Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.5.0, 3.0.0-alpha1
-
None
-
None
Description
After YARN-2247, RM web services can be sheltered by the authentication filter, which can help to identify who the user is. With this information, we should be able to fix the security problem of some existing APIs, such as getApp, getAppAttempts, getApps. We should use the user information to check the ACLs before returning the requested data to the user.
Attachments
Issue Links
- is related to
-
YARN-2311 Revisit RM web pages where user information may make difference.
- Resolved