K0K0V0K opened a new pull request, #8273: URL: https://github.com/apache/hadoop/pull/8273
### Description of PR YARN web proxy not forwards hadoop-jwt token. So if we - have a YARN application (lets say spark) - and we check the RM UI2 via KNOX proxy - and we click the ApplicationMaster link on the application page of the spark app The browser will be forwarded to the SparkAM ui for example: /gateway/cdp-proxy/yarnuiv2/proxy/application_1771935206205_0001/ SparkAM wont receive the hadoop-jwt cookie, so will ask user to login. Instead of this if we can pass the jwt cookie for the AM so the user can see the AM UI after login state, and wont need to login again. Security NOTE: If user clicks on a non trusted application AM UI then the jwt token may leak, but i dont think that is a valid case that non trusted application is running on a cluster. ### How was this patch tested? Manually created a cluster with spark and knox, and checked the token will be forwarded. UT was created. ### For code changes: - [ ] Does the title or this PR starts with the corresponding JIRA issue id (e.g. 'HADOOP-17799. Your PR title ...')? - [ ] Object storage: have the integration tests been executed and the endpoint declared according to the connector-specific documentation? - [ ] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)? - [ ] If applicable, have you updated the `LICENSE`, `LICENSE-binary`, `NOTICE-binary` files? ### AI Tooling No AI was used. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
