[jira] [Resolved] (SPARK-19652) REST API does not perform user auth for individual apps

Marcelo Vanzin (JIRA) Wed, 22 Feb 2017 15:50:10 -0800

     [ 
https://issues.apache.org/jira/browse/SPARK-19652?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Marcelo Vanzin resolved SPARK-19652.
------------------------------------
       Resolution: Fixed
         Assignee: Marcelo Vanzin
    Fix Version/s: 2.2.0
                   2.1.1
                   2.0.3

> REST API does not perform user auth for individual apps
> -------------------------------------------------------
>
>                 Key: SPARK-19652
>                 URL: https://issues.apache.org/jira/browse/SPARK-19652
>             Project: Spark
>          Issue Type: Bug
>          Components: Web UI
>    Affects Versions: 2.0.0, 2.1.0
>            Reporter: Marcelo Vanzin
>            Assignee: Marcelo Vanzin
>             Fix For: 2.0.3, 2.1.1, 2.2.0
>
>
> (This goes back further than 2.0.0, btw.)
> The REST API currently only performs authorization at the root of the UI; 
> this works for live UIs, but not for the history server, where the root 
> allows everybody to read data. That means that currently any user can see any 
> application in the SHS through the REST API, when auth is enabled.
> Instead, the REST API should behave like the regular UI and perform 
> authentication at the app level too.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

[jira] [Resolved] (SPARK-19652) REST API does not perform user auth for individual apps

Reply via email to