Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-9866

Support the mode where REST server authorizes proxy users

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.98.0, 0.99.0
    • Component/s: REST
    • Labels:
      None
    • Release Note:
      Hide
      hbase.rest.support.proxyuser when set to true would enable enable proxy-user support in the REST server. Like any other server, e.g., NameNode, which supports proxy user mode, appropriate proxy-user configuration needs to be set as well in the REST server (hadoop.proxyuser.$user.hosts, hadoop.proxyuser.$user.groups). Requests can then be made to the REST server with a 'doAs' in the query string url and if proxy user authorization check passes, the query will be executed as the 'doAs' user.
      Show
      hbase.rest.support.proxyuser when set to true would enable enable proxy-user support in the REST server. Like any other server, e.g., NameNode, which supports proxy user mode, appropriate proxy-user configuration needs to be set as well in the REST server (hadoop.proxyuser.$user.hosts, hadoop.proxyuser.$user.groups). Requests can then be made to the REST server with a 'doAs' in the query string url and if proxy user authorization check passes, the query will be executed as the 'doAs' user.

      Description

      In one use case, someone was trying to authorize with the REST server as a proxy user. That mode is not supported today.
      The curl request would be something like (assuming SPNEGO auth) -

      curl -i --negotiate -u : http://<HOST>:<PORT>/version/cluster?doas=<USER>
      

        Attachments

        1. 9866-1.txt
          5 kB
          Devaraj Das
        2. 9866-2.txt
          6 kB
          Devaraj Das
        3. 9866-3.txt
          6 kB
          Devaraj Das
        4. 9866-4.txt
          6 kB
          Devaraj Das
        5. 9866-4.txt
          6 kB
          Devaraj Das

          Activity

            People

            • Assignee:
              devaraj Devaraj Das
              Reporter:
              devaraj Devaraj Das
            • Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: