Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

YARN-4769. Add support for CSRF header in the dump capacity scheduler logs and kill app buttons in RM web UI. Contributed by Varun Vasudev

This commit is contained in:
Jian He 2016-04-06 16:13:47 -07:00
parent aede8c10ec
commit 93bacda08b
3 changed files with 23 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/http/RestCsrfPreventionFilter.java
View File

@ -62,7 +62,7 @@ public class RestCsrfPreventionFilter implements Filter {
public static final String CUSTOM_METHODS_TO_IGNORE_PARAM =
"methods-to-ignore";
static final String BROWSER_USER_AGENTS_DEFAULT = "^Mozilla.*,^Opera.*";
static final String HEADER_DEFAULT = "X-XSRF-HEADER";
public static final String HEADER_DEFAULT = "X-XSRF-HEADER";
static final String METHODS_TO_IGNORE_DEFAULT = "GET,OPTIONS,HEAD,TRACE";
private String headerName = HEADER_DEFAULT;
private Set<String> methodsToIgnore = null;

20
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java
View File

@ -24,12 +24,14 @@ import static org.apache.hadoop.yarn.webapp.YarnWebParams.WEB_UI_TYPE;
import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import java.util.Map;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.http.RestCsrfPreventionFilter;
import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.yarn.api.ApplicationBaseProtocol;
import org.apache.hadoop.yarn.api.protocolrecords.GetApplicationAttemptsRequest;
@ -143,6 +145,7 @@ public class AppBlock extends HtmlBlock {
.append(" type: 'PUT',")
.append(" url: '/ws/v1/cluster/apps/").append(aid).append("/state',")
.append(" contentType: 'application/json',")
.append(getCSRFHeaderString(conf))
.append(" data: '{\"state\":\"KILLED\"}',")
.append(" dataType: 'json'")
.append(" }).done(function(data){")
@ -369,4 +372,21 @@ public class AppBlock extends HtmlBlock {
protected LogAggregationStatus getLogAggregationStatus() {
return null;
}
public static String getCSRFHeaderString(Configuration conf) {
String ret = "";
if (conf.getBoolean(YarnConfiguration.RM_CSRF_ENABLED, false)) {
ret = " headers : { '";
Map<String, String> filterParams = RestCsrfPreventionFilter
.getFilterParams(conf, YarnConfiguration.RM_CSRF_PREFIX);
if (filterParams
.containsKey(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)) {
ret += filterParams.get(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM);
} else {
ret += RestCsrfPreventionFilter.HEADER_DEFAULT;
}
ret += "' : 'null' },";
}
return ret;
}
}

2
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/CapacitySchedulerPage.java
View File

@ -42,6 +42,7 @@ import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.PartitionQueueCa
import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.PartitionResourcesInfo;
import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.ResourceInfo;
import org.apache.hadoop.yarn.server.security.ApplicationACLsManager;
import org.apache.hadoop.yarn.server.webapp.AppBlock;
import org.apache.hadoop.yarn.util.Times;
import org.apache.hadoop.yarn.util.resource.Resources;
import org.apache.hadoop.yarn.webapp.ResponseInfo;
@ -357,6 +358,7 @@ class CapacitySchedulerPage extends RmView {
.append(" type: 'POST',")
.append(" url: '/ws/v1/cluster/scheduler/logs',")
.append(" contentType: 'text/plain',")
.append(AppBlock.getCSRFHeaderString(rm.getConfig()))
.append(" data: 'time=' + timePeriod,")
.append(" dataType: 'text'")
.append(" }).done(function(data){")