Zhijie Shen created YARN-2310: --------------------------------- Summary: Revisit the APIs in RM web services where user information can make difference Key: YARN-2310 URL: https://issues.apache.org/jira/browse/YARN-2310 Project: Hadoop YARN Issue Type: Bug Components: resourcemanager, webapp Affects Versions: 3.0.0, 2.5.0 Reporter: Zhijie Shen
After YARN-2247, RM web services can be sheltered by the authentication filter, which can help to identify who the user is. With this information, we should be able to fix the security problem of some existing APIs, such as getApp, getAppAttempts, getApps. We should use the user information to check the ACLs before returning the requested data to the user. -- This message was sent by Atlassian JIRA (v6.2#6252)