You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by "Rick Kellogg (JIRA)" <ji...@apache.org> on 2015/10/09 02:49:28 UTC

[jira] [Updated] (STORM-349) (Security) ui actions should have nimbus like authroization

     [ https://issues.apache.org/jira/browse/STORM-349?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rick Kellogg updated STORM-349:
-------------------------------
    Component/s: storm-core

> (Security) ui actions should have nimbus like authroization
> -----------------------------------------------------------
>
>                 Key: STORM-349
>                 URL: https://issues.apache.org/jira/browse/STORM-349
>             Project: Apache Storm
>          Issue Type: Bug
>          Components: storm-core
>            Reporter: Robert Joseph Evans
>            Assignee: Sriharsha Chintalapani
>              Labels: security
>             Fix For: 0.10.0
>
>
> The UI provides APIs to kill, rebalance, ... a topology.  For security we originally took the route to optionally disable these, but ideally the UI server would load an IAuthorizer instance like nimbus, and check if the user is allowed to perform that operation before doing it on behalf of the user.
> This should be fairly straight forward but may require some glue code like is being used in the drpc server for its web interface.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)