falcon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shwetha G S (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FALCON-464) Enforce Authorization for REST API
Date Fri, 08 Aug 2014 10:29:11 GMT

    [ https://issues.apache.org/jira/browse/FALCON-464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14090595#comment-14090595
] 

Shwetha G S commented on FALCON-464:
------------------------------------

+        if (isAuthorizationEnabled) {
+            LOG.info("Authorizing user={} against resource={}, action={}, entity name={},
"
+                + "entity type={}", CurrentUser.getUser(), resource, action, entityName,
entityType);
+            authorizationProvider.authorizeResource(resource, action,
+                    entityType, entityName, CurrentUser.getProxyUgi());
+        }
Should we skip this for GET APIs. Since there is no read/write control as such, we should
atleast allow everyone to view the instance/entity status

> Enforce Authorization for REST API
> ----------------------------------
>
>                 Key: FALCON-464
>                 URL: https://issues.apache.org/jira/browse/FALCON-464
>             Project: Falcon
>          Issue Type: Sub-task
>          Components: process
>    Affects Versions: 0.6
>            Reporter: Venkatesh Seetharam
>            Assignee: Venkatesh Seetharam
>              Labels: authorization, security
>             Fix For: 0.6
>
>         Attachments: FALCON-464-review.patch, FALCON-464.patch
>
>
> Only owner of entities can execute CRUD but no one else.
> Cluster and Feed entities are world-readable by default. Process entity can only be read
by the owner and group.
> Input feeds must be readable and output feeds be writable by the process owner?



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message