hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jonathan Maron (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-4737) Use CSRF Filter in YARN
Date Wed, 02 Mar 2016 14:44:18 GMT

    [ https://issues.apache.org/jira/browse/YARN-4737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15175697#comment-15175697
] 

Jonathan Maron commented on YARN-4737:
--------------------------------------

1)  Will do
2)  will perform renaming.  As for the ATS - the only three web apps instances I identified
that have an authentication mechanism enabled were the three I modified.  Is the ATS leveraging
another auth mechanism (or not using WebApps to construct the endpoint)?
3)  The CSRF protection doesn't make sense in the context of not auth mechanism, and the only
auth mechanism I see enabled with WebApps in SPNEGO?  Is there another auth mechanism that
can be enabled independent of API calls to WebApps.Builder?

> Use CSRF Filter in YARN
> -----------------------
>
>                 Key: YARN-4737
>                 URL: https://issues.apache.org/jira/browse/YARN-4737
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager, resourcemanager, webapp
>            Reporter: Jonathan Maron
>            Assignee: Jonathan Maron
>         Attachments: YARN-4737.001.patch
>
>
> A CSRF filter was added to hadoop common (https://issues.apache.org/jira/browse/HADOOP-12691).
 The aim of this JIRA is to come up with a mechanism to integrate this filter into the webapps
for which it is applicable (web apps that may establish an authenticated identity).  That
includes the RM, NM, and mapreduce jobhistory web app.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message