You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@storm.apache.org by "Robert Joseph Evans (JIRA)" <ji...@apache.org> on 2018/09/11 13:29:00 UTC

[jira] [Created] (STORM-3218) Impersonation should not happen when checking security.

Robert Joseph Evans created STORM-3218:
------------------------------------------

             Summary: Impersonation should not happen when checking security.
                 Key: STORM-3218
                 URL: https://issues.apache.org/jira/browse/STORM-3218
             Project: Apache Storm
          Issue Type: Bug
          Components: storm-webapp
    Affects Versions: 2.0.0
            Reporter: Robert Joseph Evans
            Assignee: Robert Joseph Evans


Sorry I missed this before when I added back in impersonation.  The code that gets the topology conf to validate if the user is allowed to make the given REST call should not be doing impersonation because.  I tested the code as a single user, but the issue is that because the ReqContext is tied to a thread if we don't clear/clean up the impersonation code properly the old user is still in the ReqContext so when we try to get the conf we are doing it as the wrong user and get an error.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)