You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@storm.apache.org by "Nguyen, Amy" <Am...@espn.com> on 2016/05/10 19:02:29 UTC

Storm 1.0.0 simple UI auth

I have the following configured in my storm.yaml file:

ui.filter: “org.apache.hadoop.security.authentication.server.AuthenticationFilter"
ui.filter.params:
    "type": "simple"
    "user.name": “stormtest"

When I try to access the UI passing the parameter ?user.name=stormtest all is well. I’m granted access.
When I don’t pass the parameter ?user.name=stormtest all is well. I’m not grated access.

However when I pass the parameter ?user.name=hello, I am granted access to the UI. I would expect the behavior if the value of the param didn’t match what was in the storm.yaml that I would be granted access to the UI.

Has anyone else seen this issue? Did I just misconfigure something here?

Thanks!

Re: Storm 1.0.0 simple UI auth

Posted by Abhishek Agarwal <ab...@gmail.com>.
I don't know much about hadoop authentication but the code doesn't support
user.name property.
https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-auth/src/main/java/org/apache/hadoop/security/authentication/server/PseudoAuthenticationHandler.java#L39

Filter provides the option of disallowing anonymous access through
simple.anonymous.allowed property. Default value is false. It is only an
authentication filter. That means this filter validates the identity and
for which it trust the user.name you are passing. Authorization is not
performed by this filter.

On Wed, May 11, 2016 at 12:32 AM, Nguyen, Amy <Am...@espn.com> wrote:
>
> I have the following configured in my storm.yaml file:
>
> ui.filter:
“org.apache.hadoop.security.authentication.server.AuthenticationFilter"
> ui.filter.params:
>     "type": "simple"
>     "user.name": “stormtest"
>
> When I try to access the UI passing the parameter ?user.name=stormtest
all is well. I’m granted access.
> When I don’t pass the parameter ?user.name=stormtest all is well. I’m not
grated access.
>
> However when I pass the parameter ?user.name=hello, I am granted access
to the UI. I would expect the behavior if the value of the param didn’t
match what was in the storm.yaml that I would be granted access to the UI.
>
> Has anyone else seen this issue? Did I just misconfigure something here?
>
> Thanks!




--
Regards,
Abhishek Agarwal