YARN-4769. Add support for CSRF header in the dump capacity scheduler logs and kill app buttons in RM web UI. Contributed by Varun Vasudev

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/security/http/RestCsrfPreventionFilter.java

@@ -62,7 +62,7 @@ public class RestCsrfPreventionFilter implements Filter {
   public static final String CUSTOM_METHODS_TO_IGNORE_PARAM =
       "methods-to-ignore";
   static final String  BROWSER_USER_AGENTS_DEFAULT = "^Mozilla.*,^Opera.*";
-  static final String HEADER_DEFAULT = "X-XSRF-HEADER";
+  public static final String HEADER_DEFAULT = "X-XSRF-HEADER";
   static final String  METHODS_TO_IGNORE_DEFAULT = "GET,OPTIONS,HEAD,TRACE";
   private String  headerName = HEADER_DEFAULT;
   private Set<String> methodsToIgnore = null;

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-common/src/main/java/org/apache/hadoop/yarn/server/webapp/AppBlock.java

@@ -24,12 +24,14 @@ import static org.apache.hadoop.yarn.webapp.YarnWebParams.WEB_UI_TYPE;
 
 import java.security.PrivilegedExceptionAction;
 import java.util.Collection;
+import java.util.Map;
 
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
 import org.apache.hadoop.security.UserGroupInformation;
+import org.apache.hadoop.security.http.RestCsrfPreventionFilter;
 import org.apache.hadoop.util.StringUtils;
 import org.apache.hadoop.yarn.api.ApplicationBaseProtocol;
 import org.apache.hadoop.yarn.api.protocolrecords.GetApplicationAttemptsRequest;
@@ -143,6 +145,7 @@ public class AppBlock extends HtmlBlock {
           .append(" type: 'PUT',")
           .append(" url: '/ws/v1/cluster/apps/").append(aid).append("/state',")
           .append(" contentType: 'application/json',")
+          .append(getCSRFHeaderString(conf))
           .append(" data: '{\"state\":\"KILLED\"}',")
           .append(" dataType: 'json'")
           .append(" }).done(function(data){")
@@ -369,4 +372,21 @@ public class AppBlock extends HtmlBlock {
   protected LogAggregationStatus getLogAggregationStatus() {
     return null;
   }
+
+  public static String getCSRFHeaderString(Configuration conf) {
+    String ret = "";
+    if (conf.getBoolean(YarnConfiguration.RM_CSRF_ENABLED, false)) {
+      ret = " headers : { '";
+      Map<String, String> filterParams = RestCsrfPreventionFilter
+          .getFilterParams(conf, YarnConfiguration.RM_CSRF_PREFIX);
+      if (filterParams
+          .containsKey(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM)) {
+        ret += filterParams.get(RestCsrfPreventionFilter.CUSTOM_HEADER_PARAM);
+      } else {
+        ret += RestCsrfPreventionFilter.HEADER_DEFAULT;
+      }
+      ret += "' : 'null' },";
+    }
+    return ret;
+  }
 }

hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-resourcemanager/src/main/java/org/apache/hadoop/yarn/server/resourcemanager/webapp/CapacitySchedulerPage.java

@@ -42,6 +42,7 @@ import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.PartitionQueueCa
 import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.PartitionResourcesInfo;
 import org.apache.hadoop.yarn.server.resourcemanager.webapp.dao.ResourceInfo;
 import org.apache.hadoop.yarn.server.security.ApplicationACLsManager;
+import org.apache.hadoop.yarn.server.webapp.AppBlock;
 import org.apache.hadoop.yarn.util.Times;
 import org.apache.hadoop.yarn.util.resource.Resources;
 import org.apache.hadoop.yarn.webapp.ResponseInfo;
@@ -357,6 +358,7 @@ class CapacitySchedulerPage extends RmView {
           .append(" type: 'POST',")
           .append(" url: '/ws/v1/cluster/scheduler/logs',")
           .append(" contentType: 'text/plain',")
+          .append(AppBlock.getCSRFHeaderString(rm.getConfig()))
           .append(" data: 'time=' + timePeriod,")
           .append(" dataType: 'text'")
           .append(" }).done(function(data){")