You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Zhijie Shen (JIRA)" <ji...@apache.org> on 2014/07/17 17:19:04 UTC
[jira] [Created] (YARN-2310) Revisit the APIs in RM web services
where user information can make difference
Zhijie Shen created YARN-2310:
---------------------------------
Summary: Revisit the APIs in RM web services where user information can make difference
Key: YARN-2310
URL: https://issues.apache.org/jira/browse/YARN-2310
Project: Hadoop YARN
Issue Type: Bug
Components: resourcemanager, webapp
Affects Versions: 3.0.0, 2.5.0
Reporter: Zhijie Shen
After YARN-2247, RM web services can be sheltered by the authentication filter, which can help to identify who the user is. With this information, we should be able to fix the security problem of some existing APIs, such as getApp, getAppAttempts, getApps. We should use the user information to check the ACLs before returning the requested data to the user.
--
This message was sent by Atlassian JIRA
(v6.2#6252)