Details
-
New Feature
-
Status: Patch Available
-
Major
-
Resolution: Unresolved
-
None
-
None
Description
Currently accessing Hadoop via RPC can be authorized using ServiceAuthorizationManager. But there is no uniform authorization of the HTTP access. Some of the servlets check for admin privilege.
This creates an inconsistency of authorization between access via RPC vs HTTP.
The fix is to enable authorization of the webui access also using ServiceAuthorizationManager.
Attachments
Attachments
Issue Links
- depends upon
-
HADOOP-10650 Add ability to specify a reverse ACL (black list) of users and groups
- Closed
-
HADOOP-10651 Add ability to restrict service access using IP addresses and hostnames
- Closed
- relates to
-
YARN-6254 Provide a mechanism to whitelist the RM REST API clients
- Open
-
HADOOP-10671 Unify and simplify common configurations for authentication filters between web console and web hdfs
- Patch Available
1.
|
Refactor Service Authorization Framework | Patch Available | Benoy Antony | |
2.
|
Add an authorization framework for HTTP access | Open | Benoy Antony |