You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zeppelin.apache.org by "Russell Spitzer (JIRA)" <ji...@apache.org> on 2019/04/29 14:51:00 UTC
[jira] [Created] (ZEPPELIN-4136) Class Cast Exception with Spark
Implementations that Backported SparkR Security Fix
Russell Spitzer created ZEPPELIN-4136:
-----------------------------------------
Summary: Class Cast Exception with Spark Implementations that Backported SparkR Security Fix
Key: ZEPPELIN-4136
URL: https://issues.apache.org/jira/browse/ZEPPELIN-4136
Project: Zeppelin
Issue Type: Bug
Components: security, spark
Affects Versions: 0.8.1
Reporter: Russell Spitzer
Zeppelin uses a version check to determine the return type of the SparkR channel
https://github.com/apache/zeppelin/blob/8e6974fdc33e834bc01a5ee594e2cfca4ff3045f/spark/interpreter/src/main/java/org/apache/zeppelin/spark/SparkVersion.java#L92-L97
and
https://github.com/apache/zeppelin/blob/735064fdc57ae958fabae85b399bb5af3cb79144/spark/interpreter/src/main/scala/org/apache/spark/SparkRBackend.scala#L34-L44
Datastax Enterprise build of Spark includes this security fix in 2.2.2.X, but since Zeppelin doesn't have knowledge of this (for obvious reasons) it attempts to connect without the secret. While I know this isn't an issue for everyone I think we could fix this issue by attempting to match on return type and then we could remove the version check portion of the code. This may end up looking a bit cleaner too although that may just be my opinion
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)