Vijay Srinivasaraghavan created YARN-5712:
---------------------------------------------
Summary: WebAppProxyServlet is not passing the Authorization Header
Key: YARN-5712
URL: https://issues.apache.org/jira/browse/YARN-5712
Project: Hadoop YARN
Issue Type: Bug
Components: webapp, yarn
Reporter: Vijay Srinivasaraghavan
Scenario:
1) Deployed custom web application as Yarn application
2) Custom web application URL is exposed as the tracking URL
3) When user clicks the application link (Tracking URL) from Yarn RM UI, Yarn
web proxy forwards the request to custom web application URL
4) Custom web app is handling basic AUTH and it expects Authorization header to
allow user from moving forward. If authorization header is missing, then it
will prompt the user to enter user ID and password (standard HTTP basic auth)
5) Yarn web proxy is not forwarding the Authorization header back to the custom
web app (and hence the custom web app always prompts user for the credentials)
Yarn web proxy currently supports few set of pass through headers while
forwarding the request to the tracking URL of the container application
(runtime web application deployed through Yarn)
https://github.com/apache/hadoop/blob/2e1d0ff4e901b8313c8d71869735b94ed8bc40a0/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-web-proxy/src/main/java/org/apache/hadoop/yarn/server/webproxy/WebAppProxyServlet.java#L80
The runtime web application is expecting "Authorization" header to perform
basic HTTP authentication but the Yarn proxy is not forwarding the header.
I understand the security reason behind why limited headers are exposed, but in
situations where additional headers need to be propogated, there should be an
option to include them.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
