Return-Path: Delivered-To: apmail-hadoop-mapreduce-issues-archive@minotaur.apache.org Received: (qmail 98765 invoked from network); 8 Mar 2010 10:33:19 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 8 Mar 2010 10:33:19 -0000 Received: (qmail 40485 invoked by uid 500); 8 Mar 2010 10:32:56 -0000 Delivered-To: apmail-hadoop-mapreduce-issues-archive@hadoop.apache.org Received: (qmail 40397 invoked by uid 500); 8 Mar 2010 10:32:55 -0000 Mailing-List: contact mapreduce-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: mapreduce-issues@hadoop.apache.org Delivered-To: mailing list mapreduce-issues@hadoop.apache.org Received: (qmail 40389 invoked by uid 99); 8 Mar 2010 10:32:54 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Mar 2010 10:32:54 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 08 Mar 2010 10:32:48 +0000 Received: from brutus.apache.org (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 691DD234C4AC for ; Mon, 8 Mar 2010 10:32:27 +0000 (UTC) Message-ID: <1737906713.133231268044347429.JavaMail.jira@brutus.apache.org> Date: Mon, 8 Mar 2010 10:32:27 +0000 (UTC) From: "Ravi Gummadi (JIRA)" To: mapreduce-issues@hadoop.apache.org Subject: [jira] Updated: (MAPREDUCE-1455) Authorization for servlets In-Reply-To: <663344622.28361265262030144.JavaMail.jira@brutus.apache.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/MAPREDUCE-1455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ravi Gummadi updated MAPREDUCE-1455: ------------------------------------ Release Note: Adds job-level authorization to servlets(other than history related servlets) for accessing job related info. Deprecates mapreduce.jobtracker.permissions.supergroup and adds the config mapreduce.cluster.permissions.supergroup at cluster level sothat it will be used by TaskTracker also. Authorization checks are done if authentication is succeeded and mapreduce.cluster.job-authorization-enabled is set to true. > Authorization for servlets > -------------------------- > > Key: MAPREDUCE-1455 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-1455 > Project: Hadoop Map/Reduce > Issue Type: Sub-task > Components: jobtracker, security, tasktracker > Reporter: Devaraj Das > Assignee: Ravi Gummadi > Fix For: 0.22.0 > > Attachments: 1455.20S.2.fix.patch, 1455.20S.2.fix1.patch, 1455.20S.2.patch, 1455.patch, 1455.v1.patch, 1455.v2.patch, 1455.v3.patch, 1455.v4.1.patch, 1455.v4.2.patch, 1455.v4.patch > > > This jira is about building the authorization for servlets (on top of MAPREDUCE-1307). That is, the JobTracker/TaskTracker runs authorization checks on web requests based on the configured job permissions. For e.g., if the job permission is 600, then no one except the authenticated user can look at the job details via the browser. The authenticated user in the servlet can be obtained using the HttpServletRequest method. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.