hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Yang (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-14077) Improve the patch of HADOOP-13119
Date Sun, 19 Feb 2017 02:37:44 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Eric Yang updated HADOOP-14077:
-------------------------------
    Resolution: Fixed
        Status: Resolved  (was: Patch Available)

+1 looks good.  I just committed this.

> Improve the patch of HADOOP-13119
> ---------------------------------
>
>                 Key: HADOOP-14077
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14077
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>            Reporter: Yuanbo Liu
>            Assignee: Yuanbo Liu
>             Fix For: 3.0.0-alpha3
>
>         Attachments: HADOOP-14077.001.patch, HADOOP-14077.002.patch, HADOOP-14077.003.patch
>
>
> For some links(such as "/jmx, /stack"), blocking the links in filter chain due to impersonation
issue is not friendly for users. For example, user "sam" is not allowed to be impersonated
by user "knox", and the link "/jmx" doesn't need any user to do authorization by default.
It only needs user "knox" to do authentication, in this case, it's not right to  block the
access in SPNEGO filter. We intend to check impersonation permission when the method "getRemoteUser"
of request is used, so that such kind of links("/jmx, /stack") would not be blocked by mistake.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message