You are viewing a plain text version of this content. The canonical link for it is here.

Posted to yarn-dev@hadoop.apache.org by "Vijay Srinivasaraghavan (JIRA)" <ji...@apache.org> on 2016/10/05 22:33:20 UTC

[jira] [Created] (YARN-5712) WebAppProxyServlet is not passing the Authorization Header

Vijay Srinivasaraghavan created YARN-5712:
---------------------------------------------

             Summary: WebAppProxyServlet is not passing the Authorization Header
                 Key: YARN-5712
                 URL: https://issues.apache.org/jira/browse/YARN-5712
             Project: Hadoop YARN
          Issue Type: Bug
          Components: webapp, yarn
            Reporter: Vijay Srinivasaraghavan


Scenario:

1) Deployed custom web application as Yarn application

2) Custom web application URL is exposed as the tracking URL

3) When user clicks the application link (Tracking URL) from Yarn RM UI, Yarn web proxy forwards the request to custom web application URL

4) Custom web app is handling basic AUTH and it expects Authorization header to allow user from moving forward. If authorization header is missing, then it will prompt the user to enter user ID and password (standard HTTP basic auth)

5) Yarn web proxy is not forwarding the Authorization header back to the custom web app (and hence the custom web app always prompts user for the credentials)

Yarn web proxy currently supports few set of pass through headers while forwarding the request to the tracking URL of the container application (runtime web application deployed through Yarn)

https://github.com/apache/hadoop/blob/2e1d0ff4e901b8313c8d71869735b94ed8bc40a0/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java#L80

The runtime web application is expecting "Authorization" header to perform basic HTTP authentication but the Yarn proxy is not forwarding the header.

I understand the security reason behind why limited headers are exposed, but in situations where additional headers need to be propogated, there should be an option to include them.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-dev-help@hadoop.apache.org