[jira] [Commented] (HADOOP-14077) Improve the patch of HADOOP-13119
[ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16394075#comment-16394075 ] Hudson commented on HADOOP-14077: - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #13810 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/13810/]) Revert "HADOOP-14077. Add ability to access jmx via proxy. Contributed (wangda: rev 3a8dade9b1bf01cf75fc68cecb351c23302cdee5) * (edit) hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/webapp/AppController.java * (edit) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java * (edit) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServerWithSpengo.java * (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java > Improve the patch of HADOOP-13119 > - > > Key: HADOOP-14077 > URL: https://issues.apache.org/jira/browse/HADOOP-14077 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Reporter: Yuanbo Liu >Assignee: Yuanbo Liu >Priority: Major > Fix For: 3.0.0-alpha4 > > Attachments: HADOOP-14077.001.patch, HADOOP-14077.002.patch, > HADOOP-14077.003.patch > > > For some links(such as "/jmx, /stack"), blocking the links in filter chain > due to impersonation issue is not friendly for users. For example, user "sam" > is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't > need any user to do authorization by default. It only needs user "knox" to do > authentication, in this case, it's not right to block the access in SPNEGO > filter. We intend to check impersonation permission when the method > "getRemoteUser" of request is used, so that such kind of links("/jmx, > /stack") would not be blocked by mistake. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14077) Improve the patch of HADOOP-13119
[ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16362666#comment-16362666 ] Eric Yang commented on HADOOP-14077: [~yuanbo] Hadoop Security team has brought to my attention that this feature has potential to weaken security. When user is not authorized in the first proxy user list, the Authorization exception is captured and return null. This allows the second proxy list to be checked if user chain StaticUserWebFilter and another AuthenticationFilterWithProxyUser together per your comment in [HADOOP-14060|https://issues.apache.org/jira/browse/HADOOP-14060?focusedCommentId=15875737&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-15875737]. However, this procedure can trigger replay attack of using ProxyUser credential to fool other services because the end user credential is not authorized to use first proxy user in the first place. Given this reason, I have no choice but revert this commit. Sorry that I missed to spot the problem in the first round of review. When reverting this change, this may impact managed service, like the cluster system administrator and users are from two companies. You may need to review if your clusters depend on this feature. > Improve the patch of HADOOP-13119 > - > > Key: HADOOP-14077 > URL: https://issues.apache.org/jira/browse/HADOOP-14077 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Reporter: Yuanbo Liu >Assignee: Yuanbo Liu >Priority: Major > Fix For: 3.0.0-alpha4 > > Attachments: HADOOP-14077.001.patch, HADOOP-14077.002.patch, > HADOOP-14077.003.patch > > > For some links(such as "/jmx, /stack"), blocking the links in filter chain > due to impersonation issue is not friendly for users. For example, user "sam" > is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't > need any user to do authorization by default. It only needs user "knox" to do > authentication, in this case, it's not right to block the access in SPNEGO > filter. We intend to check impersonation permission when the method > "getRemoteUser" of request is used, so that such kind of links("/jmx, > /stack") would not be blocked by mistake. -- This message was sent by Atlassian JIRA (v7.6.3#76005) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14077) Improve the patch of HADOOP-13119
[ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15873427#comment-15873427 ] Yuanbo Liu commented on HADOOP-14077: - [~eyang] Thanks for your review and commit. > Improve the patch of HADOOP-13119 > - > > Key: HADOOP-14077 > URL: https://issues.apache.org/jira/browse/HADOOP-14077 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Reporter: Yuanbo Liu >Assignee: Yuanbo Liu > Fix For: 3.0.0-alpha3 > > Attachments: HADOOP-14077.001.patch, HADOOP-14077.002.patch, > HADOOP-14077.003.patch > > > For some links(such as "/jmx, /stack"), blocking the links in filter chain > due to impersonation issue is not friendly for users. For example, user "sam" > is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't > need any user to do authorization by default. It only needs user "knox" to do > authentication, in this case, it's not right to block the access in SPNEGO > filter. We intend to check impersonation permission when the method > "getRemoteUser" of request is used, so that such kind of links("/jmx, > /stack") would not be blocked by mistake. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14077) Improve the patch of HADOOP-13119
[ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15873423#comment-15873423 ] Hudson commented on HADOOP-14077: - SUCCESS: Integrated in Jenkins build Hadoop-trunk-Commit #11278 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/11278/]) HADOOP-14077. Add ability to access jmx via proxy. Contributed by (eyang: rev 172b23af33554b7d58fd41b022d983bcc2433da7) * (edit) hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/http/TestHttpServerWithSpengo.java * (edit) hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java * (edit) hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/AuthenticationWithProxyUserFilter.java * (edit) hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-app/src/main/java/org/apache/hadoop/mapreduce/v2/app/webapp/AppController.java > Improve the patch of HADOOP-13119 > - > > Key: HADOOP-14077 > URL: https://issues.apache.org/jira/browse/HADOOP-14077 > Project: Hadoop Common > Issue Type: Improvement > Components: security >Reporter: Yuanbo Liu >Assignee: Yuanbo Liu > Fix For: 3.0.0-alpha3 > > Attachments: HADOOP-14077.001.patch, HADOOP-14077.002.patch, > HADOOP-14077.003.patch > > > For some links(such as "/jmx, /stack"), blocking the links in filter chain > due to impersonation issue is not friendly for users. For example, user "sam" > is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't > need any user to do authorization by default. It only needs user "knox" to do > authentication, in this case, it's not right to block the access in SPNEGO > filter. We intend to check impersonation permission when the method > "getRemoteUser" of request is used, so that such kind of links("/jmx, > /stack") would not be blocked by mistake. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14077) Improve the patch of HADOOP-13119
[ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15869013#comment-15869013 ] Yuanbo Liu commented on HADOOP-14077: - The test failure is tracked by HADOOP-14030. So the failure is not related to my patch. > Improve the patch of HADOOP-13119 > - > > Key: HADOOP-14077 > URL: https://issues.apache.org/jira/browse/HADOOP-14077 > Project: Hadoop Common > Issue Type: Improvement >Reporter: Yuanbo Liu >Assignee: Yuanbo Liu > Attachments: HADOOP-14077.001.patch, HADOOP-14077.002.patch, > HADOOP-14077.003.patch > > > For some links(such as "/jmx, /stack"), blocking the links in filter chain > due to impersonation issue is not friendly for users. For example, user "sam" > is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't > need any user to do authorization by default. It only needs user "knox" to do > authentication, in this case, it's not right to block the access in SPNEGO > filter. We intend to check impersonation permission when the method > "getRemoteUser" of request is used, so that such kind of links("/jmx, > /stack") would not be blocked by mistake. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14077) Improve the patch of HADOOP-13119
[ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15867655#comment-15867655 ] Hadoop QA commented on HADOOP-14077: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 15s{color} | {color:blue} Docker mode activated. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 1 new or modified test files. {color} | | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 1m 56s{color} | {color:blue} Maven dependency ordering for branch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 12m 23s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 12m 24s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 1m 50s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 57s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 56s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 3m 4s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 34s{color} | {color:green} trunk passed {color} | | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 17s{color} | {color:blue} Maven dependency ordering for patch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 1m 26s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 11m 50s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 11m 50s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 2m 3s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 2m 15s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 1m 1s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 3m 34s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 46s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} unit {color} | {color:red} 8m 23s{color} | {color:red} hadoop-common in the patch failed. {color} | | {color:green}+1{color} | {color:green} unit {color} | {color:green} 0m 43s{color} | {color:green} hadoop-yarn-server-common in the patch passed. {color} | | {color:green}+1{color} | {color:green} unit {color} | {color:green} 9m 29s{color} | {color:green} hadoop-mapreduce-client-app in the patch passed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 37s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}104m 9s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | Failed junit tests | hadoop.security.TestKDiag | \\ \\ || Subsystem || Report/Notes || | Docker | Image:yetus/hadoop:a9ad5d6 | | JIRA Issue | HADOOP-14077 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12852778/HADOOP-14077.003.patch | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle | | uname | Linux a32d2fabdbee 3.13.0-106-generic #153-Ubuntu SMP Tue Dec 6 15:44:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh | | git revision | trunk / b7613e0 | | Default Java | 1.8.0_121 | | findbugs | v3.0.0 | | unit | https://builds.apache.org/job/PreCommit-HADOOP-Build/11626/artifact/patchprocess/patch-unit-hadoop-common-project_hadoop-common.txt | | Test Results | https://builds.apache.org/job/PreCommit-HADOOP-Build/11626/testReport/ | | modules | C: hadoop-common-project/hadoop-common hadoop-yarn-project/hadoop-y
[jira] [Commented] (HADOOP-14077) Improve the patch of HADOOP-13119
[ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15867172#comment-15867172 ] Eric Yang commented on HADOOP-14077: Should we be concerned about the test regression? https://builds.apache.org/job/PreCommit-HADOOP-Build/11615/testReport/org.apache.hadoop.net/TestDNS/testNullDnsServer/ There are problems with the style check, could you fix the spacing? Thanks > Improve the patch of HADOOP-13119 > - > > Key: HADOOP-14077 > URL: https://issues.apache.org/jira/browse/HADOOP-14077 > Project: Hadoop Common > Issue Type: Improvement >Reporter: Yuanbo Liu >Assignee: Yuanbo Liu > Attachments: HADOOP-14077.001.patch, HADOOP-14077.002.patch > > > For some links(such as "/jmx, /stack"), blocking the links in filter chain > due to impersonation issue is not friendly for users. For example, user "sam" > is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't > need any user to do authorization by default. It only needs user "knox" to do > authentication, in this case, it's not right to block the access in SPNEGO > filter. We intend to check impersonation permission when the method > "getRemoteUser" of request is used, so that such kind of links("/jmx, > /stack") would not be blocked by mistake. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14077) Improve the patch of HADOOP-13119
[ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15865021#comment-15865021 ] Yuanbo Liu commented on HADOOP-14077: - [~eyang] Sorry to interrupt, would you mind reviewing patch. Thanks in advance. > Improve the patch of HADOOP-13119 > - > > Key: HADOOP-14077 > URL: https://issues.apache.org/jira/browse/HADOOP-14077 > Project: Hadoop Common > Issue Type: Improvement >Reporter: Yuanbo Liu >Assignee: Yuanbo Liu > Attachments: HADOOP-14077.001.patch, HADOOP-14077.002.patch > > > For some links(such as "/jmx, /stack"), blocking the links in filter chain > due to impersonation issue is not friendly for users. For example, user "sam" > is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't > need any user to do authorization by default. It only needs user "knox" to do > authentication, in this case, it's not right to block the access in SPNEGO > filter. We intend to check impersonation permission when the method > "getRemoteUser" of request is used, so that such kind of links("/jmx, > /stack") would not be blocked by mistake. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org
[jira] [Commented] (HADOOP-14077) Improve the patch of HADOOP-13119
[ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15863217#comment-15863217 ] Hadoop QA commented on HADOOP-14077: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 17m 52s{color} | {color:blue} Docker mode activated. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 1 new or modified test files. {color} | | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 42s{color} | {color:blue} Maven dependency ordering for branch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 12m 31s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 13m 5s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 1m 31s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 58s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 59s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 2m 53s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 35s{color} | {color:green} trunk passed {color} | | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 16s{color} | {color:blue} Maven dependency ordering for patch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 1m 23s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 10m 51s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 10m 51s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 1m 35s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 2m 5s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 1m 8s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:red}-1{color} | {color:red} findbugs {color} | {color:red} 0m 57s{color} | {color:red} hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common generated 1 new + 0 unchanged - 0 fixed = 1 total (was 0) {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 43s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} unit {color} | {color:red} 8m 19s{color} | {color:red} hadoop-common in the patch failed. {color} | | {color:green}+1{color} | {color:green} unit {color} | {color:green} 0m 38s{color} | {color:green} hadoop-yarn-server-common in the patch passed. {color} | | {color:green}+1{color} | {color:green} unit {color} | {color:green} 9m 9s{color} | {color:green} hadoop-mapreduce-client-app in the patch passed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 38s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}119m 7s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | FindBugs | module:hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common | | | Redundant nullcheck of callerUGI, which is known to be non-null in org.apache.hadoop.yarn.server.webapp.AppBlock.render(HtmlBlock$Block) Redundant null check at AppBlock.java:is known to be non-null in org.apache.hadoop.yarn.server.webapp.AppBlock.render(HtmlBlock$Block) Redundant null check at AppBlock.java:[line 235] | | Failed junit tests | hadoop.security.TestKDiag | \\ \\ || Subsystem || Report/Notes || | Docker | Image:yetus/hadoop:a9ad5d6 | | JIRA Issue | HADOOP-14077 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12852285/HADOOP-14077.001.patch | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle | | uname | Linux 7efadf6e87cf 3.13.0-106-generic #153-Ubuntu SMP Tue Dec 6 15:44:32 UTC
[jira] [Commented] (HADOOP-14077) Improve the patch of HADOOP-13119
[ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15863341#comment-15863341 ] Hadoop QA commented on HADOOP-14077: | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:blue}0{color} | {color:blue} reexec {color} | {color:blue} 0m 15s{color} | {color:blue} Docker mode activated. {color} | | {color:green}+1{color} | {color:green} @author {color} | {color:green} 0m 0s{color} | {color:green} The patch does not contain any @author tags. {color} | | {color:green}+1{color} | {color:green} test4tests {color} | {color:green} 0m 0s{color} | {color:green} The patch appears to include 1 new or modified test files. {color} | | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 16s{color} | {color:blue} Maven dependency ordering for branch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 12m 25s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 13m 3s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} checkstyle {color} | {color:green} 1m 31s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 1m 57s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 0m 58s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 2m 51s{color} | {color:green} trunk passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 36s{color} | {color:green} trunk passed {color} | | {color:blue}0{color} | {color:blue} mvndep {color} | {color:blue} 0m 16s{color} | {color:blue} Maven dependency ordering for patch {color} | | {color:green}+1{color} | {color:green} mvninstall {color} | {color:green} 1m 22s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} compile {color} | {color:green} 11m 1s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javac {color} | {color:green} 11m 2s{color} | {color:green} the patch passed {color} | | {color:orange}-0{color} | {color:orange} checkstyle {color} | {color:orange} 1m 36s{color} | {color:orange} root: The patch generated 1 new + 59 unchanged - 7 fixed = 60 total (was 66) {color} | | {color:green}+1{color} | {color:green} mvnsite {color} | {color:green} 2m 6s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} mvneclipse {color} | {color:green} 1m 7s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} whitespace {color} | {color:green} 0m 0s{color} | {color:green} The patch has no whitespace issues. {color} | | {color:green}+1{color} | {color:green} findbugs {color} | {color:green} 3m 25s{color} | {color:green} the patch passed {color} | | {color:green}+1{color} | {color:green} javadoc {color} | {color:green} 1m 45s{color} | {color:green} the patch passed {color} | | {color:red}-1{color} | {color:red} unit {color} | {color:red} 8m 10s{color} | {color:red} hadoop-common in the patch failed. {color} | | {color:green}+1{color} | {color:green} unit {color} | {color:green} 0m 39s{color} | {color:green} hadoop-yarn-server-common in the patch passed. {color} | | {color:green}+1{color} | {color:green} unit {color} | {color:green} 9m 0s{color} | {color:green} hadoop-mapreduce-client-app in the patch passed. {color} | | {color:green}+1{color} | {color:green} asflicense {color} | {color:green} 0m 38s{color} | {color:green} The patch does not generate ASF License warnings. {color} | | {color:black}{color} | {color:black} {color} | {color:black}100m 56s{color} | {color:black} {color} | \\ \\ || Reason || Tests || | Failed junit tests | hadoop.security.TestRaceWhenRelogin | | | hadoop.security.TestKDiag | | | hadoop.net.TestDNS | \\ \\ || Subsystem || Report/Notes || | Docker | Image:yetus/hadoop:a9ad5d6 | | JIRA Issue | HADOOP-14077 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12852302/HADOOP-14077.002.patch | | Optional Tests | asflicense compile javac javadoc mvninstall mvnsite unit findbugs checkstyle | | uname | Linux 478d8f71a41f 3.13.0-106-generic #153-Ubuntu SMP Tue Dec 6 15:44:32 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux | | Build tool | maven | | Personality | /testptch/hadoop/patchprocess/precommit/personality/provided.sh | | git revision | trunk / 243c0f3 | | Default Java | 1.8.0_121 | | findbugs | v3.0.0 | | checkstyle | https://builds.apache.org/job/PreCommit-HADOOP-Build/11615/artifact/patchprocess/diff-checkstyle-root.txt | | unit | https://builds.apache.org/job/PreCommit-HADOOP
[jira] [Commented] (HADOOP-14077) Improve the patch of HADOOP-13119
[ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15863150#comment-15863150 ] Yuanbo Liu commented on HADOOP-14077: - Also fix some inappropriate operation of null point condition in YARN app controller. > Improve the patch of HADOOP-13119 > - > > Key: HADOOP-14077 > URL: https://issues.apache.org/jira/browse/HADOOP-14077 > Project: Hadoop Common > Issue Type: Improvement >Reporter: Yuanbo Liu >Assignee: Yuanbo Liu > > For some links(such as "/jmx, /stack"), blocking the links in filter chain > due to impersonation issue is not friendly for users. For example, user "sam" > is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't > need any user to do authorization by default. It only needs user "knox" to do > authentication, in this case, it's not right to block the access in SPNEGO > filter. We intend to check impersonation permission when the method > "getRemoteUser" of request is used, so that such kind of links("/jmx, > /stack") would not be blocked by mistake. -- This message was sent by Atlassian JIRA (v6.3.15#6346) - To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org