hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vrushali C (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (YARN-6989) Ensure timeline service v2 codebase gets UGI from HttpServletRequest in a consistent way
Date Mon, 01 Oct 2018 18:11:00 GMT

    [ https://issues.apache.org/jira/browse/YARN-6989?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16634419#comment-16634419
] 

Vrushali C commented on YARN-6989:
----------------------------------

Hmm, So now getUser is now changing to always return the principal user, earlier it was always
returning remoteUser. So the function is changing. Was the getUser used anywhere else in the
code? 

Also, is getCallerUserGroupInformation used anywhere else in the code? If not, we can perhaps
remove the remote user related code and always return principal user? What do you think  

> Ensure timeline service v2 codebase gets UGI from HttpServletRequest in a consistent
way
> ----------------------------------------------------------------------------------------
>
>                 Key: YARN-6989
>                 URL: https://issues.apache.org/jira/browse/YARN-6989
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Vrushali C
>            Assignee: Abhishek Modi
>            Priority: Major
>         Attachments: YARN-6989.001.patch
>
>
> As noticed during discussions in YARN-6820, the webservices in timeline service v2 get
the UGI created from the user obtained by invoking getRemoteUser on the HttpServletRequest
. 
> It will be good to use getUserPrincipal instead of invoking getRemoteUser on the HttpServletRequest.

> Filing jira to update the code. 
> Per Java EE documentations for 6 and 7, the behavior around getRemoteUser and getUserPrincipal
is listed at:
> http://docs.oracle.com/javaee/6/tutorial/doc/gjiie.html#bncba
> https://docs.oracle.com/javaee/7/tutorial/security-webtier003.htm
> {code}
> getRemoteUser, which determines the user name with which the client authenticated. The
getRemoteUser method returns the name of the remote user (the caller) associated by the container
with the request. If no user has been authenticated, this method returns null.
> getUserPrincipal, which determines the principal name of the current user and returns
a java.security.Principal object. If no user has been authenticated, this method returns null.
Calling the getName method on the Principal returned by getUserPrincipal returns the name
of the remote user.
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message