You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-issues@hadoop.apache.org by "Zhijie Shen (JIRA)" <ji...@apache.org> on 2014/07/17 17:19:04 UTC

[jira] [Created] (YARN-2310) Revisit the APIs in RM web services where user information can make difference

Zhijie Shen created YARN-2310:
---------------------------------

             Summary: Revisit the APIs in RM web services where user information can make difference
                 Key: YARN-2310
                 URL: https://issues.apache.org/jira/browse/YARN-2310
             Project: Hadoop YARN
          Issue Type: Bug
          Components: resourcemanager, webapp
    Affects Versions: 3.0.0, 2.5.0
            Reporter: Zhijie Shen


After YARN-2247, RM web services can be sheltered by the authentication filter, which can help to identify who the user is. With this information, we should be able to fix the security problem of some existing APIs, such as getApp, getAppAttempts, getApps. We should use the user information to check the ACLs before returning the requested data to the user.



--
This message was sent by Atlassian JIRA
(v6.2#6252)