You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by "Rick Kellogg (JIRA)" <ji...@apache.org> on 2015/10/05 03:58:26 UTC

[jira] [Updated] (STORM-438) SimpleACLAuthorizer should allow users with same keytab as supervisor to perform user operations

     [ https://issues.apache.org/jira/browse/STORM-438?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Rick Kellogg updated STORM-438:
-------------------------------
    Component/s: storm-core

> SimpleACLAuthorizer should allow users with same keytab as supervisor to perform user operations
> ------------------------------------------------------------------------------------------------
>
>                 Key: STORM-438
>                 URL: https://issues.apache.org/jira/browse/STORM-438
>             Project: Apache Storm
>          Issue Type: Bug
>          Components: storm-core
>            Reporter: Sriharsha Chintalapani
>            Priority: Minor
>              Labels: Security
>
> Storm security allows user to provider jaas.conf with StormServer and StormClient. If the user who is submitting a topology uses StormClient keytab  than it would throw AuthorizationException. In SimpleACLAuthorizer we check if supervisor_users contains context user if that matches we return true or false if the operation requested is a supervisor operation.
> In the above case it would return false as user exists in supervisors and the operation requested would be "getClusterInfo". This shouldn't fail since its part of userOperations.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)