Details

    • Hadoop Flags:
      Reviewed
    • Release Note:
      Hide
      Adds job-level authorization to servlets(other than history related servlets) for accessing job related info. Deprecates mapreduce.jobtracker.permissions.supergroup and adds the config mapreduce.cluster.permissions.supergroup at cluster level sothat it will be used by TaskTracker also. Authorization checks are done if authentication is succeeded and mapreduce.cluster.job-authorization-enabled is set to true.
      Show
      Adds job-level authorization to servlets(other than history related servlets) for accessing job related info. Deprecates mapreduce.jobtracker.permissions.supergroup and adds the config mapreduce.cluster.permissions.supergroup at cluster level sothat it will be used by TaskTracker also. Authorization checks are done if authentication is succeeded and mapreduce.cluster.job-authorization-enabled is set to true.

      Description

      This jira is about building the authorization for servlets (on top of MAPREDUCE-1307). That is, the JobTracker/TaskTracker runs authorization checks on web requests based on the configured job permissions. For e.g., if the job permission is 600, then no one except the authenticated user can look at the job details via the browser. The authenticated user in the servlet can be obtained using the HttpServletRequest method.

      1. 1455.v4.patch
        110 kB
        Ravi Gummadi
      2. 1455.v4.2.patch
        110 kB
        Ravi Gummadi
      3. 1455.v4.1.patch
        108 kB
        Ravi Gummadi
      4. 1455.v3.patch
        104 kB
        Ravi Gummadi
      5. 1455.v2.patch
        81 kB
        Ravi Gummadi
      6. 1455.v1.patch
        76 kB
        Ravi Gummadi
      7. 1455.patch
        69 kB
        Ravi Gummadi
      8. 1455.20S.2.patch
        106 kB
        Ravi Gummadi
      9. 1455.20S.2.fix1.patch
        11 kB
        Ravi Gummadi
      10. 1455.20S.2.fix.patch
        0.7 kB
        Ravi Gummadi

        Issue Links

          Activity

          Devaraj Das created issue -
          Devaraj Das made changes -
          Field Original Value New Value
          Description This jira is about building the authorization for servlets (on top of MAPREDUCE-1307). That is, the JobTracker/TaskTracker runs authorization checks on web requests based on the configured job permissions. For e.g., if the job permission is 600, then no one except the user can look at the job details via the browser. The authenticated user in the servlet can be obtained using the HttpServletRequest method. This jira is about building the authorization for servlets (on top of MAPREDUCE-1307). That is, the JobTracker/TaskTracker runs authorization checks on web requests based on the configured job permissions. For e.g., if the job permission is 600, then no one except the authenticated user can look at the job details via the browser. The authenticated user in the servlet can be obtained using the HttpServletRequest method.
          Vinod Kumar Vavilapalli made changes -
          Parent MAPREDUCE-563 [ 12428534 ]
          Issue Type New Feature [ 2 ] Sub-task [ 7 ]
          Vinod Kumar Vavilapalli made changes -
          Link This issue is related to MAPREDUCE-1307 [ MAPREDUCE-1307 ]
          Ravi Gummadi made changes -
          Assignee Ravi Gummadi [ ravidotg ]
          Vinod Kumar Vavilapalli made changes -
          Link This issue is blocked by MAPREDUCE-1307 [ MAPREDUCE-1307 ]
          Vinod Kumar Vavilapalli made changes -
          Component/s jobtracker [ 12312907 ]
          Component/s security [ 12313041 ]
          Component/s tasktracker [ 12312906 ]
          Vinod Kumar Vavilapalli made changes -
          Link This issue is related to HADOOP-6568 [ HADOOP-6568 ]
          Ravi Gummadi made changes -
          Attachment 1455.patch [ 12436117 ]
          Ravi Gummadi made changes -
          Attachment 1455.v1.patch [ 12436335 ]
          Vinod Kumar Vavilapalli made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Ravi Gummadi made changes -
          Attachment 1455.v2.patch [ 12436568 ]
          Ravi Gummadi made changes -
          Status Patch Available [ 10002 ] Open [ 1 ]
          Ravi Gummadi made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Ravi Gummadi made changes -
          Status Patch Available [ 10002 ] Open [ 1 ]
          Ravi Gummadi made changes -
          Attachment 1455.v3.patch [ 12436917 ]
          Ravi Gummadi made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Ravi Gummadi made changes -
          Status Patch Available [ 10002 ] Open [ 1 ]
          Ravi Gummadi made changes -
          Attachment 1455.v4.patch [ 12437135 ]
          Ravi Gummadi made changes -
          Attachment 1455.v4.1.patch [ 12437153 ]
          Vinod Kumar Vavilapalli made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Vinod Kumar Vavilapalli made changes -
          Link This issue blocks MAPREDUCE-1493 [ MAPREDUCE-1493 ]
          Ravi Gummadi made changes -
          Status Patch Available [ 10002 ] Open [ 1 ]
          Ravi Gummadi made changes -
          Attachment 1455.20S.2.patch [ 12437322 ]
          Ravi Gummadi made changes -
          Attachment 1455.20S.2.fix.patch [ 12437379 ]
          Ravi Gummadi made changes -
          Attachment 1455.v4.2.patch [ 12437469 ]
          Vinod Kumar Vavilapalli made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Vinod Kumar Vavilapalli made changes -
          Hadoop Flags [Reviewed]
          Vinod Kumar Vavilapalli made changes -
          Status Patch Available [ 10002 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Ravi Gummadi made changes -
          Attachment 1455.20S.2.fix1.patch [ 12437983 ]
          Ravi Gummadi made changes -
          Release Note Adds job-level authorization to servlets(other than history related servlets) for accessing job related info. Deprecates mapreduce.jobtracker.permissions.supergroup and adds the config mapreduce.cluster.permissions.supergroup at cluster level sothat it will be used by TaskTracker also. Authorization checks are done if authentication is succeeded and mapreduce.cluster.job-authorization-enabled is set to true.
          Tom White made changes -
          Fix Version/s 0.21.0 [ 12314045 ]
          Fix Version/s 0.22.0 [ 12314184 ]
          Tom White made changes -
          Status Resolved [ 5 ] Closed [ 6 ]

            People

            • Assignee:
              Ravi Gummadi
              Reporter:
              Devaraj Das
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development