[jira] [Commented] (YARN-8247) Incorrect HTTP status code returned by ATSv2 for non-whitelisted users

Tue, 08 May 2018 19:27:23 -0700 

    [ 
https://issues.apache.org/jira/browse/YARN-8247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16468233#comment-16468233
 ] 

Rohith Sharma K S commented on YARN-8247:
-----------------------------------------

bq. is the response status being set when line 80 in the patch is run? Asking 
since Line 79 got removed in original file
Yes, Instead of throwing an exception which interns wrapped as internal server 
error, we directly set it as 403 error code along with message. By doing so, 
webservice doesn't convert it to internal server error. We get response as my 
earlier comment i.e 403.

> Incorrect HTTP status code returned by ATSv2 for non-whitelisted users
> ----------------------------------------------------------------------
>
>                 Key: YARN-8247
>                 URL: https://issues.apache.org/jira/browse/YARN-8247
>             Project: Hadoop YARN
>          Issue Type: Bug
>          Components: ATSv2
>            Reporter: Charan Hebri
>            Assignee: Rohith Sharma K S
>            Priority: Critical
>         Attachments: YARN-8247.01.patch, YARN-8247.02.patch
>
>
> When using the below configuration in ATSv2 reader,
> {noformat}
> yarn.timeline-service.read.authentication.enabled=true
> yarn.timeline-service.read.allowed.users=user1,user2{noformat}
> A query with user3 throws a Forbidden Exception with a status code of 500 
> (Internal Server Error) instead of the expected 403 for Forbidden. Stack 
> trace of the response,
> {noformat}
> HTTP ERROR 500
> Problem accessing /ws/v2/timeline/apps/application_1525427743175_0009. Reason:
>     Server Error
> Caused by:
> org.apache.hadoop.yarn.webapp.ForbiddenException: java.lang.Exception: user 
> user3 is not allowed to read TimelineService V2 data
>       at 
> org.apache.hadoop.yarn.server.timelineservice.reader.security.TimelineReaderWhitelistAuthorizationFilter.doFilter(TimelineReaderWhitelistAuthorizationFilter.java:80)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
>       at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:644)
>       at 
> org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:592)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
>       at 
> org.apache.hadoop.security.http.CrossOriginFilter.doFilter(CrossOriginFilter.java:98)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
>       at 
> org.apache.hadoop.http.HttpServer2$QuotingInputFilter.doFilter(HttpServer2.java:1601)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
>       at org.apache.hadoop.http.NoCacheFilter.doFilter(NoCacheFilter.java:45)
>       at 
> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
>       at 
> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
>       at 
> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)
>       at 
> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
>       at 
> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)
>       at 
> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
>       at 
> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
>       at 
> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
>       at 
> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)
>       at 
> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
>       at org.eclipse.jetty.server.Server.handle(Server.java:534)
>       at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)
>       at 
> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
>       at 
> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)
>       at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)
>       at 
> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:93)
>       at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
>       at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
>       at 
> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
>       at 
> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
>       at 
> org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:589)
>       at java.lang.Thread.run(Thread.java:745)
> Caused by: java.lang.Exception: user user3 is not allowed to read 
> TimelineService V2 data
>       at 
> org.apache.hadoop.yarn.webapp.ForbiddenException.<init>(ForbiddenException.java:41)
>       ... 34 more{noformat}
> cc [~vrushalic] [~rohithsharma]



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org

Reply via email to