hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Yang (JIRA)" <j...@apache.org>
Subject [jira] [Reopened] (HADOOP-14077) Improve the patch of HADOOP-13119
Date Tue, 13 Feb 2018 17:05:00 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Eric Yang reopened HADOOP-14077:

> Improve the patch of HADOOP-13119
> ---------------------------------
>                 Key: HADOOP-14077
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14077
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Yuanbo Liu
>            Assignee: Yuanbo Liu
>            Priority: Major
>             Fix For: 3.0.0-alpha4
>         Attachments: HADOOP-14077.001.patch, HADOOP-14077.002.patch, HADOOP-14077.003.patch
> For some links(such as "/jmx, /stack"), blocking the links in filter chain due to impersonation
issue is not friendly for users. For example, user "sam" is not allowed to be impersonated
by user "knox", and the link "/jmx" doesn't need any user to do authorization by default.
It only needs user "knox" to do authentication, in this case, it's not right to  block the
access in SPNEGO filter. We intend to check impersonation permission when the method "getRemoteUser"
of request is used, so that such kind of links("/jmx, /stack") would not be blocked by mistake.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org

View raw message