Shen Yinjie created YARN-8539: --------------------------------- Summary: TimelineWebService#getUser from HttpServletRequest may be null Key: YARN-8539 URL: https://issues.apache.org/jira/browse/YARN-8539 Project: Hadoop YARN Issue Type: Bug Components: timelineservice Reporter: Shen Yinjie
When we integrate tez-ui with timeline server and set yarn.acl.enabled=true. tez-ui will invoke the timeline rest ** interface(ws/v1/timeline/TEZ_DAG_ID) to get all dags . But tez-ui shows "no records available" . after some digging, I find when tez-ui invoke ".../ws/v1/timeline/TEZ_DAG_ID". TimelineWebService#getUser(HttpServletRequest req) returns callerUgi = null In TimelineACLsManager#checkAccess() {code:java} ...... if (callerUGI != null && (adminAclsManager.isAdmin(callerUGI) || callerUGI.getShortUserName().equals(owner) || domainACL.isUserAllowed(callerUGI))) { return true; } return false; } {code} Finally, Tez ui get nothing because of couldn't pass this checkAccess(). I also refer to the similar code in RMWebServices {code} protected Boolean hasAccess(RMApp app, HttpServletRequest hsr) { // Check for the authorization. UserGroupInformation callerUGI = getCallerUserGroupInformation(hsr, true); ...... if (callerUGI != null && !(this.rm.getApplicationACLsManager().checkAccess(callerUGI, ApplicationAccessType.VIEW_APP, app.getUser(), app.getApplicationId()) || this.rm.getQueueACLsManager().checkAccess(callerUGI, QueueACL.ADMINISTER_QUEUE, app, hsr.getRemoteAddr(), forwardedAddresses))) { return false; } return true; } {code} when callerUgi= null, hasAcces() returns true. So , I made a similar fix for TimelineWebServices. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org