[HADOOP-14060] HTTP servlet /logs should require authentication and authorization - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Reopened
Priority: Critical
Resolution: Unresolved
Affects Version/s: 3.0.0-alpha4
Fix Version/s: None
Component/s: kms
Labels:
None

Target Version/s:

3.5.0

Description

~~HADOOP-14047~~ makes KMS call HttpServer2#setACL. Access control works fine for /conf, /jmx, /logLevel, and /stacks, but not for /logs.

The code in AdminAuthorizedServlet#doGet for /logs and ConfServlet#doGet for /conf are quite similar. This makes me believe that /logs should subject to the same access control as intended by the original developer.

IMHO this could either be my misconfiguration or there is a bug somewhere in HttpServer2.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-14060-tmp.001.patch
22/Feb/17 06:30
1 kB
Yuanbo Liu

Issue Links

is related to

HADOOP-13119 Add ability to secure log servlet using proxy users

Resolved

HADOOP-14077 Improve the patch of HADOOP-13119

Resolved

relates to

HADOOP-14047 Require admin to access KMS instrumentation servlets

Resolved

HDFS-10860 Switch HttpFS from Tomcat to Jetty

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: John Zhuge

Votes:: 0 Vote for this issue

Watchers:: 14 Start watching this issue

Dates

Created:: 06/Feb/17 06:56

Updated:: 04/Jan/24 12:02