Zhijie Shen created YARN-2310:
---------------------------------
Summary: Revisit the APIs in RM web services where user
information can make difference
Key: YARN-2310
URL: https://issues.apache.org/jira/browse/YARN-2310
Project: Hadoop YARN
Issue Type: Bug
Components: resourcemanager, webapp
Affects Versions: 3.0.0, 2.5.0
Reporter: Zhijie Shen
After YARN-2247, RM web services can be sheltered by the authentication filter,
which can help to identify who the user is. With this information, we should be
able to fix the security problem of some existing APIs, such as getApp,
getAppAttempts, getApps. We should use the user information to check the ACLs
before returning the requested data to the user.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
