hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yuanbo Liu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-14077) Improve the patch of HADOOP-13119
Date Tue, 14 Feb 2017 04:13:41 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15865021#comment-15865021
] 

Yuanbo Liu commented on HADOOP-14077:
-------------------------------------

[~eyang] Sorry to interrupt, would you mind reviewing patch. Thanks in advance.

> Improve the patch of HADOOP-13119
> ---------------------------------
>
>                 Key: HADOOP-14077
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14077
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Yuanbo Liu
>            Assignee: Yuanbo Liu
>         Attachments: HADOOP-14077.001.patch, HADOOP-14077.002.patch
>
>
> For some links(such as "/jmx, /stack"), blocking the links in filter chain due to impersonation
issue is not friendly for users. For example, user "sam" is not allowed to be impersonated
by user "knox", and the link "/jmx" doesn't need any user to do authorization by default.
It only needs user "knox" to do authentication, in this case, it's not right to  block the
access in SPNEGO filter. We intend to check impersonation permission when the method "getRemoteUser"
of request is used, so that such kind of links("/jmx, /stack") would not be blocked by mistake.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message