You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-issues@hadoop.apache.org by "Yuanbo Liu (JIRA)" <ji...@apache.org> on 2017/02/13 03:04:41 UTC

[jira] [Updated] (HADOOP-14077) Improve the patch of HADOOP-13119

     [ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Yuanbo Liu updated HADOOP-14077:
--------------------------------
    Attachment: HADOOP-14077.001.patch

> Improve the patch of HADOOP-13119
> ---------------------------------
>
>                 Key: HADOOP-14077
>                 URL: https://issues.apache.org/jira/browse/HADOOP-14077
>             Project: Hadoop Common
>          Issue Type: Improvement
>            Reporter: Yuanbo Liu
>            Assignee: Yuanbo Liu
>         Attachments: HADOOP-14077.001.patch
>
>
> For some links(such as "/jmx, /stack"), blocking the links in filter chain due to impersonation issue is not friendly for users. For example, user "sam" is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't need any user to do authorization by default. It only needs user "knox" to do authentication, in this case, it's not right to  block the access in SPNEGO filter. We intend to check impersonation permission when the method "getRemoteUser" of request is used, so that such kind of links("/jmx, /stack") would not be blocked by mistake.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org