[
https://issues.apache.org/jira/browse/MAPREDUCE-3878?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13214058#comment-13214058
]
Jonathan Eagles commented on MAPREDUCE-3878:
--------------------------------------------
Manual test performed on patch.
Setup
Job in history server with owner and user1 only view access.
Test 1
Filter provides owner user on /jobhistory/job/*
Verified Page is correctly displayed
Test 2
Filter provides user1 user on /jobhistory/job/*
Verified Page is correctly displayed
Test 3
Filter provides user2 user on /jobhistory/job/*
Verified Page displays access denied
Test 4
Filter provides null user on /jobhistory/job/*
Verified Page is correctly displayed
> Null user on filtered jobhistory job page
> -----------------------------------------
>
> Key: MAPREDUCE-3878
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-3878
> Project: Hadoop Map/Reduce
> Issue Type: Bug
> Components: mrv2
> Affects Versions: 0.23.1
> Reporter: Jonathan Eagles
> Assignee: Jonathan Eagles
> Priority: Critical
> Attachments: MAPREDUCE-3878.patch
>
>
> If jobhistory/job.* is filtered to bypass acl, resulting page will always
> show Null user. This differs from 0.20 where filtering on this page, bypasses
> security to allow all access to the page. essentially passes a null user to
> AppController where an exception is thrown. If a null user is detected, we
> should acl checking is disabled on this page.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
