[
https://issues.apache.org/jira/browse/SPARK-19652?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15879283#comment-15879283
]
Apache Spark commented on SPARK-19652:
--------------------------------------
User 'vanzin' has created a pull request for this issue:
https://github.com/apache/spark/pull/17029
> REST API does not perform user auth for individual apps
> -------------------------------------------------------
>
> Key: SPARK-19652
> URL: https://issues.apache.org/jira/browse/SPARK-19652
> Project: Spark
> Issue Type: Bug
> Components: Web UI
> Affects Versions: 2.0.0, 2.1.0
> Reporter: Marcelo Vanzin
>
> (This goes back further than 2.0.0, btw.)
> The REST API currently only performs authorization at the root of the UI;
> this works for live UIs, but not for the history server, where the root
> allows everybody to read data. That means that currently any user can see any
> application in the SHS through the REST API, when auth is enabled.
> Instead, the REST API should behave like the regular UI and perform
> authentication at the app level too.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
