YARN-2509. Enable Cross Origin Filter for timeline server only and not all Yarn servers (Mit Desai via jeagles)
(cherry picked from commit 91d45f0f01
)
This commit is contained in:
parent
2267ba1af7
commit
7e76039278
|
@ -152,6 +152,9 @@ Release 2.6.0 - UNRELEASED
|
|||
YARN-1506. Changed RMNode/SchedulerNode to update resource with event
|
||||
notification. (Junping Du via jianhe)
|
||||
|
||||
YARN-2509. Enable Cross Origin Filter for timeline server only and not all
|
||||
Yarn servers (Mit Desai via jeagles)
|
||||
|
||||
OPTIMIZATIONS
|
||||
|
||||
BUG FIXES
|
||||
|
|
|
@ -1239,6 +1239,14 @@ public class YarnConfiguration extends Configuration {
|
|||
public static final String TIMELINE_SERVICE_KEYTAB =
|
||||
TIMELINE_SERVICE_PREFIX + "keytab";
|
||||
|
||||
/** Enables cross origin support for timeline server.*/
|
||||
public static final String TIMELINE_SERVICE_HTTP_CROSS_ORIGIN_ENABLED =
|
||||
TIMELINE_SERVICE_PREFIX + "http-cross-origin.enabled";
|
||||
|
||||
/** Default value for cross origin support for timeline server.*/
|
||||
public static final boolean
|
||||
TIMELINE_SERVICE_HTTP_CROSS_ORIGIN_ENABLED_DEFAULT = false;
|
||||
|
||||
////////////////////////////////
|
||||
// Other Configs
|
||||
////////////////////////////////
|
||||
|
|
|
@ -46,6 +46,7 @@ import org.apache.hadoop.yarn.server.timeline.TimelineStore;
|
|||
import org.apache.hadoop.yarn.server.timeline.security.TimelineACLsManager;
|
||||
import org.apache.hadoop.yarn.server.timeline.security.TimelineAuthenticationFilterInitializer;
|
||||
import org.apache.hadoop.yarn.server.timeline.security.TimelineDelegationTokenSecretManagerService;
|
||||
import org.apache.hadoop.yarn.server.timeline.webapp.CrossOriginFilterInitializer;
|
||||
import org.apache.hadoop.yarn.webapp.WebApp;
|
||||
import org.apache.hadoop.yarn.webapp.WebApps;
|
||||
import org.apache.hadoop.yarn.webapp.util.WebAppUtils;
|
||||
|
@ -197,17 +198,27 @@ public class ApplicationHistoryServer extends CompositeService {
|
|||
// the customized filter will be loaded by the timeline server to do Kerberos
|
||||
// + DT authentication.
|
||||
String initializers = conf.get("hadoop.http.filter.initializers");
|
||||
boolean modifiedInitialiers = false;
|
||||
boolean modifiedInitializers = false;
|
||||
|
||||
initializers =
|
||||
initializers == null || initializers.length() == 0 ? "" : initializers;
|
||||
|
||||
if (!initializers.contains(CrossOriginFilterInitializer.class.getName())) {
|
||||
if(conf.getBoolean(YarnConfiguration
|
||||
.TIMELINE_SERVICE_HTTP_CROSS_ORIGIN_ENABLED, YarnConfiguration
|
||||
.TIMELINE_SERVICE_HTTP_CROSS_ORIGIN_ENABLED_DEFAULT)) {
|
||||
initializers = CrossOriginFilterInitializer.class.getName() + ","
|
||||
+ initializers;
|
||||
modifiedInitializers = true;
|
||||
}
|
||||
}
|
||||
|
||||
if (!initializers.contains(TimelineAuthenticationFilterInitializer.class
|
||||
.getName())) {
|
||||
initializers =
|
||||
TimelineAuthenticationFilterInitializer.class.getName() + ","
|
||||
+ initializers;
|
||||
modifiedInitialiers = true;
|
||||
modifiedInitializers = true;
|
||||
}
|
||||
|
||||
String[] parts = initializers.split(",");
|
||||
|
@ -216,14 +227,14 @@ public class ApplicationHistoryServer extends CompositeService {
|
|||
filterInitializer = filterInitializer.trim();
|
||||
if (filterInitializer.equals(AuthenticationFilterInitializer.class
|
||||
.getName())) {
|
||||
modifiedInitialiers = true;
|
||||
modifiedInitializers = true;
|
||||
continue;
|
||||
}
|
||||
target.add(filterInitializer);
|
||||
}
|
||||
String actualInitializers =
|
||||
org.apache.commons.lang.StringUtils.join(target, ",");
|
||||
if (modifiedInitialiers) {
|
||||
if (modifiedInitializers) {
|
||||
conf.set("hadoop.http.filter.initializers", actualInitializers);
|
||||
}
|
||||
String bindAddress = WebAppUtils.getWebAppBindURL(conf,
|
||||
|
|
Loading…
Reference in New Issue