[jira] [Commented] (MAPREDUCE-2863) Support web-services for RM & NM

Thu, 08 Dec 2011 18:16:07 -0800 

    [ 
https://issues.apache.org/jira/browse/MAPREDUCE-2863?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13165768#comment-13165768
 ] 

Hitesh Shah commented on MAPREDUCE-2863:
----------------------------------------

For the most part looks good. Have not yet had a chance to run this on a secure 
cluster. Had run the previous patch against one so do not expect any issues 
with this. Will update jira again once I have done that.

Minor comments: 
  - inconsistency in use of MediaType.APPLICATION_JSON v/s application/json in 
unit tests. Could switch all tests to use the defined constant.  
  - missing test for output when media type is not specified ( or both 
specified ) to test default json behavior. 
  - no tests for xml. Could be done more thoroughly in an additional jira but 
would help to have atleast one or 2 tests that accept xml only. 

For further ( later ) investigation:
 
There might be some xss issues which may need to be looked at some point. For 
example:

{code}throw new NotFoundException("app with id: " + appId + " not 
found");{code} 

Printing back user input as is ( without escaping ) could effectively execute 
malicious javascript on a browser. This however depends on what form of input 
parsing is done by the jaxb framework before the parameter gets to the actual 
ws handling code. 

                
> Support web-services for RM & NM
> --------------------------------
>
>                 Key: MAPREDUCE-2863
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-2863
>             Project: Hadoop Map/Reduce
>          Issue Type: Improvement
>          Components: mrv2, nodemanager, resourcemanager
>    Affects Versions: 0.23.0
>            Reporter: Arun C Murthy
>            Assignee: Thomas Graves
>            Priority: Blocker
>         Attachments: MAPREDUCE-2863.patch, MAPREDUCE-2863.patch, 
> MAPREDUCE-2863.patch, MAPREDUCE-2863.patch, MAPREDUCE-2863.patch, 
> MAPREDUCE-2863.patch, MAPREDUCE-2863.patch, MAPREDUCE-2863.patch, 
> amoutput.txt, appoutput.txt, hsoutput.txt, nmoutput.txt, nmoutput.txt, 
> nmoutput.txt, rmoutput.txt, rmoutput.txt, rmoutput.txt
>
>
> It will be very useful for RM and NM to support web-services to export 
> json/xml.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to