Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

YARN-6890. Not display killApp button on UI if UI is unsecured but cluster is secured. Contributed by Junping Du

This commit is contained in:
Jian He 2017-08-08 11:09:38 -07:00
parent 47b145b9b4
commit acf9bd8b1d
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/fs/CommonConfigurationKeysPublic.java
View File

@ -608,6 +608,8 @@ public class CommonConfigurationKeysPublic {
*/ */
public static final String HADOOP_TOKEN_FILES = public static final String HADOOP_TOKEN_FILES =
"hadoop.token.files"; "hadoop.token.files";
public static final String HADOOP_HTTP_AUTHENTICATION_TYPE =
"hadoop.http.authentication.type";
/** /**
* @see * @see

14
hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java
View File

@ -30,6 +30,7 @@ import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration; import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.security.UserGroupInformation; import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.AuthenticationException; import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.http.RestCsrfPreventionFilter; import org.apache.hadoop.security.http.RestCsrfPreventionFilter;
@ -70,6 +71,8 @@ public class AppBlock extends HtmlBlock {
protected ApplicationBaseProtocol appBaseProt; protected ApplicationBaseProtocol appBaseProt;
protected Configuration conf; protected Configuration conf;
protected ApplicationId appID = null; protected ApplicationId appID = null;
private boolean unsecuredUI = true;
@Inject @Inject
protected AppBlock(ApplicationBaseProtocol appBaseProt, ViewContext ctx, protected AppBlock(ApplicationBaseProtocol appBaseProt, ViewContext ctx,
@ -77,6 +80,9 @@ public class AppBlock extends HtmlBlock {
super(ctx); super(ctx);
this.appBaseProt = appBaseProt; this.appBaseProt = appBaseProt;
this.conf = conf; this.conf = conf;
// check if UI is unsecured.
String httpAuth = conf.get(CommonConfigurationKeys.HADOOP_HTTP_AUTHENTICATION_TYPE);
this.unsecuredUI = (httpAuth != null) && httpAuth.equals("simple");
} }
@Override @Override
@ -129,10 +135,16 @@ public class AppBlock extends HtmlBlock {
setTitle(join("Application ", aid)); setTitle(join("Application ", aid));
// YARN-6890. for secured cluster allow anonymous UI access, application kill
// shouldn't be there.
boolean unsecuredUIForSecuredCluster = UserGroupInformation.isSecurityEnabled()
&& this.unsecuredUI;
if (webUiType != null if (webUiType != null
&& webUiType.equals(YarnWebParams.RM_WEB_UI) && webUiType.equals(YarnWebParams.RM_WEB_UI)
&& conf.getBoolean(YarnConfiguration.RM_WEBAPP_UI_ACTIONS_ENABLED, && conf.getBoolean(YarnConfiguration.RM_WEBAPP_UI_ACTIONS_ENABLED,
YarnConfiguration.DEFAULT_RM_WEBAPP_UI_ACTIONS_ENABLED)) { YarnConfiguration.DEFAULT_RM_WEBAPP_UI_ACTIONS_ENABLED)
&& !unsecuredUIForSecuredCluster) {
// Application Kill // Application Kill
html.div() html.div()
.button() .button()