You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@mesos.apache.org by "Greg Mann (JIRA)" <ji...@apache.org> on 2016/05/06 21:22:12 UTC
[jira] [Issue Comment Deleted] (MESOS-5286) Add authorization to
libprocess HTTP endpoints
[ https://issues.apache.org/jira/browse/MESOS-5286?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Greg Mann updated MESOS-5286:
-----------------------------
Comment: was deleted
(was: The above patches accomplish a working solution for the two endpoints indicated, with the endpoint handlers performing the authorization calls. The following two patches move the authorization calls into {{ProcessBase::visit}}, where the HTTP authentication calls also reside, so that the authorization results can be more easily sequenced to ensure that operations are performed in the same order in which they are received. This means that the endpoint handlers of any endpoint with an authorization callback installed in libprocess will only receive requests that have been both authenticated and authorized.
https://reviews.apache.org/r/46989/
https://reviews.apache.org/r/46990/)
> Add authorization to libprocess HTTP endpoints
> ----------------------------------------------
>
> Key: MESOS-5286
> URL: https://issues.apache.org/jira/browse/MESOS-5286
> Project: Mesos
> Issue Type: Improvement
> Components: libprocess
> Reporter: Greg Mann
> Assignee: Greg Mann
> Labels: mesosphere
> Fix For: 0.29.0
>
>
> Now that the libprocess-level HTTP endpoints have had authentication added to them in MESOS-4902, we can add authorization to them as well. As a first step, we can implement a "coarse-grained" approach, in which a principal is granted or denied access to a given endpoint. We will likely need to register an authorizer with libprocess.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)