Zhijie Shen created YARN-2310:

             Summary: Revisit the APIs in RM web services where user 
information can make difference
                 Key: YARN-2310
                 URL: https://issues.apache.org/jira/browse/YARN-2310
             Project: Hadoop YARN
          Issue Type: Bug
          Components: resourcemanager, webapp
    Affects Versions: 3.0.0, 2.5.0
            Reporter: Zhijie Shen

After YARN-2247, RM web services can be sheltered by the authentication filter, 
which can help to identify who the user is. With this information, we should be 
able to fix the security problem of some existing APIs, such as getApp, 
getAppAttempts, getApps. We should use the user information to check the ACLs 
before returning the requested data to the user.

This message was sent by Atlassian JIRA

Reply via email to