You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@storm.apache.org by "Rick Kellogg (JIRA)" <ji...@apache.org> on 2015/10/05 03:58:26 UTC
[jira] [Updated] (STORM-438) SimpleACLAuthorizer should allow users
with same keytab as supervisor to perform user operations
[ https://issues.apache.org/jira/browse/STORM-438?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rick Kellogg updated STORM-438:
-------------------------------
Component/s: storm-core
> SimpleACLAuthorizer should allow users with same keytab as supervisor to perform user operations
> ------------------------------------------------------------------------------------------------
>
> Key: STORM-438
> URL: https://issues.apache.org/jira/browse/STORM-438
> Project: Apache Storm
> Issue Type: Bug
> Components: storm-core
> Reporter: Sriharsha Chintalapani
> Priority: Minor
> Labels: Security
>
> Storm security allows user to provider jaas.conf with StormServer and StormClient. If the user who is submitting a topology uses StormClient keytab than it would throw AuthorizationException. In SimpleACLAuthorizer we check if supervisor_users contains context user if that matches we return true or false if the operation requested is a supervisor operation.
> In the above case it would return false as user exists in supervisors and the operation requested would be "getClusterInfo". This shouldn't fail since its part of userOperations.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)