You are viewing a plain text version of this content. The canonical link for it is here.

Posted to common-dev@hadoop.apache.org by "Yuanbo Liu (JIRA)" <ji...@apache.org> on 2017/02/13 02:50:41 UTC

[jira] [Created] (HADOOP-14077) Improve the patch of HADOOP-13119

Yuanbo Liu created HADOOP-14077:
-----------------------------------

             Summary: Improve the patch of HADOOP-13119
                 Key: HADOOP-14077
                 URL: https://issues.apache.org/jira/browse/HADOOP-14077
             Project: Hadoop Common
          Issue Type: Improvement
            Reporter: Yuanbo Liu
            Assignee: Yuanbo Liu


For some links(such as "/jmx, /stack"), blocking the links in filter chain due to impersonation issue is not friendly for users. For example, user "sam" is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't need any user to do authorization by default. It only needs user "knox" to do authentication, in this case, it's not right to  block the access in SPNEGO filter. We intend to check impersonation permission when the method "getRemoteUser" of request is used, so that such kind of links("/jmx, /stack") would not be blocked by mistake.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org