Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-9866

Support the mode where REST server authorizes proxy users

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.98.0, 0.99.0
    • REST
    • None
    • Hide
      hbase.rest.support.proxyuser when set to true would enable enable proxy-user support in the REST server. Like any other server, e.g., NameNode, which supports proxy user mode, appropriate proxy-user configuration needs to be set as well in the REST server (hadoop.proxyuser.$user.hosts, hadoop.proxyuser.$user.groups). Requests can then be made to the REST server with a 'doAs' in the query string url and if proxy user authorization check passes, the query will be executed as the 'doAs' user.
      Show
      hbase.rest.support.proxyuser when set to true would enable enable proxy-user support in the REST server. Like any other server, e.g., NameNode, which supports proxy user mode, appropriate proxy-user configuration needs to be set as well in the REST server (hadoop.proxyuser.$user.hosts, hadoop.proxyuser.$user.groups). Requests can then be made to the REST server with a 'doAs' in the query string url and if proxy user authorization check passes, the query will be executed as the 'doAs' user.

    Description

      In one use case, someone was trying to authorize with the REST server as a proxy user. That mode is not supported today.
      The curl request would be something like (assuming SPNEGO auth) - 

      curl -i --negotiate -u : http://<HOST>:<PORT>/version/cluster?doas=<USER>

      Attachments

        1. 9866-1.txt
          5 kB
          Devaraj Das
        2. 9866-2.txt
          6 kB
          Devaraj Das
        3. 9866-3.txt
          6 kB
          Devaraj Das
        4. 9866-4.txt
          6 kB
          Devaraj Das
        5. 9866-4.txt
          6 kB
          Devaraj Das

        Activity

          People

            ddas Devaraj Das
            ddas Devaraj Das
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: