[ https://issues.apache.org/jira/browse/YARN-2228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14051085#comment-14051085 ]
Varun Vasudev commented on YARN-2228: ------------------------------------- Looks good. Couple of things - 1. {noformat} - if (callerUGI != null + if ((callerUGI != null && (adminAclsManager.isAdmin(callerUGI) || - callerUGI.getShortUserName().equals(owner))) { + callerUGI.getShortUserName().equals(owner))) || + (callerUGI == null && (owner == null || owner.length() == 0))) { return true; } {noformat} Can you split up the individual tests so that the conditions are easier to understand? Something like {noformat} boolean isAdmin = (callerUGI == null) ? false : adminAclsManager.isAdmin(callerUGI); booelan isOwner = (callerUGI == null) ? false : callerUGI.getShortUserName().equals(owner); boolean unOwned = (callerUGI == null) && ((owner == null) || (owner.length() == 0)); if((isAdmin || isOwner) || unOwned) { return true; } {noformat} 2. The config variables - yarn.timeline-service.http.authentication.\*. It looks like we've essentially replication hadoop.http.authentication.\*. Maybe we should just use the hadoop.http.authentication.* instead of a new subset? Rest of the patch looks good. > TimelineServer should load pseudo authentication filter when authentication = > simple > ------------------------------------------------------------------------------------ > > Key: YARN-2228 > URL: https://issues.apache.org/jira/browse/YARN-2228 > Project: Hadoop YARN > Issue Type: Sub-task > Reporter: Zhijie Shen > Assignee: Zhijie Shen > Attachments: YARN-2228.1.patch > > > When kerberos authentication is not enabled, we should let the timeline > server to work with pseudo authentication filter. In this way, the sever is > able to detect the request user by checking "user.name". > On the other hand, timeline client should append "user.name" in un-secure > case as well, such that ACLs can keep working in this case. -- This message was sent by Atlassian JIRA (v6.2#6252)