hadoop-yarn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zhijie Shen (JIRA)" <j...@apache.org>
Subject [jira] [Created] (YARN-2310) Revisit the APIs in RM web services where user information can make difference
Date Thu, 17 Jul 2014 15:19:04 GMT
Zhijie Shen created YARN-2310:
---------------------------------

             Summary: Revisit the APIs in RM web services where user information can make
difference
                 Key: YARN-2310
                 URL: https://issues.apache.org/jira/browse/YARN-2310
             Project: Hadoop YARN
          Issue Type: Bug
          Components: resourcemanager, webapp
    Affects Versions: 3.0.0, 2.5.0
            Reporter: Zhijie Shen


After YARN-2247, RM web services can be sheltered by the authentication filter, which can
help to identify who the user is. With this information, we should be able to fix the security
problem of some existing APIs, such as getApp, getAppAttempts, getApps. We should use the
user information to check the ACLs before returning the requested data to the user.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message