You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Chris Douglas (JIRA)" <ji...@apache.org> on 2018/02/13 19:28:00 UTC
[jira] [Resolved] (HADOOP-14077) Improve the patch of HADOOP-13119
[ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Douglas resolved HADOOP-14077.
------------------------------------
Resolution: Fixed
This has already been part of a release. Please leave it resolved.
> Improve the patch of HADOOP-13119
> ---------------------------------
>
> Key: HADOOP-14077
> URL: https://issues.apache.org/jira/browse/HADOOP-14077
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Yuanbo Liu
> Assignee: Yuanbo Liu
> Priority: Major
> Fix For: 3.0.0-alpha4
>
> Attachments: HADOOP-14077.001.patch, HADOOP-14077.002.patch, HADOOP-14077.003.patch
>
>
> For some links(such as "/jmx, /stack"), blocking the links in filter chain due to impersonation issue is not friendly for users. For example, user "sam" is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't need any user to do authorization by default. It only needs user "knox" to do authentication, in this case, it's not right to block the access in SPNEGO filter. We intend to check impersonation permission when the method "getRemoteUser" of request is used, so that such kind of links("/jmx, /stack") would not be blocked by mistake.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org