[jira] [Commented] (FLINK-4637) Address Yarn proxy incompatibility with Flink Web UI when service level authorization is enabled

Vijay Srinivasaraghavan (JIRA) Thu, 06 Oct 2016 10:52:58 -0700

    [ 
https://issues.apache.org/jira/browse/FLINK-4637?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15552657#comment-15552657
 ]


Vijay Srinivasaraghavan commented on FLINK-4637:
------------------------------------------------

Yarn WebAppProxyServlet code passes only few limited HTTP headers in the 
request object while redirecting request from Yarn RM UI to appropriate 
Tracking URL (Flink Web App).  Since the "Authentication" header is not part of 
the pre-configured/hardcoded pass through list, navigating Flink UI from Yarn 
RM UI will not work when secure cookie is enabled. 

https://github.com/apache/hadoop/blob/2e1d0ff4e901b8313c8d71869735b94ed8bc40a0/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java#L79

I have also tried adding few response headers (CORS support) upon finding 
missing Authentication header but I am not able to get it work (may be someone 
with AngularJS experience could give it a try). It appears that the support to 
include Authentication header should be handled at the Yarn proxy code. I have 
created a bug (YARN-5712) for someone from Yarn team to respond any alternate 
options.

> Address Yarn proxy incompatibility with Flink Web UI when service level 
> authorization is enabled
> ------------------------------------------------------------------------------------------------
>
>                 Key: FLINK-4637
>                 URL: https://issues.apache.org/jira/browse/FLINK-4637
>             Project: Flink
>          Issue Type: Task
>            Reporter: Vijay Srinivasaraghavan
>            Assignee: Vijay Srinivasaraghavan
>
> When service level authorization is enabled (FLINK-3930), the tracking URL 
> (Yarn RM Proxy) is not forwarding the secure cookie and as a result, the 
> Flink Web UI cannot be accessed through the proxy layer. Current workaround 
> is to use the direct Flink Web URL instead of navigating through proxy. This 
> JIRA should address the Yarn proxy/secure cookie navigation issue. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (FLINK-4637) Address Yarn proxy incompatibility with Flink Web UI when service level authorization is enabled

Reply via email to