You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by "Russell Spitzer (JIRA)" <ji...@apache.org> on 2019/04/29 14:51:00 UTC

[jira] [Created] (ZEPPELIN-4136) Class Cast Exception with Spark Implementations that Backported SparkR Security Fix

Russell Spitzer created ZEPPELIN-4136:
-----------------------------------------

             Summary: Class Cast Exception with Spark Implementations that Backported SparkR Security Fix
                 Key: ZEPPELIN-4136
                 URL: https://issues.apache.org/jira/browse/ZEPPELIN-4136
             Project: Zeppelin
          Issue Type: Bug
          Components: security, spark
    Affects Versions: 0.8.1
            Reporter: Russell Spitzer


Zeppelin uses a version check to determine the return type of the SparkR channel 

https://github.com/apache/zeppelin/blob/8e6974fdc33e834bc01a5ee594e2cfca4ff3045f/spark/interpreter/src/main/java/org/apache/zeppelin/spark/SparkVersion.java#L92-L97

and

https://github.com/apache/zeppelin/blob/735064fdc57ae958fabae85b399bb5af3cb79144/spark/interpreter/src/main/scala/org/apache/spark/SparkRBackend.scala#L34-L44

Datastax Enterprise build of Spark includes this security fix in 2.2.2.X, but since Zeppelin doesn't have knowledge of this (for obvious reasons) it attempts to connect without the secret. While I know this isn't an issue for everyone I think we could fix this issue by attempting to match on return type and then we could remove the version check portion of the code. This may end up looking a bit cleaner too although that may just be my opinion



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)