hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron T. Myers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-8343) Allow configuration of authorization for JmxJsonServlet and MetricsServlet
Date Thu, 03 May 2012 22:44:48 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-8343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13267901#comment-13267901
] 

Aaron T. Myers commented on HADOOP-8343:
----------------------------------------

Patch looks pretty good to me. Just a few small comments. +1 once these are addressed:

# I think we should take /logLevel out of the set of servlets which this new config allows
anon access to. Since its writable, it seems like requiring admin access in all cases is reasonable.
# Recommend renaming "hadoop.security.authorization.for.instrumentation" to "hadoop.security.instrumentation.requires.admin".
# Recommend renaming "checkInstrumentationAccess" to "isInstrumentationAccessAllowed".
# The method comment of checkInstrumentationAccess is a little misleading. Instead of "Returns
if anonymous authentication access to instrumentation servlets is allowed or not" it should
be something like "Return true if admin privileges are not required to access instrumentation,
or this user is authenticated and an administrator. Return false otherwise."
# The method checkInstrumentationAccess can be simplified a little, e.g. "return !adminAccessRequired
|| hasAdministratorAccess(...)"
# The entry for this new config in core-default.xml only lists /jmx, /metrics, and /conf.
/stacks should also be added (and /logLevel if you object to comment #1 above.)
# There's a few spots in the patch where you use 4-space indentation instead of Hadoop's standard
2.
# The test should probably also include the case where admin access is required and the user
_is_ listed as an admin.
                
> Allow configuration of authorization for JmxJsonServlet and MetricsServlet
> --------------------------------------------------------------------------
>
>                 Key: HADOOP-8343
>                 URL: https://issues.apache.org/jira/browse/HADOOP-8343
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: util
>    Affects Versions: 2.0.0
>            Reporter: Philip Zeyliger
>            Assignee: Alejandro Abdelnur
>         Attachments: HADOOP-8343.patch, HADOOP-8343.patch
>
>
> When using authorization for the daemons' web server, it would be useful to specifically
control the authorization requirements for accessing /jmx and /metrics.  Currently, they require
administrative access.  This JIRA would propose that whether or not they are available to
administrators only or to all users be controlled by "hadoop.instrumentation.requires.administrator"
(or similar).  The default would be that administrator access is required.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message