Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.0.0-alpha4
    • Component/s: security
    • Labels:
      None

      Description

      For some links(such as "/jmx, /stack"), blocking the links in filter chain due to impersonation issue is not friendly for users. For example, user "sam" is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't need any user to do authorization by default. It only needs user "knox" to do authentication, in this case, it's not right to block the access in SPNEGO filter. We intend to check impersonation permission when the method "getRemoteUser" of request is used, so that such kind of links("/jmx, /stack") would not be blocked by mistake.

        Attachments

        1. HADOOP-14077.003.patch
          13 kB
          Yuanbo Liu
        2. HADOOP-14077.002.patch
          9 kB
          Yuanbo Liu
        3. HADOOP-14077.001.patch
          8 kB
          Yuanbo Liu

          Issue Links

            Activity

              People

              • Assignee:
                yuanbo Yuanbo Liu
                Reporter:
                yuanbo Yuanbo Liu
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: