You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@storm.apache.org by "Jaydeep Karia (BLOOMBERG/ 919 3RD A)" <jk...@bloomberg.net> on 2017/06/20 22:33:58 UTC
Storm UI topology administrative action buttons
Hello Storm Community!
Currently any user that has access to the Storm UI can perform the topology administrative actions: Activate, Deactivate, Rebalance and Kill.
To add authentication for these actions the security documentation in the git repo (https://github.com/apache/storm/blob/master/SECURITY.md) suggests using java servlet filters. It gives an example of how to use AuthenticationFilter from hadoop-auth using kerberos. Can we use LDAP instead? Can someone point me to a sample config.
Thank you.
Re: Storm UI topology administrative action buttons
Posted by Bobby Evans <ev...@yahoo-inc.com>.
The issue is that LDAP is not directly a web technology, so I know of no way to simply integrate LDAP with storm. It would require not just a servlet filter but also a corresponding login page that would authenticate the user with LDAP and return a cookie that could be used in future requests for the servlet filter.
Most companies already have a Single Sign On solution, like active directory, which provides LDAP integration and a landing page. Most single sign on solutions also provide a servlet filter because there are a lot of enterprise java applications.
If all you have is LDAP how are other java web applications in your company authenticating users?
- Bobby
On Tuesday, June 20, 2017, 5:34:10 PM CDT, Jaydeep Karia (BLOOMBERG/ 919 3RD A) <jk...@bloomberg.net> wrote:
Hello Storm Community!
Currently any user that has access to the Storm UI can perform the topology administrative actions: Activate, Deactivate, Rebalance and Kill.
To add authentication for these actions the security documentation in the git repo (https://github.com/apache/storm/blob/master/SECURITY.md) suggests using java servlet filters. It gives an example of how to use AuthenticationFilter from hadoop-auth using kerberos. Can we use LDAP instead? Can someone point me to a sample config.
Thank you.