Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 0E0A4200C2E for ; Sun, 19 Feb 2017 03:38:20 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 053D1160B71; Sun, 19 Feb 2017 02:38:20 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 4F0FE160B66 for ; Sun, 19 Feb 2017 03:38:19 +0100 (CET) Received: (qmail 57538 invoked by uid 500); 19 Feb 2017 02:38:18 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 57527 invoked by uid 99); 19 Feb 2017 02:38:18 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 19 Feb 2017 02:38:18 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 0F9E4180535 for ; Sun, 19 Feb 2017 02:38:18 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-2.999] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 5rYlJJzHxBIV for ; Sun, 19 Feb 2017 02:38:17 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id BAA0B5F36C for ; Sun, 19 Feb 2017 02:38:16 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 83D9EE044C for ; Sun, 19 Feb 2017 02:37:44 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 352562411F for ; Sun, 19 Feb 2017 02:37:44 +0000 (UTC) Date: Sun, 19 Feb 2017 02:37:44 +0000 (UTC) From: "Eric Yang (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HADOOP-14077) Improve the patch of HADOOP-13119 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Sun, 19 Feb 2017 02:38:20 -0000 [ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eric Yang updated HADOOP-14077: ------------------------------- Fix Version/s: 3.0.0-alpha3 Component/s: security > Improve the patch of HADOOP-13119 > --------------------------------- > > Key: HADOOP-14077 > URL: https://issues.apache.org/jira/browse/HADOOP-14077 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Reporter: Yuanbo Liu > Assignee: Yuanbo Liu > Fix For: 3.0.0-alpha3 > > Attachments: HADOOP-14077.001.patch, HADOOP-14077.002.patch, HADOOP-14077.003.patch > > > For some links(such as "/jmx, /stack"), blocking the links in filter chain due to impersonation issue is not friendly for users. For example, user "sam" is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't need any user to do authorization by default. It only needs user "knox" to do authentication, in this case, it's not right to block the access in SPNEGO filter. We intend to check impersonation permission when the method "getRemoteUser" of request is used, so that such kind of links("/jmx, /stack") would not be blocked by mistake. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org For additional commands, e-mail: common-issues-help@hadoop.apache.org