You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Overview

(links: source code | pull requests | open JIRA issues)

Spark's web UI is implemented using Java Servlets that are hosted inside of a Jetty web server.

Security

The web UI uses Spark's SecurityManager to manage security (this class has good Scaladocs that provide an overview of its architecture).  Pages on the web UI can be secured using javax.servlet filters; quoting from SecurityManager:

The Spark UI can also be secured by using javax servlet filters. A user may want to secure the UI if it has data that other users should not be allowed to see. The javax servlet filter specified by the user can authenticate the user and then once the user is logged in, Spark can compare that user versus the view acls to make sure they are authorized to view the UI. The configs 'spark.acls.enable' and 'spark.ui.view.acls' control the behavior of the acls. Note that the person who started the application always has view access to the UI.

The web UI currently lacks HTTPS support, although there is an open JIRA ticket and pull request to fix this. 

  • No labels