You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@storm.apache.org by "Robert Joseph Evans (JIRA)" <ji...@apache.org> on 2018/09/11 13:29:00 UTC
[jira] [Created] (STORM-3218) Impersonation should not happen when
checking security.
Robert Joseph Evans created STORM-3218:
------------------------------------------
Summary: Impersonation should not happen when checking security.
Key: STORM-3218
URL: https://issues.apache.org/jira/browse/STORM-3218
Project: Apache Storm
Issue Type: Bug
Components: storm-webapp
Affects Versions: 2.0.0
Reporter: Robert Joseph Evans
Assignee: Robert Joseph Evans
Sorry I missed this before when I added back in impersonation. The code that gets the topology conf to validate if the user is allowed to make the given REST call should not be doing impersonation because. I tested the code as a single user, but the issue is that because the ReqContext is tied to a thread if we don't clear/clean up the impersonation code properly the old user is still in the ReqContext so when we try to get the conf we are doing it as the wrong user and get an error.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)