[YARN-6989] Ensure timeline service v2 codebase gets UGI from HttpServletRequest in a consistent way - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.10.0, 3.0.4, 3.1.2, 3.2.1
Component/s: timelineserver
Labels:
None

Hadoop Flags:

Reviewed

Description

As noticed during discussions in ~~YARN-6820~~, the webservices in timeline service v2 get the UGI created from the user obtained by invoking getRemoteUser on the HttpServletRequest .

It will be good to use getUserPrincipal instead of invoking getRemoteUser on the HttpServletRequest.

Filing jira to update the code.

Per Java EE documentations for 6 and 7, the behavior around getRemoteUser and getUserPrincipal is listed at:

http://docs.oracle.com/javaee/6/tutorial/doc/gjiie.html#bncba
https://docs.oracle.com/javaee/7/tutorial/security-webtier003.htm

getRemoteUser, which determines the user name with which the client authenticated. The getRemoteUser method returns the name of the remote user (the caller) associated by the container with the request. If no user has been authenticated, this method returns null.

getUserPrincipal, which determines the principal name of the current user and returns a java.security.Principal object. If no user has been authenticated, this method returns null. Calling the getName method on the Principal returned by getUserPrincipal returns the name of the remote user.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

YARN-6989.001.patch
30/Sep/18 10:17
2 kB
Abhishek Modi
YARN-6989.002.patch
01/Oct/18 18:26
3 kB
Abhishek Modi

Issue Links

is related to

YARN-6820 Restrict read access to timelineservice v2 data

Resolved

Activity

People

Assignee:: Abhishek Modi

Reporter:: Vrushali C

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 10/Aug/17 22:06

Updated:: 05/Nov/18 18:20

Resolved:: 10/Oct/18 22:27