You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-dev@hadoop.apache.org by "Yuanbo Liu (JIRA)" <ji...@apache.org> on 2017/02/13 02:50:41 UTC
[jira] [Created] (HADOOP-14077) Improve the patch of HADOOP-13119
Yuanbo Liu created HADOOP-14077:
-----------------------------------
Summary: Improve the patch of HADOOP-13119
Key: HADOOP-14077
URL: https://issues.apache.org/jira/browse/HADOOP-14077
Project: Hadoop Common
Issue Type: Improvement
Reporter: Yuanbo Liu
Assignee: Yuanbo Liu
For some links(such as "/jmx, /stack"), blocking the links in filter chain due to impersonation issue is not friendly for users. For example, user "sam" is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't need any user to do authorization by default. It only needs user "knox" to do authentication, in this case, it's not right to block the access in SPNEGO filter. We intend to check impersonation permission when the method "getRemoteUser" of request is used, so that such kind of links("/jmx, /stack") would not be blocked by mistake.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org