Russell Spitzer created ZEPPELIN-4136:
-----------------------------------------
Summary: Class Cast Exception with Spark Implementations that
Backported SparkR Security Fix
Key: ZEPPELIN-4136
URL: https://issues.apache.org/jira/browse/ZEPPELIN-4136
Project: Zeppelin
Issue Type: Bug
Components: security, spark
Affects Versions: 0.8.1
Reporter: Russell Spitzer
Zeppelin uses a version check to determine the return type of the SparkR
channel
https://github.com/apache/zeppelin/blob/8e6974fdc33e834bc01a5ee594e2cfca4ff3045f/spark/interpreter/src/main/java/org/apache/zeppelin/spark/SparkVersion.java#L92-L97
and
https://github.com/apache/zeppelin/blob/735064fdc57ae958fabae85b399bb5af3cb79144/spark/interpreter/src/main/scala/org/apache/spark/SparkRBackend.scala#L34-L44
Datastax Enterprise build of Spark includes this security fix in 2.2.2.X, but
since Zeppelin doesn't have knowledge of this (for obvious reasons) it attempts
to connect without the secret. While I know this isn't an issue for everyone I
think we could fix this issue by attempting to match on return type and then we
could remove the version check portion of the code. This may end up looking a
bit cleaner too although that may just be my opinion
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
