Return-Path: 
 <yarn-issues-return-80902-apmail-hadoop-yarn-issues-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-yarn-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id AD78118485
	for <apmail-hadoop-yarn-issues-archive@minotaur.apache.org>;
 Wed,  2 Mar 2016 14:44:19 +0000 (UTC)
Received: (qmail 64918 invoked by uid 500); 2 Mar 2016 14:44:18 -0000
Delivered-To: apmail-hadoop-yarn-issues-archive@hadoop.apache.org
Received: (qmail 64855 invoked by uid 500); 2 Mar 2016 14:44:18 -0000
Mailing-List: contact yarn-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:yarn-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:yarn-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:yarn-issues@hadoop.apache.org>
List-Id: <yarn-issues.hadoop.apache.org>
Reply-To: yarn-issues@hadoop.apache.org
Delivered-To: mailing list yarn-issues@hadoop.apache.org
Received: (qmail 64441 invoked by uid 99); 2 Mar 2016 14:44:18 -0000
Received: from arcas.apache.org (HELO arcas) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Mar 2016 14:44:18 +0000
Received: from arcas.apache.org (localhost [127.0.0.1])
	by arcas (Postfix) with ESMTP id 37E5C2C1F6E
	for <yarn-issues@hadoop.apache.org>; Wed,  2 Mar 2016 14:44:18 +0000 (UTC)
Date: Wed, 2 Mar 2016 14:44:18 +0000 (UTC)
From: "Jonathan Maron (JIRA)" <jira@apache.org>
To: yarn-issues@hadoop.apache.org
Message-ID: <JIRA.12944675.1456437135000.194732.1456929858226@Atlassian.JIRA>
In-Reply-To: <JIRA.12944675.1456437135000@Atlassian.JIRA>
References: <JIRA.12944675.1456437135000@Atlassian.JIRA>
 <JIRA.12944675.1456437135513@arcas>
Subject: [jira] [Commented] (YARN-4737) Use CSRF Filter in YARN
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/YARN-4737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15175697#comment-15175697 ] 

Jonathan Maron commented on YARN-4737:
--------------------------------------

1)  Will do
2)  will perform renaming.  As for the ATS - the only three web apps instances I identified that have an authentication mechanism enabled were the three I modified.  Is the ATS leveraging another auth mechanism (or not using WebApps to construct the endpoint)?
3)  The CSRF protection doesn't make sense in the context of not auth mechanism, and the only auth mechanism I see enabled with WebApps in SPNEGO?  Is there another auth mechanism that can be enabled independent of API calls to WebApps.Builder?

> Use CSRF Filter in YARN
> -----------------------
>
>                 Key: YARN-4737
>                 URL: https://issues.apache.org/jira/browse/YARN-4737
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: nodemanager, resourcemanager, webapp
>            Reporter: Jonathan Maron
>            Assignee: Jonathan Maron
>         Attachments: YARN-4737.001.patch
>
>
> A CSRF filter was added to hadoop common (https://issues.apache.org/jira/browse/HADOOP-12691).  The aim of this JIRA is to come up with a mechanism to integrate this filter into the webapps for which it is applicable (web apps that may establish an authenticated identity).  That includes the RM, NM, and mapreduce jobhistory web app.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)