Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
Description
For some links(such as "/jmx, /stack"), blocking the links in filter chain due to impersonation issue is not friendly for users. For example, user "sam" is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't need any user to do authorization by default. It only needs user "knox" to do authentication, in this case, it's not right to block the access in SPNEGO filter. We intend to check impersonation permission when the method "getRemoteUser" of request is used, so that such kind of links("/jmx, /stack") would not be blocked by mistake.
Attachments
Attachments
Issue Links
- is superceded by
-
HADOOP-15222 Refine proxy user authorization to support multiple ACL list
- Open
- relates to
-
HADOOP-14060 HTTP servlet /logs should require authentication and authorization
- Reopened
-
HADOOP-13119 Add ability to secure log servlet using proxy users
- Resolved