[ https://issues.apache.org/jira/browse/SPARK-19652?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marcelo Vanzin resolved SPARK-19652. ------------------------------------ Resolution: Fixed Assignee: Marcelo Vanzin Fix Version/s: 2.2.0 2.1.1 2.0.3 > REST API does not perform user auth for individual apps > ------------------------------------------------------- > > Key: SPARK-19652 > URL: https://issues.apache.org/jira/browse/SPARK-19652 > Project: Spark > Issue Type: Bug > Components: Web UI > Affects Versions: 2.0.0, 2.1.0 > Reporter: Marcelo Vanzin > Assignee: Marcelo Vanzin > Fix For: 2.0.3, 2.1.1, 2.2.0 > > > (This goes back further than 2.0.0, btw.) > The REST API currently only performs authorization at the root of the UI; > this works for live UIs, but not for the history server, where the root > allows everybody to read data. That means that currently any user can see any > application in the SHS through the REST API, when auth is enabled. > Instead, the REST API should behave like the regular UI and perform > authentication at the app level too. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org