my assumption is not true, 
then we should use {{dependency:copy}} instead of 
{{dependency:cop-dependencies}}.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-1624) Exclusion pattern for sharelib JARs

2019-03-08 Thread Andras Salamon (JIRA) 


[ 
https://issues.apache.org/jira/browse/OOZIE-1624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16787927#comment-16787927
 ] 

Andras Salamon commented on OOZIE-1624:
---

Thanks for the contribution [~matijhs], +1, committed to master.

Thanks for everybody who helped in the last 5 years to finish this jira.

> Exclusion pattern for sharelib JARs
> ---
>
> Key: OOZIE-1624
> URL: https://issues.apache.org/jira/browse/OOZIE-1624
> Project: Oozie
>  Issue Type: Sub-task
>Affects Versions: 4.3.1
>Reporter: Purshotam Shah
>Assignee: Mate Juhasz
>Priority: Major
> Attachments: OOZIE-1624-V10.patch, OOZIE-1624-V2.patch, 
> OOZIE-1624-V3.patch, OOZIE-1624-V4.patch, OOZIE-1624-V5.patch, 
> OOZIE-1624-v1.patch
>
>
> Sharelib may bring some jar which might conflict with user jars.
> Ex. Sharelib hive has json-2..jar, where as some of the user use-case 
> need higher version of json jar.
> He should be able to exclude sharelib json jar and bring his own version.
> 
> oozie.action.sharelib.for.hive.exclusion
> json-\*.jar|abc-*.jar
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 66656: Exclusion pattern for sharelib.

2019-03-08 Thread Andras Salamon 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/66656/#review213559
---


Ship it!




Ship It!

- Andras Salamon


On March 7, 2019, 2:40 p.m., Mate Juhasz wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/66656/
> ---
> 
> (Updated March 7, 2019, 2:40 p.m.)
> 
> 
> Review request for oozie, András Piros and Denes Bodo.
> 
> 
> Bugs: OOZIE-1624
> https://issues.apache.org/jira/browse/OOZIE-1624
> 
> 
> Repository: oozie-git
> 
> 
> Description
> ---
> 
> OOZIE-1624 Exclusion pattern for sharelib.
> 
> 
> Diffs
> -
> 
>   core/src/main/java/org/apache/oozie/action/hadoop/JavaActionExecutor.java 
> 231b38ea 
>   core/src/main/java/org/apache/oozie/action/hadoop/ShareLibExcluder.java 
> PRE-CREATION 
>   core/src/main/java/org/apache/oozie/service/ShareLibService.java b88dab3a 
>   
> core/src/test/java/org/apache/oozie/action/hadoop/ActionExecutorTestCase.java 
> 05511e4c 
>   
> core/src/test/java/org/apache/oozie/action/hadoop/TestJavaActionExecutor.java 
> 6383e814 
>   
> core/src/test/java/org/apache/oozie/action/hadoop/TestJavaActionExecutorLibAddition.java
>  PRE-CREATION 
>   core/src/test/java/org/apache/oozie/action/hadoop/TestShareLibExcluder.java 
> PRE-CREATION 
>   docs/src/site/markdown/WorkflowFunctionalSpec.md 7d6a31bf 
> 
> 
> Diff: https://reviews.apache.org/r/66656/diff/11/
> 
> 
> Testing
> ---
> 
> Tested on a cluster
> 
> 
> Thanks,
> 
> Mate Juhasz
> 
>

[jira] [Commented] (OOZIE-3312) Add support for HSTS

2019-03-08 Thread Andras Salamon (JIRA) 


[ 
https://issues.apache.org/jira/browse/OOZIE-3312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16787909#comment-16787909
 ] 

Andras Salamon commented on OOZIE-3312:
---

Thanks [~kmarton], +1 (pending jenkins) for the last patch.

> Add support for HSTS 
> -
>
> Key: OOZIE-3312
> URL: https://issues.apache.org/jira/browse/OOZIE-3312
> Project: Oozie
>  Issue Type: Bug
>  Components: security
>Reporter: Peter Cseh
>Assignee: Julia Kinga Marton
>Priority: Major
> Attachments: OOZIE-3312-001.patch, OOZIE-3312-002.patch, 
> OOZIE-3312-003.patch
>
>
> As a security best practice we should add support for HSTS via oozie-site.xml 
> in case of embedded Jetty.
>  [https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet]
>  [http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html] - 
> this page is not available anymore
> [https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html]
>  
> Maybe we should even make it enabled by default when SSL is configured.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 70155: OOZIE-3312 Add support for HSTS

2019-03-08 Thread Andras Salamon 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70155/#review213558
---


Ship it!




Ship It!

- Andras Salamon


On March 8, 2019, 1:42 p.m., Kinga Marton wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70155/
> ---
> 
> (Updated March 8, 2019, 1:42 p.m.)
> 
> 
> Review request for oozie and Andras Salamon.
> 
> 
> Repository: oozie-git
> 
> 
> Description
> ---
> 
> As a security best practice we should add support for HSTS via oozie-site.xml 
> in case of embedded Jetty.
> https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
> http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html - 
> this page is not available anymore
> 
> https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html
> 
>  
> 
> Maybe we should even make it enabled by default when SSL is configured.
> 
> 
> Diffs
> -
> 
>   core/src/main/resources/oozie-default.xml c7f2becaa 
>   docs/src/site/markdown/AG_Install.md 270b98fb0 
>   server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java 
> 466cefc2e 
>   
> server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java
>  f926a0910 
> 
> 
> Diff: https://reviews.apache.org/r/70155/diff/3/
> 
> 
> Testing
> ---
> 
> Junit + manually tested
> 
> 
> Thanks,
> 
> Kinga Marton
> 
>

[jira] [Commented] (OOZIE-3312) Add support for HSTS

2019-03-08 Thread Hadoop QA (JIRA) 


[ 
https://issues.apache.org/jira/browse/OOZIE-3312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16787898#comment-16787898
 ] 

Hadoop QA commented on OOZIE-3312:
--

PreCommit-OOZIE-Build started


> Add support for HSTS 
> -
>
> Key: OOZIE-3312
> URL: https://issues.apache.org/jira/browse/OOZIE-3312
> Project: Oozie
>  Issue Type: Bug
>  Components: security
>Reporter: Peter Cseh
>Assignee: Julia Kinga Marton
>Priority: Major
> Attachments: OOZIE-3312-001.patch, OOZIE-3312-002.patch, 
> OOZIE-3312-003.patch
>
>
> As a security best practice we should add support for HSTS via oozie-site.xml 
> in case of embedded Jetty.
>  [https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet]
>  [http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html] - 
> this page is not available anymore
> [https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html]
>  
> Maybe we should even make it enabled by default when SSL is configured.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 70155: OOZIE-3312 Add support for HSTS

2019-03-08 Thread Kinga Marton via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70155/
---

(Updated March 8, 2019, 1:42 p.m.)


Review request for oozie and Andras Salamon.


Repository: oozie-git


Description
---

As a security best practice we should add support for HSTS via oozie-site.xml 
in case of embedded Jetty.
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html - this 
page is not available anymore

https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html

 

Maybe we should even make it enabled by default when SSL is configured.


Diffs (updated)
-

  core/src/main/resources/oozie-default.xml c7f2becaa 
  docs/src/site/markdown/AG_Install.md 270b98fb0 
  server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java 
466cefc2e 
  
server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java 
f926a0910 


Diff: https://reviews.apache.org/r/70155/diff/3/

Changes: https://reviews.apache.org/r/70155/diff/2-3/


Testing
---

Junit + manually tested


Thanks,

Kinga Marton

[jira] [Updated] (OOZIE-3312) Add support for HSTS

2019-03-08 Thread Julia Kinga Marton (JIRA) 


 [ 
https://issues.apache.org/jira/browse/OOZIE-3312?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Julia Kinga Marton updated OOZIE-3312:
--
Attachment: OOZIE-3312-003.patch

> Add support for HSTS 
> -
>
> Key: OOZIE-3312
> URL: https://issues.apache.org/jira/browse/OOZIE-3312
> Project: Oozie
>  Issue Type: Bug
>  Components: security
>Reporter: Peter Cseh
>Assignee: Julia Kinga Marton
>Priority: Major
> Attachments: OOZIE-3312-001.patch, OOZIE-3312-002.patch, 
> OOZIE-3312-003.patch
>
>
> As a security best practice we should add support for HSTS via oozie-site.xml 
> in case of embedded Jetty.
>  [https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet]
>  [http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html] - 
> this page is not available anymore
> [https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html]
>  
> Maybe we should even make it enabled by default when SSL is configured.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-1974) SSH Action doesn't handle compound commands eg: cmd1 && cmd2 and stuck in [PREP] stage

2019-03-08 Thread Denes Bodo (JIRA) 


[ 
https://issues.apache.org/jira/browse/OOZIE-1974?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16787848#comment-16787848
 ] 

Denes Bodo commented on OOZIE-1974:
---

[~michalisk] Do you think OOZIE-2126 can be related to your issue? Thanks

> SSH Action doesn't handle compound commands eg: cmd1 && cmd2 and stuck in 
> [PREP] stage
> --
>
> Key: OOZIE-1974
> URL: https://issues.apache.org/jira/browse/OOZIE-1974
> Project: Oozie
>  Issue Type: Bug
>  Components: action
>Affects Versions: trunk
>Reporter: Michalis Kongtongk
>Priority: Major
>
> example WF that will fail:
> {code}
>  
>  
>  
>  
> oozie-u...@somedomain.com 
> kinit 
> oozie-u...@somedomain.com 
> -k 
> -t 
> /home/oozie-user/oozie.keytab 
>  
> hdfs 
> dfs 
> -put 
> /tmp/random-file.txt 
> /tmp/random-file.txt 
>  
>  
>  
>  
>  
> Action failed, error 
> message[${wf:errorMessage(wf:lastErrorNode())}] 
>  
>  
> 
> {code}
> Workaround is to execute the compound command in subshell eg: $(cmd1 && cmd2) 
> {code}
>  
>  
>  
>  
> oozie-u...@somedomain.com 
> $(kinit 
> oozie-u...@somedomain.com 
> -k 
> -t 
> /home/oozie-user/oozie.keytab 
>  
> hdfs 
> dfs 
> -put 
> /tmp/random-file.txt 
> /tmp/random-file.txt 
> ) 
>  
>  
>  
>  
>  
> Action failed, error 
> message[${wf:errorMessage(wf:lastErrorNode())}] 
>  
>  
> 
> {code}
> Stack trace "org.apache.oozie.command.CommandException: E0800: Action it is 
> not running its in [PREP] state,"
> {code}
> 2014-08-05 23:29:49,721 INFO org.apache.oozie.action.ssh.SshActionExecutor: 
> SERVER[192-168-88-213.lunix.lan] USER[mko] GROUP[-] TOKEN[] APP[Ssh-copy] 
> JOB[008-140805224842389-oozie-oozi-W] 
> ACTION[008-140805224842389-oozie-oozi-W@Ssh] start() begins 
> 2014-08-05 23:29:49,723 INFO org.apache.oozie.action.ssh.SshActionExecutor: 
> SERVER[192-168-88-213.lunix.lan] USER[mko] GROUP[-] TOKEN[] APP[Ssh-copy] 
> JOB[008-140805224842389-oozie-oozi-W] 
> ACTION[008-140805224842389-oozie-oozi-W@Ssh] Attempting to copy ssh base 
> scripts to remote host [m...@192-168-88-213.lunix.lan] 
> 2014-08-05 23:29:52,691 INFO org.apache.oozie.servlet.CallbackServlet: 
> SERVER[192-168-88-213.lunix.lan] USER[-] GROUP[-] TOKEN[-] APP[-] 
> JOB[008-140805224842389-oozie-oozi-W] 
> ACTION[008-140805224842389-oozie-oozi-W@Ssh] callback for action 
> [008-140805224842389-oozie-oozi-W@Ssh] 
> 2014-08-05 23:29:52,714 ERROR 
> org.apache.oozie.command.wf.CompletedActionXCommand: 
> SERVER[192-168-88-213.lunix.lan] USER[-] GROUP[-] TOKEN[] APP[-] 
> JOB[008-140805224842389-oozie-oozi-W] 
> ACTION[008-140805224842389-oozie-oozi-W@Ssh] XException, 
> org.apache.oozie.command.CommandException: E0800: Action it is not running 
> its in [PREP] state, action [008-140805224842389-oozie-oozi-W@Ssh] 
> at 
> org.apache.oozie.command.wf.CompletedActionXCommand.eagerVerifyPrecondition(CompletedActionXCommand.java:77)
>  
> at org.apache.oozie.command.XCommand.call(XCommand.java:251) 
> at 
> org.apache.oozie.service.CallableQueueService$CallableWrapper.run(CallableQueueService.java:174)
>  
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>  
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>  
> at java.lang.Thread.run(Thread.java:662) 
> 2014-08-05 23:29:52,714 WARN 
> org.apache.oozie.service.CallableQueueService$CallableWrapper: 
> SERVER[192-168-88-213.lunix.lan] USER[-] GROUP[-] TOKEN[-] APP[-] JOB[-] 
> ACTION[-] exception callable [callback], E0800: Action it is not running its 
> in [PREP] state, action [008-140805224842389-oozie-oozi-W@Ssh] 
> org.apache.oozie.command.CommandException: E0800: Action it is not running 
> its in [PREP] state, action [008-140805224842389-oozie-oozi-W@Ssh] 
> at 
> org.apache.oozie.command.wf.CompletedActionXCommand.eagerVerifyPrecondition(CompletedActionXCommand.java:77)
>  
> at org.apache.oozie.command.XCommand.call(XCommand.java:251) 
> at 
> org.apache.oozie.service.CallableQueueService$CallableWrapper.run(CallableQueueService.java:174)
>  
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
>  
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
>  
> at java.lang.Thread.run(Thread.java:662) 
> 2014-08-05 23:29:57,262 INFO org.apache.oozie.action.ssh.SshActionExecutor: 
> SERVER[192-168-88-213.lunix.lan] USER[mko] GROUP[-] TOKEN[] APP[Ssh-copy] 
> JOB[008-140805224842389-oozie-oozi-W] 
> ACTION[008-140805224842389-oozie-oozi-W@Ssh] start() ends
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (OOZIE-3447) Run test case in local : It shows oozie-hsqldb-orm.xml exception

2019-03-08 Thread duan xiong (JIRA) 


 [ 
https://issues.apache.org/jira/browse/OOZIE-3447?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

duan xiong updated OOZIE-3447:
--
Issue Type: Sub-task  (was: Bug)
Parent: OOZIE-3336

> Run test case in local : It shows oozie-hsqldb-orm.xml exception
> 
>
> Key: OOZIE-3447
> URL: https://issues.apache.org/jira/browse/OOZIE-3447
> Project: Oozie
>  Issue Type: Sub-task
>  Components: tests
>Affects Versions: 5.1.0
>Reporter: duan xiong
>Assignee: duan xiong
>Priority: Major
> Attachments: OOZIE-3447-001.patch
>
>
> {code:java}
> 392 oozie-hsqldb WARN [main] openjpa.Enhance - An exception was thrown while 
> attempting to perform class file transformation on 
> "org/apache/oozie/util/db/ValidateConnectionBean":  nonfatal general error> org.apache.openjpa.util.GeneralException: 
> org.xml.sax.SAXException: 
> file:/D:/IdeaProjects/oozie/core/target/classes/META-INF/oozie-hsqldb-orm.xml 
> [Location: Line: 22, C: 32]: org.xml.sax.SAXParseException; systemId: 
> file:/D:/IdeaProjects/oozie/core/target/classes/META-INF/oozie-hsqldb-orm.xml;
>  lineNumber: 22; columnNumber: 32; cvc-complex-type.3.1: Value '1.0' of 
> attribute 'version' of element 'entity-mappings' is not valid with respect to 
> the corresponding attribute use. Attribute 'version' has a fixed value of 
> '2.0'.
> at 
> org.apache.openjpa.persistence.PersistenceMetaDataFactory.parseXML(PersistenceMetaDataFactory.java:294)
> at 
> org.apache.openjpa.persistence.PersistenceMetaDataFactory.load(PersistenceMetaDataFactory.java:227)
> at 
> org.apache.openjpa.meta.MetaDataRepository.getMetaDataInternal(MetaDataRepository.java:587)
> at 
> org.apache.openjpa.meta.MetaDataRepository.getMetaDataInternal(MetaDataRepository.java:397)
> at 
> org.apache.openjpa.meta.MetaDataRepository.getMetaData(MetaDataRepository.java:389)
> at org.apache.openjpa.enhance.PCEnhancer.(PCEnhancer.java:286)
> at org.apache.openjpa.enhance.PCEnhancer.(PCEnhancer.java:257)
> Caused by: java.io.IOException: org.xml.sax.SAXException: 
> file:oozie-hsqldb-orm.xml [Location: Line: 22, C: 32]: 
> org.xml.sax.SAXParseException; systemId: file:oozie-hsqldb-orm.xml; 
> lineNumber: 22; columnNumber: 32; cvc-complex-type.3.1: Value '1.0' of 
> attribute 'version' of element 'entity-mappings' is not valid with respect to 
> the corresponding attribute use. Attribute 'version' has a fixed value of 
> '2.0'.
> at 
> org.apache.openjpa.lib.meta.XMLMetaDataParser.parseNewResource(XMLMetaDataParser.java:426)
> at 
> org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(XMLMetaDataParser.java:346)
> at 
> org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(XMLMetaDataParser.java:323)
> at 
> org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(XMLMetaDataParser.java:296)
> at 
> org.apache.openjpa.persistence.XMLPersistenceMetaDataParser.parse(XMLPersistenceMetaDataParser.java:406)
> at 
> org.apache.openjpa.persistence.PersistenceMetaDataFactory.parseXML(PersistenceMetaDataFactory.java:292)
> ... 58 more
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3312) Add support for HSTS

2019-03-08 Thread Hadoop QA (JIRA) 


[ 
https://issues.apache.org/jira/browse/OOZIE-3312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16787831#comment-16787831
 ] 

Hadoop QA commented on OOZIE-3312:
--


Testing JIRA OOZIE-3312

Cleaning local git workspace



{color:green}+1 PATCH_APPLIES{color}
{color:green}+1 CLEAN{color}
{color:green}+1 RAW_PATCH_ANALYSIS{color}
.{color:green}+1{color} the patch does not introduce any @author tags
.{color:green}+1{color} the patch does not introduce any tabs
.{color:green}+1{color} the patch does not introduce any trailing spaces
.{color:green}+1{color} the patch does not introduce any star imports
.{color:green}+1{color} the patch does not introduce any line longer than 
132
.{color:green}+1{color} the patch adds/modifies 1 testcase(s)
{color:green}+1 RAT{color}
.{color:green}+1{color} the patch does not seem to introduce new RAT 
warnings
{color:green}+1 JAVADOC{color}
.{color:green}+1{color} Javadoc generation succeeded with the patch
.{color:green}+1{color} the patch does not seem to introduce new Javadoc 
warning(s)
{color:green}+1 COMPILE{color}
.{color:green}+1{color} HEAD compiles
.{color:green}+1{color} patch compiles
.{color:green}+1{color} the patch does not seem to introduce new javac 
warnings
{color:green}+1{color} There are no new bugs found in total.
.{color:green}+1{color} There are no new bugs found in [examples].
.{color:green}+1{color} There are no new bugs found in [core].
.{color:green}+1{color} There are no new bugs found in [sharelib/distcp].
.{color:green}+1{color} There are no new bugs found in [sharelib/hive].
.{color:green}+1{color} There are no new bugs found in [sharelib/pig].
.{color:green}+1{color} There are no new bugs found in [sharelib/spark].
.{color:green}+1{color} There are no new bugs found in [sharelib/hive2].
.{color:green}+1{color} There are no new bugs found in [sharelib/hcatalog].
.{color:green}+1{color} There are no new bugs found in [sharelib/sqoop].
.{color:green}+1{color} There are no new bugs found in [sharelib/oozie].
.{color:green}+1{color} There are no new bugs found in [sharelib/streaming].
.{color:green}+1{color} There are no new bugs found in [sharelib/git].
.{color:green}+1{color} There are no new bugs found in [webapp].
.{color:green}+1{color} There are no new bugs found in [tools].
.{color:green}+1{color} There are no new bugs found in [docs].
.{color:green}+1{color} There are no new bugs found in [server].
.{color:green}+1{color} There are no new bugs found in 
[fluent-job/fluent-job-api].
.{color:green}+1{color} There are no new bugs found in [client].
{color:green}+1 BACKWARDS_COMPATIBILITY{color}
.{color:green}+1{color} the patch does not change any JPA 
Entity/Colum/Basic/Lob/Transient annotations
.{color:green}+1{color} the patch does not modify JPA files
{color:green}+1 TESTS{color}
.Tests run: 3148
{color:green}+1 DISTRO{color}
.{color:green}+1{color} distro tarball builds with the patch 


{color:green}*+1 Overall result, good!, no -1s*{color}


The full output of the test-patch run is available at

. https://builds.apache.org/job/PreCommit-OOZIE-Build/1041/



> Add support for HSTS 
> -
>
> Key: OOZIE-3312
> URL: https://issues.apache.org/jira/browse/OOZIE-3312
> Project: Oozie
>  Issue Type: Bug
>  Components: security
>Reporter: Peter Cseh
>Assignee: Julia Kinga Marton
>Priority: Major
> Attachments: OOZIE-3312-001.patch, OOZIE-3312-002.patch
>
>
> As a security best practice we should add support for HSTS via oozie-site.xml 
> in case of embedded Jetty.
>  [https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet]
>  [http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html] - 
> this page is not available anymore
> [https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html]
>  
> Maybe we should even make it enabled by default when SSL is configured.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Failed: OOZIE-3312 PreCommit Build #1041

2019-03-08 Thread Apache Jenkins Server 
Jira: https://issues.apache.org/jira/browse/OOZIE-3312
Build: https://builds.apache.org/job/PreCommit-OOZIE-Build/1041/

###
## LAST 100 LINES OF THE CONSOLE 
###
[...truncated 1.91 MB...]
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [sharelib/streaming].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [sharelib/git].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [webapp].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [tools].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [docs].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [server].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [fluent-job/fluent-job-api].
[TRACE] New XMLLib present, calling 'xmllint --xpath' to get bug instance counts
[DEBUG] There are no new bugs found in [client].
[INFO] There are no new bugs found totally].
[TRACE] SpotBugs diffs checked and reports created
[TRACE] Summary file size is 2535 bytes
[TRACE] Full summary file size is 1525 bytes
[TRACE] File 
[/home/jenkins/jenkins-slave/workspace/PreCommit-OOZIE-Build/test-patch/tmp/SPOTBUGS_DIFF/diff/findbugs-diff-0.1.0-all.jar]
 removed
[TRACE] File 
[/home/jenkins/jenkins-slave/workspace/PreCommit-OOZIE-Build/test-patch/tmp/SPOTBUGS_DIFF/diff/findbugs-diff-0.1.0-all.jar.md5]
 removed
  Running test-patch task BACKWARDS_COMPATIBILITY
  Running test-patch task TESTS
  Running test-patch task DISTRO


Testing JIRA OOZIE-3312

Cleaning local git workspace



+1 PATCH_APPLIES
+1 CLEAN
+1 RAW_PATCH_ANALYSIS
+1 the patch does not introduce any @author tags
+1 the patch does not introduce any tabs
+1 the patch does not introduce any trailing spaces
+1 the patch does not introduce any star imports
+1 the patch does not introduce any line longer than 132
+1 the patch adds/modifies 1 testcase(s)
+1 RAT
+1 the patch does not seem to introduce new RAT warnings
+1 JAVADOC
+1 Javadoc generation succeeded with the patch
+1 the patch does not seem to introduce new Javadoc warning(s)
+1 COMPILE
+1 HEAD compiles
+1 patch compiles
+1 the patch does not seem to introduce new javac warnings
+1 There are no new bugs found in total.
+1 There are no new bugs found in [examples].
+1 There are no new bugs found in [core].
+1 There are no new bugs found in [sharelib/distcp].
+1 There are no new bugs found in [sharelib/hive].
+1 There are no new bugs found in [sharelib/pig].
+1 There are no new bugs found in [sharelib/spark].
+1 There are no new bugs found in [sharelib/hive2].
+1 There are no new bugs found in [sharelib/hcatalog].
+1 There are no new bugs found in [sharelib/sqoop].
+1 There are no new bugs found in [sharelib/oozie].
+1 There are no new bugs found in [sharelib/streaming].
+1 There are no new bugs found in [sharelib/git].
+1 There are no new bugs found in [webapp].
+1 There are no new bugs found in [tools].
+1 There are no new bugs found in [docs].
+1 There are no new bugs found in [server].
+1 There are no new bugs found in [fluent-job/fluent-job-api].
+1 There are no new bugs found in [client].
+1 BACKWARDS_COMPATIBILITY
+1 the patch does not change any JPA Entity/Colum/Basic/Lob/Transient 
annotations
+1 the patch does not modify JPA files
+1 TESTS
Tests run: 3148
+1 DISTRO
+1 distro tarball builds with the patch 


+1 Overall result, good!, no -1s


The full output of the test-patch run is available at

 https://builds.apache.org/job/PreCommit-OOZIE-Build/1041/

Adding comment to JIRA
  % Total% Received % Xferd  Average Speed   TimeTime Time  Current
 Dload  Upload   Total   SpentLeft  Speed
  0 00 00 0  0  0 --:--:-- --:--:-- --:--:-- 0  
0 00 00 0  0  0 --:--:-- --:--:-- --:--:--

Re: Review Request 70155: OOZIE-3312 Add support for HSTS

2019-03-08 Thread Andras Salamon 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70155/#review213551
---




docs/src/site/markdown/AG_Install.md
Lines 945 (patched)


I'd add 'seconds' after the number

renamed: oozie.hsts.max.age.seconds



server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
Lines 51 (patched)


renamed: oozie.hsts.max.age.seconds


- Andras Salamon


On March 8, 2019, 10:02 a.m., Kinga Marton wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70155/
> ---
> 
> (Updated March 8, 2019, 10:02 a.m.)
> 
> 
> Review request for oozie and Andras Salamon.
> 
> 
> Repository: oozie-git
> 
> 
> Description
> ---
> 
> As a security best practice we should add support for HSTS via oozie-site.xml 
> in case of embedded Jetty.
> https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
> http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html - 
> this page is not available anymore
> 
> https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html
> 
>  
> 
> Maybe we should even make it enabled by default when SSL is configured.
> 
> 
> Diffs
> -
> 
>   core/src/main/resources/oozie-default.xml c7f2becaa 
>   docs/src/site/markdown/AG_Install.md 270b98fb0 
>   server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java 
> 466cefc2e 
>   
> server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java
>  f926a0910 
> 
> 
> Diff: https://reviews.apache.org/r/70155/diff/2/
> 
> 
> Testing
> ---
> 
> Junit + manually tested
> 
> 
> Thanks,
> 
> Kinga Marton
> 
>

[jira] [Commented] (OOZIE-3447) Run test case in local : It shows oozie-hsqldb-orm.xml exception

2019-03-08 Thread Julia Kinga Marton (JIRA) 


[ 
https://issues.apache.org/jira/browse/OOZIE-3447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16787751#comment-16787751
 ] 

Julia Kinga Marton commented on OOZIE-3447:
---

[~nobigo], can you please share exactly how did you tried to run the test when 
it failed with this error? I have run the test from Maven and from Idea as 
well, and it passed in both cases, so I was unable to reproduce the issue as 
well.

I also agree with [~asalamon74] that even if we will need to update those 
files, we should check if we really need those, since using both XML and 
annotations for mappings in the same project is not really recommended. Maybe 
we should get rid of the xmls?

So I would suggest to do this cleanup/update as a subtask of OOZIE-3336.

> Run test case in local : It shows oozie-hsqldb-orm.xml exception
> 
>
> Key: OOZIE-3447
> URL: https://issues.apache.org/jira/browse/OOZIE-3447
> Project: Oozie
>  Issue Type: Bug
>  Components: tests
>Affects Versions: 5.1.0
>Reporter: duan xiong
>Assignee: duan xiong
>Priority: Major
> Attachments: OOZIE-3447-001.patch
>
>
> {code:java}
> 392 oozie-hsqldb WARN [main] openjpa.Enhance - An exception was thrown while 
> attempting to perform class file transformation on 
> "org/apache/oozie/util/db/ValidateConnectionBean":  nonfatal general error> org.apache.openjpa.util.GeneralException: 
> org.xml.sax.SAXException: 
> file:/D:/IdeaProjects/oozie/core/target/classes/META-INF/oozie-hsqldb-orm.xml 
> [Location: Line: 22, C: 32]: org.xml.sax.SAXParseException; systemId: 
> file:/D:/IdeaProjects/oozie/core/target/classes/META-INF/oozie-hsqldb-orm.xml;
>  lineNumber: 22; columnNumber: 32; cvc-complex-type.3.1: Value '1.0' of 
> attribute 'version' of element 'entity-mappings' is not valid with respect to 
> the corresponding attribute use. Attribute 'version' has a fixed value of 
> '2.0'.
> at 
> org.apache.openjpa.persistence.PersistenceMetaDataFactory.parseXML(PersistenceMetaDataFactory.java:294)
> at 
> org.apache.openjpa.persistence.PersistenceMetaDataFactory.load(PersistenceMetaDataFactory.java:227)
> at 
> org.apache.openjpa.meta.MetaDataRepository.getMetaDataInternal(MetaDataRepository.java:587)
> at 
> org.apache.openjpa.meta.MetaDataRepository.getMetaDataInternal(MetaDataRepository.java:397)
> at 
> org.apache.openjpa.meta.MetaDataRepository.getMetaData(MetaDataRepository.java:389)
> at org.apache.openjpa.enhance.PCEnhancer.(PCEnhancer.java:286)
> at org.apache.openjpa.enhance.PCEnhancer.(PCEnhancer.java:257)
> Caused by: java.io.IOException: org.xml.sax.SAXException: 
> file:oozie-hsqldb-orm.xml [Location: Line: 22, C: 32]: 
> org.xml.sax.SAXParseException; systemId: file:oozie-hsqldb-orm.xml; 
> lineNumber: 22; columnNumber: 32; cvc-complex-type.3.1: Value '1.0' of 
> attribute 'version' of element 'entity-mappings' is not valid with respect to 
> the corresponding attribute use. Attribute 'version' has a fixed value of 
> '2.0'.
> at 
> org.apache.openjpa.lib.meta.XMLMetaDataParser.parseNewResource(XMLMetaDataParser.java:426)
> at 
> org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(XMLMetaDataParser.java:346)
> at 
> org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(XMLMetaDataParser.java:323)
> at 
> org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(XMLMetaDataParser.java:296)
> at 
> org.apache.openjpa.persistence.XMLPersistenceMetaDataParser.parse(XMLPersistenceMetaDataParser.java:406)
> at 
> org.apache.openjpa.persistence.PersistenceMetaDataFactory.parseXML(PersistenceMetaDataFactory.java:292)
> ... 58 more
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3312) Add support for HSTS

2019-03-08 Thread Hadoop QA (JIRA) 


[ 
https://issues.apache.org/jira/browse/OOZIE-3312?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16787750#comment-16787750
 ] 

Hadoop QA commented on OOZIE-3312:
--

PreCommit-OOZIE-Build started


> Add support for HSTS 
> -
>
> Key: OOZIE-3312
> URL: https://issues.apache.org/jira/browse/OOZIE-3312
> Project: Oozie
>  Issue Type: Bug
>  Components: security
>Reporter: Peter Cseh
>Assignee: Julia Kinga Marton
>Priority: Major
> Attachments: OOZIE-3312-001.patch, OOZIE-3312-002.patch
>
>
> As a security best practice we should add support for HSTS via oozie-site.xml 
> in case of embedded Jetty.
>  [https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet]
>  [http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html] - 
> this page is not available anymore
> [https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html]
>  
> Maybe we should even make it enabled by default when SSL is configured.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (OOZIE-3312) Add support for HSTS

2019-03-08 Thread Julia Kinga Marton (JIRA) 


 [ 
https://issues.apache.org/jira/browse/OOZIE-3312?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Julia Kinga Marton updated OOZIE-3312:
--
Attachment: OOZIE-3312-002.patch

> Add support for HSTS 
> -
>
> Key: OOZIE-3312
> URL: https://issues.apache.org/jira/browse/OOZIE-3312
> Project: Oozie
>  Issue Type: Bug
>  Components: security
>Reporter: Peter Cseh
>Assignee: Julia Kinga Marton
>Priority: Major
> Attachments: OOZIE-3312-001.patch, OOZIE-3312-002.patch
>
>
> As a security best practice we should add support for HSTS via oozie-site.xml 
> in case of embedded Jetty.
>  [https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet]
>  [http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html] - 
> this page is not available anymore
> [https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html]
>  
> Maybe we should even make it enabled by default when SSL is configured.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 70155: OOZIE-3312 Add support for HSTS

2019-03-08 Thread Kinga Marton via Review Board 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70155/
---

(Updated March 8, 2019, 10:02 a.m.)


Review request for oozie and Andras Salamon.


Repository: oozie-git


Description
---

As a security best practice we should add support for HSTS via oozie-site.xml 
in case of embedded Jetty.
https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html - this 
page is not available anymore

https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html

 

Maybe we should even make it enabled by default when SSL is configured.


Diffs (updated)
-

  core/src/main/resources/oozie-default.xml c7f2becaa 
  docs/src/site/markdown/AG_Install.md 270b98fb0 
  server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java 
466cefc2e 
  
server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java 
f926a0910 


Diff: https://reviews.apache.org/r/70155/diff/2/

Changes: https://reviews.apache.org/r/70155/diff/1-2/


Testing
---

Junit + manually tested


Thanks,

Kinga Marton

[jira] [Commented] (OOZIE-3446) Migrate from commons-lang 2.x to commons-lang 3.x

2019-03-08 Thread duan xiong (JIRA) 


[ 
https://issues.apache.org/jira/browse/OOZIE-3446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16787744#comment-16787744
 ] 

duan xiong commented on OOZIE-3446:
---

OK. [~asalamon74] Thank you review this.

> Migrate from commons-lang 2.x to commons-lang 3.x
> -
>
> Key: OOZIE-3446
> URL: https://issues.apache.org/jira/browse/OOZIE-3446
> Project: Oozie
>  Issue Type: Improvement
>Affects Versions: trunk
>Reporter: Andras Salamon
>Assignee: duan xiong
>Priority: Major
> Attachments: OOZIE-3446-001.patch, OOZIE-3446-002.patch
>
>
> Currently Oozie uses both commons-lang 2.x ({{2.4}}) and 3.x ({{3.3.2}}).
> Versions {{2.4}} was released in 2008, {{2.6}} (latest 2.x) was released in 
> 2011. 
> Although it is possible to use both versions at the same time I think it's 
> time to migrate from the legacy 2.x line and use only 3.x (at least directly).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3447) Run test case in local : It shows oozie-hsqldb-orm.xml exception

2019-03-08 Thread Andras Salamon (JIRA) 


[ 
https://issues.apache.org/jira/browse/OOZIE-3447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16787742#comment-16787742
 ] 

Andras Salamon commented on OOZIE-3447:
---

[~nobigo] Thanks for the patch. I was unable to reproduce the problem, this 
test class works for me (and for the precommit job) with the {{1.0}} and 
{{2.0}} versions as well. As the precommit checks states, this change will 
break backward compatibility, I don't think it's a good idea to do that. These 
orm files refer to a deprecated class ( 
{{org.apache.oozie.client.rest.JsonSLAEvent}} ) and I'm not sure if the files 
are in use, we long time switched to using JPA annotations. Probably we need to 
clean up this part of the database as a subtask of OOZIE-3336 .

> Run test case in local : It shows oozie-hsqldb-orm.xml exception
> 
>
> Key: OOZIE-3447
> URL: https://issues.apache.org/jira/browse/OOZIE-3447
> Project: Oozie
>  Issue Type: Bug
>  Components: tests
>Affects Versions: 5.1.0
>Reporter: duan xiong
>Assignee: duan xiong
>Priority: Major
> Attachments: OOZIE-3447-001.patch
>
>
> {code:java}
> 392 oozie-hsqldb WARN [main] openjpa.Enhance - An exception was thrown while 
> attempting to perform class file transformation on 
> "org/apache/oozie/util/db/ValidateConnectionBean":  nonfatal general error> org.apache.openjpa.util.GeneralException: 
> org.xml.sax.SAXException: 
> file:/D:/IdeaProjects/oozie/core/target/classes/META-INF/oozie-hsqldb-orm.xml 
> [Location: Line: 22, C: 32]: org.xml.sax.SAXParseException; systemId: 
> file:/D:/IdeaProjects/oozie/core/target/classes/META-INF/oozie-hsqldb-orm.xml;
>  lineNumber: 22; columnNumber: 32; cvc-complex-type.3.1: Value '1.0' of 
> attribute 'version' of element 'entity-mappings' is not valid with respect to 
> the corresponding attribute use. Attribute 'version' has a fixed value of 
> '2.0'.
> at 
> org.apache.openjpa.persistence.PersistenceMetaDataFactory.parseXML(PersistenceMetaDataFactory.java:294)
> at 
> org.apache.openjpa.persistence.PersistenceMetaDataFactory.load(PersistenceMetaDataFactory.java:227)
> at 
> org.apache.openjpa.meta.MetaDataRepository.getMetaDataInternal(MetaDataRepository.java:587)
> at 
> org.apache.openjpa.meta.MetaDataRepository.getMetaDataInternal(MetaDataRepository.java:397)
> at 
> org.apache.openjpa.meta.MetaDataRepository.getMetaData(MetaDataRepository.java:389)
> at org.apache.openjpa.enhance.PCEnhancer.(PCEnhancer.java:286)
> at org.apache.openjpa.enhance.PCEnhancer.(PCEnhancer.java:257)
> Caused by: java.io.IOException: org.xml.sax.SAXException: 
> file:oozie-hsqldb-orm.xml [Location: Line: 22, C: 32]: 
> org.xml.sax.SAXParseException; systemId: file:oozie-hsqldb-orm.xml; 
> lineNumber: 22; columnNumber: 32; cvc-complex-type.3.1: Value '1.0' of 
> attribute 'version' of element 'entity-mappings' is not valid with respect to 
> the corresponding attribute use. Attribute 'version' has a fixed value of 
> '2.0'.
> at 
> org.apache.openjpa.lib.meta.XMLMetaDataParser.parseNewResource(XMLMetaDataParser.java:426)
> at 
> org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(XMLMetaDataParser.java:346)
> at 
> org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(XMLMetaDataParser.java:323)
> at 
> org.apache.openjpa.lib.meta.XMLMetaDataParser.parse(XMLMetaDataParser.java:296)
> at 
> org.apache.openjpa.persistence.XMLPersistenceMetaDataParser.parse(XMLPersistenceMetaDataParser.java:406)
> at 
> org.apache.openjpa.persistence.PersistenceMetaDataFactory.parseXML(PersistenceMetaDataFactory.java:292)
> ... 58 more
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3446) Migrate from commons-lang 2.x to commons-lang 3.x

2019-03-08 Thread Andras Salamon (JIRA) 


[ 
https://issues.apache.org/jira/browse/OOZIE-3446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16787729#comment-16787729
 ] 

Andras Salamon commented on OOZIE-3446:
---

Thanks [~nobigo] this patch looks much better, I'll review it next week.

> Migrate from commons-lang 2.x to commons-lang 3.x
> -
>
> Key: OOZIE-3446
> URL: https://issues.apache.org/jira/browse/OOZIE-3446
> Project: Oozie
>  Issue Type: Improvement
>Affects Versions: trunk
>Reporter: Andras Salamon
>Assignee: duan xiong
>Priority: Major
> Attachments: OOZIE-3446-001.patch, OOZIE-3446-002.patch
>
>
> Currently Oozie uses both commons-lang 2.x ({{2.4}}) and 3.x ({{3.3.2}}).
> Versions {{2.4}} was released in 2008, {{2.6}} (latest 2.x) was released in 
> 2011. 
> Although it is possible to use both versions at the same time I think it's 
> time to migrate from the legacy 2.x line and use only 3.x (at least directly).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Review Request 70155: OOZIE-3312 Add support for HSTS

2019-03-08 Thread Andras Salamon 

---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/70155/#review213549
---




core/src/main/resources/oozie-default.xml
Lines 2785 (patched)


I'd add the unit to the name as suggested by OOZIE-2759



core/src/main/resources/oozie-default.xml
Lines 2788 (patched)


Please add the unit (seconds?) to the description.



server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
Lines 53 (patched)


Please add the unit to the variable name.



server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
Line 147 (original), 151 (patched)


Thanks for the Seconds postfix.



server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java
Lines 152 (patched)


Could we extract true and false to meaningful variables?



server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java
Lines 173 (patched)


Hitchhikers reference.



server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java
Lines 176 (patched)


Isn't it 

message, expected, actual

order?


- Andras Salamon


On March 7, 2019, 3:31 p.m., Kinga Marton wrote:
> 
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/70155/
> ---
> 
> (Updated March 7, 2019, 3:31 p.m.)
> 
> 
> Review request for oozie and Andras Salamon.
> 
> 
> Repository: oozie-git
> 
> 
> Description
> ---
> 
> As a security best practice we should add support for HSTS via oozie-site.xml 
> in case of embedded Jetty.
> https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet
> http://www.eclipse.org/jetty/documentation/9.3.x/embedded-examples.html - 
> this page is not available anymore
> 
> https://www.eclipse.org/jetty/documentation/9.4.15.v20190215/embedded-examples.html
> 
>  
> 
> Maybe we should even make it enabled by default when SSL is configured.
> 
> 
> Diffs
> -
> 
>   core/src/main/resources/oozie-default.xml c7f2becaa 
>   docs/src/site/markdown/AG_Install.md 270b98fb0 
>   server/src/main/java/org/apache/oozie/server/SSLServerConnectorFactory.java 
> 466cefc2e 
>   
> server/src/test/java/org/apache/oozie/server/TestSSLServerConnectorFactory.java
>  f926a0910 
> 
> 
> Diff: https://reviews.apache.org/r/70155/diff/1/
> 
> 
> Testing
> ---
> 
> Junit + manually tested
> 
> 
> Thanks,
> 
> Kinga Marton
> 
>