hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Yang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-7882) Server side proxy for UI2 log viewer
Date Fri, 02 Feb 2018 19:52:00 GMT
Eric Yang created YARN-7882:

             Summary: Server side proxy for UI2 log viewer
                 Key: YARN-7882
                 URL: https://issues.apache.org/jira/browse/YARN-7882
             Project: Hadoop YARN
          Issue Type: Bug
          Components: security, timelineserver, yarn-ui-v2
    Affects Versions: 3.0.0
            Reporter: Eric Yang

When viewing container logs in UI2, the log files are directly fetched through timeline server
2.  Hadoop in simple security mode does not have authenticator to make sure the user is authorized
to view the log.  The general practice is to use knox or other security proxy to authenticate
the user and reserve proxy the request to Hadoop UI to ensure the information does not leak
through anonymous user.  The current implementation of UI2 log viewer uses ajax code to timeline
server 2.  This could prevent knox or reverse proxy software from working properly with the
new design.  It would be good to perform server side proxy to prevent browser from side step
the authentication check.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org

View raw message