Zhijie Shen updated YARN-2676:
    Attachment: YARN-2676.1.patch

Upload a working in progress patch:

1. Server side: make TimelineAuthenticationFilter extend the common 
DelegationTokenAuthenticationFilter and use the related common stuff.

2. Client side: make TimelineClientImpl use the DelegationTokenAuthenticatedURL 
and DelegationTokenAuthenticator, which will fail back to pseduo/kerberos 
authenticator if DT is not there.

3. Client side: make TimelineClientImpl be friendly to proxy user. Will execute 
the http request with real user with the proxy user set as the "doAs" user.

4. Cleanup the unnecessary code, which we used to duplicate for timeline 

It is worth mentioning that new http authentication request and response is not 
going to be compatible with the prior one. It's difficult to be compatible at 
http level, because both header and body are almost different in format. 
However, at the point of view of timeline client, the change should be 

> Timeline authentication filter should add support for proxy user
> ----------------------------------------------------------------
>                 Key: YARN-2676
>                 URL: https://issues.apache.org/jira/browse/YARN-2676
>             Project: Hadoop YARN
>          Issue Type: Sub-task
>          Components: timelineserver
>            Reporter: Zhijie Shen
>            Assignee: Zhijie Shen
>         Attachments: YARN-2676.1.patch

This message was sent by Atlassian JIRA

Reply via email to