Github user vanzin commented on a diff in the pull request:
https://github.com/apache/spark/pull/5664#discussion_r29176961
--- Diff: docs/security.md ---
@@ -11,12 +11,83 @@ Spark currently supports authentication via a shared
secret. Authentication can
## Web UI
-The Spark UI can also be secured by using [javax servlet
filters](http://docs.oracle.com/javaee/6/api/javax/servlet/Filter.html) via the
`spark.ui.filters` setting. A user may want to secure the UI if it has data
that other users should not be allowed to see. The javax servlet filter
specified by the user can authenticate the user and then once the user is
logged in, Spark can compare that user versus the view ACLs to make sure they
are authorized to view the UI. The configs `spark.acls.enable` and
`spark.ui.view.acls` control the behavior of the ACLs. Note that the user who
started the application always has view access to the UI. On YARN, the Spark
UI uses the standard YARN web application proxy mechanism and will authenticate
via any installed Hadoop filters.
+The Spark UI can be secured by using [javax servlet
filters](http://docs.oracle.com/javaee/6/api/javax/servlet/Filter.html) via the
`spark.ui.filters` setting and by using [Jetty
https/SSL](http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html)
via the `spark.ui.https.enabled` setting.
--- End diff --
Could you break these long lines? I know the existing docs don't do that,
but we should get in the habit of doing that. Long lines suck.
Also, I'm not sure it's useful to link to the Jetty documentation here (of
even mention Jetty at all). Spark has its own SSL configuration and looking at
the Jetty docs does not really help someone trying to configure Spark.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
