[
https://issues.apache.org/jira/browse/YARN-4737?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15175697#comment-15175697
]
Jonathan Maron commented on YARN-4737:
--------------------------------------
1) Will do
2) will perform renaming. As for the ATS - the only three web apps instances
I identified that have an authentication mechanism enabled were the three I
modified. Is the ATS leveraging another auth mechanism (or not using WebApps
to construct the endpoint)?
3) The CSRF protection doesn't make sense in the context of not auth
mechanism, and the only auth mechanism I see enabled with WebApps in SPNEGO?
Is there another auth mechanism that can be enabled independent of API calls to
WebApps.Builder?
> Use CSRF Filter in YARN
> -----------------------
>
> Key: YARN-4737
> URL: https://issues.apache.org/jira/browse/YARN-4737
> Project: Hadoop YARN
> Issue Type: Bug
> Components: nodemanager, resourcemanager, webapp
> Reporter: Jonathan Maron
> Assignee: Jonathan Maron
> Attachments: YARN-4737.001.patch
>
>
> A CSRF filter was added to hadoop common
> (https://issues.apache.org/jira/browse/HADOOP-12691). The aim of this JIRA
> is to come up with a mechanism to integrate this filter into the webapps for
> which it is applicable (web apps that may establish an authenticated
> identity). That includes the RM, NM, and mapreduce jobhistory web app.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
