diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java index e82dc158af1..4e4e3c299d2 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java @@ -135,6 +135,32 @@ public ApplicationReport run() throws Exception { setTitle(join("Application ", aid)); + // Validate if able to read application attempts + // which should also validate if kill is allowed for the user based on ACLs + Collection attempts; + try { + final GetApplicationAttemptsRequest request = + GetApplicationAttemptsRequest.newInstance(appID); + if (callerUGI == null) { + attempts = getApplicationAttemptsReport(request); + } else { + attempts = callerUGI.doAs( + new PrivilegedExceptionAction>() { + @Override + public Collection run() + throws Exception { + return getApplicationAttemptsReport(request); + } + }); + } + } catch (Exception e) { + String message = + "Failed to read the attempts of the application " + appID + "."; + LOG.error(message, e); + html.p()._(message)._(); + return; + } + // YARN-6890. for secured cluster allow anonymous UI access, application kill // shouldn't be there. boolean unsecuredUIForSecuredCluster = UserGroupInformation.isSecurityEnabled() @@ -241,30 +267,6 @@ public ApplicationReport run() throws Exception { app.getAmNodeLabelExpression() == null ? "" : app.getAmNodeLabelExpression()); - Collection attempts; - try { - final GetApplicationAttemptsRequest request = - GetApplicationAttemptsRequest.newInstance(appID); - if (callerUGI == null) { - attempts = getApplicationAttemptsReport(request); - } else { - attempts = callerUGI.doAs( - new PrivilegedExceptionAction>() { - @Override - public Collection run() - throws Exception { - return getApplicationAttemptsReport(request); - } - }); - } - } catch (Exception e) { - String message = - "Failed to read the attempts of the application " + appID + "."; - LOG.error(message, e); - html.p()._(message)._(); - return; - } - createApplicationMetricsTable(html); html._(InfoBlock.class);