hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arshad Mohammad (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-17115) HMaster/HRegion Info Server does not honour admin.acl
Date Thu, 17 Nov 2016 07:04:59 GMT

    [ https://issues.apache.org/jira/browse/HBASE-17115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15672995#comment-15672995
] 

Arshad Mohammad commented on HBASE-17115:
-----------------------------------------

Thanks [~apurtell] and [~jinghe] for the response.
# Currently service level authorization file is used only for RPC services, not for web services
# yarn and history server are using their own admin.acl property for authorizing the web URLs.
yarn.admin.acl
mapreduce.jobhistory.admin.acl
Reference:
{code}
/hadoop/hadoop-mapreduce-project/hadoop-mapreduce-client/hadoop-mapreduce-client-common/src/main/java/org/apache/hadoop/mapreduce/v2/jobhistory/JHAdminConfig.java
(1 hit)
Line 52:   public static final String JHS_ADMIN_ACL = MR_HISTORY_PREFIX + "admin.acl";
/hadoop/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-api/src/main/java/org/apache/hadoop/yarn/conf/YarnConfiguration.java
(1 hit)
Line 308:     YARN_PREFIX + "admin.acl";
{code}
# This jira is only for handling the authorization in web URLs, authentication is already
present.

I think the web url authorization should be done the same way as being done in yarn and history
server.
any other thoughts?

> HMaster/HRegion Info Server does not honour admin.acl
> -----------------------------------------------------
>
>                 Key: HBASE-17115
>                 URL: https://issues.apache.org/jira/browse/HBASE-17115
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Arshad Mohammad
>
> Currently there is no way to enable protected URLs like /jmx,  /conf  only for admins.
This is applicable for both Master and RegionServer.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message