hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vijay Srinivasaraghavan (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-5712) WebAppProxyServlet is not passing the Authorization Header
Date Wed, 05 Oct 2016 22:33:20 GMT
Vijay Srinivasaraghavan created YARN-5712:
---------------------------------------------

             Summary: WebAppProxyServlet is not passing the Authorization Header
                 Key: YARN-5712
                 URL: https://issues.apache.org/jira/browse/YARN-5712
             Project: Hadoop YARN
          Issue Type: Bug
          Components: webapp, yarn
            Reporter: Vijay Srinivasaraghavan


Scenario:

1) Deployed custom web application as Yarn application

2) Custom web application URL is exposed as the tracking URL

3) When user clicks the application link (Tracking URL) from Yarn RM UI, Yarn web proxy forwards
the request to custom web application URL

4) Custom web app is handling basic AUTH and it expects Authorization header to allow user
from moving forward. If authorization header is missing, then it will prompt the user to enter
user ID and password (standard HTTP basic auth)

5) Yarn web proxy is not forwarding the Authorization header back to the custom web app (and
hence the custom web app always prompts user for the credentials)

Yarn web proxy currently supports few set of pass through headers while forwarding the request
to the tracking URL of the container application (runtime web application deployed through
Yarn)

https://github.com/apache/hadoop/blob/2e1d0ff4e901b8313c8d71869735b94ed8bc40a0/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java#L80

The runtime web application is expecting "Authorization" header to perform basic HTTP authentication
but the Yarn proxy is not forwarding the header.

I understand the security reason behind why limited headers are exposed, but in situations
where additional headers need to be propogated, there should be an option to include them.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message