hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yuanbo Liu (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-14077) Improve the patch of HADOOP-13119
Date Mon, 13 Feb 2017 03:04:41 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Yuanbo Liu updated HADOOP-14077:
    Attachment: HADOOP-14077.001.patch

> Improve the patch of HADOOP-13119
> ---------------------------------
>                 Key: HADOOP-14077
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14077
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Yuanbo Liu
>            Assignee: Yuanbo Liu
>         Attachments: HADOOP-14077.001.patch
> For some links(such as "/jmx, /stack"), blocking the links in filter chain due to impersonation
issue is not friendly for users. For example, user "sam" is not allowed to be impersonated
by user "knox", and the link "/jmx" doesn't need any user to do authorization by default.
It only needs user "knox" to do authentication, in this case, it's not right to  block the
access in SPNEGO filter. We intend to check impersonation permission when the method "getRemoteUser"
of request is used, so that such kind of links("/jmx, /stack") would not be blocked by mistake.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message