Eric Yang created YARN-7882:

             Summary: Server side proxy for UI2 log viewer
                 Key: YARN-7882
             Project: Hadoop YARN
          Issue Type: Bug
          Components: security, timelineserver, yarn-ui-v2
    Affects Versions: 3.0.0
            Reporter: Eric Yang

When viewing container logs in UI2, the log files are directly fetched through 
timeline server 2.  Hadoop in simple security mode does not have authenticator 
to make sure the user is authorized to view the log.  The general practice is 
to use knox or other security proxy to authenticate the user and reserve proxy 
the request to Hadoop UI to ensure the information does not leak through 
anonymous user.  The current implementation of UI2 log viewer uses ajax code to 
timeline server 2.  This could prevent knox or reverse proxy software from 
working properly with the new design.  It would be good to perform server side 
proxy to prevent browser from side step the authentication check.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to