Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
HDFS >> mail # dev >> Replacing the JSP web UIs to HTML 5 applications


+
Haohui Mai 2013-10-22, 22:59
+
Luke Lu 2013-10-25, 17:02
+
Haohui Mai 2013-10-26, 02:31
+
Colin McCabe 2013-10-28, 18:16
+
Alejandro Abdelnur 2013-10-28, 22:57
+
Haohui Mai 2013-10-28, 23:10
+
Haohui Mai 2013-10-28, 23:06
Copy link to this message
-
Re: Replacing the JSP web UIs to HTML 5 applications
Haohui,

If you have NN and DNs producing JSON instead HTML, then you can build JS
based web UIs. Take for example Oozie, Oozie produces JSON, it has a built
in JS web ui that consumes JSON and Hue has built an external web UI that
also consumes JSON. In the case of Hue UI, Oozie didn't have to change
anything to get that UI and improvements on the Hue UI don't require
changes in Oozie unless it is to produce additional information.

hope this clarifies.

Thx
On Mon, Oct 28, 2013 at 4:06 PM, Haohui Mai <[EMAIL PROTECTED]> wrote:

> Echo my comments on HDFS-5402:
>
> bq. If we're going to remove the old web UI, I think the new web UI has
> to have the same level of unit testing. We shouldn't go backwards in
> terms of unit testing.
>
> I take a look at TestNamenodeJspHelper / TestDatanodeJspHelper /
> TestClusterJspHelper. It seems to me that we can merge these tests with the
> unit tests on JMX.
>
> bq. If we are going to
> remove this capability, we need to add some other command-line tools
> to get the same functionality. These tools could use REST if we have
> that, or JMX, but they need to exist before we can consider removing
> the old UI.
>
> This is a good point. Since all information are available through JMX, the
> easiest way to approach it is to write some scripts using Node.js. The
> architecture of the new Web UIs is ready for this.
>
>
> On Mon, Oct 28, 2013 at 3:57 PM, Alejandro Abdelnur <[EMAIL PROTECTED]
> >wrote:
>
> > Producing JSON would be great. Agree with Colin that we should leave for
> > now the current JSP based web ui.
> >
> > thx
> >
> >
> > On Mon, Oct 28, 2013 at 11:16 AM, Colin McCabe <[EMAIL PROTECTED]
> > >wrote:
> >
> > > This is a really interesting project, Haohui.  I think it will make
> > > our web UI much nicer.
> > >
> > > I have a few concerns about removing the old web UI, however:
> > >
> > > * If we're going to remove the old web UI, I think the new web UI has
> > > to have the same level of unit testing.  We shouldn't go backwards in
> > > terms of unit testing.
> > >
> > > * Most of the deployments of elinks and links out there don't support
> > > Javascript.  This is just a reality of life when using CentOS 5 or 6,
> > > which many users are still using.  I have used "links" to diagnose
> > > problems through the web UI in the past, in systems where access to
> > > the cluster was available only through telnet.  If we are going to
> > > remove this capability, we need to add some other command-line tools
> > > to get the same functionality.  These tools could use REST if we have
> > > that, or JMX, but they need to exist before we can consider removing
> > > the old UI.
> > >
> > > best,
> > > Colin
> > >
> > > On Fri, Oct 25, 2013 at 7:31 PM, Haohui Mai <[EMAIL PROTECTED]>
> > wrote:
> > > > Thanks for the reply, Luke. Here I just echo my response from the
> jira:
> > > >
> > > > bq. this client-side js only approach, which is less secure than a
> > > > progressively enhanced hybrid approach used by YARN. The recent gmail
> > > > XSS fiasco highlights the issue.
> > > >
> > > > I'm presenting an informal security analysis to compare the security
> of
> > > the
> > > > old and the new web UIs.
> > > >
> > > > An attacker launches an XSS attack by injecting malicious code which
> > are
> > > > usually HTML or JavaScript fragments into the web page, so that the
> > > > malicious code can have the same privileges of the web page.
> > > >
> > > > First, in the scope of XSS attacks, note that the threat models of
> > > > launching XSS attacks on Internet sites Gmail/Linkedin and the one of
> > the
> > > > Hadoop UIs are different. They have fundamental different sets of
> > > external
> > > > inputs that the attackers have control to. Internet sites have little
> > > > control of these inputs. In the case of Gmail / Linkedin, an attack
> can
> > > > send you a crafted e-mail, or put malicious description in his /
> > > > her Linkedin profile. The sets of external inputs are *restricted* in

Alejandro
+
Haohui Mai 2013-10-28, 23:58
+
Alejandro Abdelnur 2013-10-29, 00:13
+
Zheng, Kai 2013-10-29, 12:22
+
Haohui Mai 2013-10-29, 18:28
+
Luke Lu 2013-10-30, 07:34
+
Andrew Wang 2013-10-30, 19:11
+
Haohui Mai 2013-10-30, 20:14
+
Colin McCabe 2013-11-01, 17:56
+
Haohui Mai 2013-11-02, 03:35
+
Haohui Mai 2013-10-29, 00:48
+
Alejandro Abdelnur 2013-10-29, 01:01
+
Haohui Mai 2013-10-29, 01:09
+
Larry McCay 2013-10-29, 01:12
+
Haohui Mai 2013-10-29, 02:28
+
Larry McCay 2013-10-29, 02:44