YARN-6890. Not display killApp button on UI if UI is unsecured but cluster is secured. Contributed by Junping Du
Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/acf9bd8b Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/acf9bd8b Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/acf9bd8b Branch: refs/heads/HADOOP-13345 Commit: acf9bd8b1d87b9c46821ecf0461d8dcd0a6ec6d6 Parents: 47b145b Author: Jian He <jia...@apache.org> Authored: Tue Aug 8 11:09:38 2017 -0700 Committer: Jian He <jia...@apache.org> Committed: Tue Aug 8 11:09:38 2017 -0700 ---------------------------------------------------------------------- .../hadoop/fs/CommonConfigurationKeysPublic.java | 2 ++ .../apache/hadoop/yarn/server/webapp/AppBlock.java | 14 +++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/hadoop/blob/acf9bd8b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java ---------------------------------------------------------------------- diff --git a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java index e8d4b4c..4fda2b8 100644 --- a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java +++ b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java @@ -608,6 +608,8 @@ public class CommonConfigurationKeysPublic { */ public static final String HADOOP_TOKEN_FILES = "hadoop.token.files"; + public static final String HADOOP_HTTP_AUTHENTICATION_TYPE = + "hadoop.http.authentication.type"; /** * @see http://git-wip-us.apache.org/repos/asf/hadoop/blob/acf9bd8b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java ---------------------------------------------------------------------- diff --git a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java index d4090aa..693aa04 100644 --- a/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java +++ b/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java @@ -30,6 +30,7 @@ import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.fs.CommonConfigurationKeys; import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.authentication.client.AuthenticationException; import org.apache.hadoop.security.http.RestCsrfPreventionFilter; @@ -70,6 +71,8 @@ public class AppBlock extends HtmlBlock { protected ApplicationBaseProtocol appBaseProt; protected Configuration conf; protected ApplicationId appID = null; + private boolean unsecuredUI = true; + @Inject protected AppBlock(ApplicationBaseProtocol appBaseProt, ViewContext ctx, @@ -77,6 +80,9 @@ public class AppBlock extends HtmlBlock { super(ctx); this.appBaseProt = appBaseProt; this.conf = conf; + // check if UI is unsecured. + String httpAuth = conf.get(CommonConfigurationKeys.HADOOP_HTTP_AUTHENTICATION_TYPE); + this.unsecuredUI = (httpAuth != null) && httpAuth.equals("simple"); } @Override @@ -129,10 +135,16 @@ public class AppBlock extends HtmlBlock { setTitle(join("Application ", aid)); + // YARN-6890. for secured cluster allow anonymous UI access, application kill + // shouldn't be there. + boolean unsecuredUIForSecuredCluster = UserGroupInformation.isSecurityEnabled() + && this.unsecuredUI; + if (webUiType != null && webUiType.equals(YarnWebParams.RM_WEB_UI) && conf.getBoolean(YarnConfiguration.RM_WEBAPP_UI_ACTIONS_ENABLED, - YarnConfiguration.DEFAULT_RM_WEBAPP_UI_ACTIONS_ENABLED)) { + YarnConfiguration.DEFAULT_RM_WEBAPP_UI_ACTIONS_ENABLED) + && !unsecuredUIForSecuredCluster) { // Application Kill html.div() .button() --------------------------------------------------------------------- To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-commits-h...@hadoop.apache.org