hadoop-yarn-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sunil Govindan (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (YARN-7882) Server side proxy for UI2 log viewer
Date Sat, 17 Nov 2018 03:23:15 GMT

     [ https://issues.apache.org/jira/browse/YARN-7882?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sunil Govindan updated YARN-7882:
---------------------------------
    Target Version/s: 3.3.0  (was: 3.2.0)

Bulk update: moved all 3.2.0 non-blocker issues, please move back if it is a blocker.

> Server side proxy for UI2 log viewer
> ------------------------------------
>
>                 Key: YARN-7882
>                 URL: https://issues.apache.org/jira/browse/YARN-7882
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: security, timelineserver, yarn-ui-v2
>    Affects Versions: 3.0.0
>            Reporter: Eric Yang
>            Priority: Major
>
> When viewing container logs in UI2, the log files are directly fetched through timeline
server 2.  Hadoop in simple security mode does not have authenticator to make sure the user
is authorized to view the log.  The general practice is to use knox or other security proxy
to authenticate the user and reserve proxy the request to Hadoop UI to ensure the information
does not leak through anonymous user.  The current implementation of UI2 log viewer uses ajax
code to timeline server 2.  This could prevent knox or reverse proxy software from working
properly with the new design.  It would be good to perform server side proxy to prevent browser
from side step the authentication check.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org


Mime
View raw message