[jira] [Commented] (YARN-9039) App ACLs are not validated when serving logs from LogWebService

[Bibin A Chundatt (JIRA)]

    [ 
https://issues.apache.org/jira/browse/YARN-9039?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16703216#comment-16703216
 ] 

Bibin A Chundatt commented on YARN-9039:
----------------------------------------

[~suma.shivaprasad]

{code}
  protected boolean checkAcls(Configuration conf, ApplicationId appId,
      String owner, Map<ApplicationAccessType, String> appAcls,
      String remoteUser) {
    ApplicationACLsManager aclsManager = new ApplicationACLsManager(
        conf);
    aclsManager.addApplication(appId, appAcls);

    UserGroupInformation callerUGI = null;
    if (remoteUser != null) {
      callerUGI = UserGroupInformation.createRemoteUser(remoteUser);
    }
    if (callerUGI != null && !aclsManager.checkAccess(callerUGI,
        ApplicationAccessType.VIEW_APP, owner, appId)) {
      return false;
    }
    return true;
  }
{code}

    ApplicationACLsManager aclsManager = new ApplicationACLsManager(
        conf); -- adds adminACLManager

> App ACLs are not validated when serving logs from LogWebService
> ---------------------------------------------------------------
>
>                 Key: YARN-9039
>                 URL: https://issues.apache.org/jira/browse/YARN-9039
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: log-aggregation
>            Reporter: Suma Shivaprasad
>            Assignee: Suma Shivaprasad
>            Priority: Critical
>         Attachments: YARN-9039.1.patch, YARN-9039.2.patch, YARN-9039.3.patch
>
>
> App Acls are not being validated while serving logs through REST and UI2 via 
> Log Webservice



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org