From ea58e2851d9e68d98b16c104e50a7929dc9e6c9c Mon Sep 17 00:00:00 2001 From: Sunil G Date: Fri, 25 May 2018 20:04:18 +0530 Subject: [PATCH] YARN-8197 --- .../hadoop/yarn/server/webproxy/amfilter/AmIpFilter.java | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/amfilter/AmIpFilter.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/amfilter/AmIpFilter.java index bd425a72902..7f11b247a22 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/amfilter/AmIpFilter.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/amfilter/AmIpFilter.java @@ -20,6 +20,7 @@ import com.google.common.annotations.VisibleForTesting; import org.apache.hadoop.classification.InterfaceAudience.Public; +import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.util.Time; import org.apache.hadoop.yarn.server.webproxy.ProxyUtils; import org.apache.hadoop.yarn.server.webproxy.WebAppProxyServlet; @@ -219,10 +220,17 @@ public String findRedirectUrl() throws ServletException { private boolean isValidUrl(String url) { boolean isValid = false; try { - HttpURLConnection conn = - (HttpURLConnection) new URL(url).openConnection(); + HttpURLConnection conn = (HttpURLConnection) new URL(url) + .openConnection(); conn.connect(); isValid = conn.getResponseCode() == HttpURLConnection.HTTP_OK; + + // If security is enabled, any valid RM which can give 401 Unauthorized is + // good enough to access. Since AM doesn't have enough credential, auth + // cannot be completed and hence 401 is fine in such case. + if (!isValid && UserGroupInformation.isSecurityEnabled()) { + isValid = conn.getResponseCode() == HttpURLConnection.HTTP_UNAUTHORIZED; + } } catch (Exception e) { LOG.debug("Failed to connect to " + url + ": " + e.toString()); } -- 2.14.3 (Apple Git-98)