[
https://issues.apache.org/jira/browse/MAPREDUCE-2858?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Joseph Evans updated MAPREDUCE-2858:
-------------------------------------------
Attachment: MR-2858.txt
MR-2858-branch-0.23.txt
It took me a bit longer to run through all of the tests again, then I expected.
The following have changed in this patch.
# Hamlet is now used to generate the error and warning pages (@Luke if you
could tell me where the security errors were in the previous patch I would
appreciate it. This is just for my own knowledge and will not impact the patch)
# The URL no longer stores the state of user approval (CHECKED/NEEDSCHECK). A
cookie called checked_<app_id> is used. If it is set to "true" then the user
is considered to be approved. If the warning page has been displayed to the
user and they have not approved it yet then it is set to "false". The user can
switch the value of the cookie to true by adding a query parameter
proxyapproved=true. This query parameter is ignored if the cookie is not set.
This forces the user to see the page either way.
#I removed the proxy specific principal to be consistent with what happened to
other server.
> MRv2 WebApp Security
> --------------------
>
> Key: MAPREDUCE-2858
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-2858
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: applicationmaster, mrv2, security
> Affects Versions: 0.23.0, 0.24.0
> Reporter: Luke Lu
> Assignee: Robert Joseph Evans
> Priority: Blocker
> Fix For: 0.23.0
>
> Attachments: MR-2858-branch-0.23.txt, MR-2858-branch-0.23.txt,
> MR-2858-branch-0.23.txt, MR-2858-branch-0.23.txt, MR-2858.txt, MR-2858.txt,
> MR-2858.txt, MR-2858.txt
>
>
> In MRv2, while the system servers (ResourceManager (RM), NodeManager (NM) and
> NameNode (NN)) run as "trusted"
> system users, the application masters (AM) run as users who submit the
> application. While this offers great flexibility
> to run multiple version of mapreduce frameworks (including their UI) on the
> same Hadoop cluster, it has significant
> implication for the security of webapps (Please do not discuss company
> specific vulnerabilities here).
> Requirements:
> # Secure authentication for AM (for app/job level ACLs).
> # Webapp security should be optional via site configuration.
> # Support existing pluggable single sign on mechanisms.
> # Should not require per app/user configuration for deployment.
> # Should not require special site-wide DNS configuration for deployment.
> This the top jira for webapp security. A design doc/notes of threat-modeling
> and counter measures will be posted on the wiki.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
