You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@storm.apache.org by "Robert Joseph Evans (JIRA)" <ji...@apache.org> on 2014/11/18 16:12:34 UTC
[jira] [Commented] (STORM-410) (Security) add groups support to UI
and logviewer
[ https://issues.apache.org/jira/browse/STORM-410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14216268#comment-14216268 ]
Robert Joseph Evans commented on STORM-410:
-------------------------------------------
Yes, I forgot about that we had switched authorization for the UI over to use the Authorizer. The log viewer still needs to be updated though, and we need to deprecate or remove UI_USERS from Config.java (as it is no longer supported).
[~speaktoraghav] if you don't mind I have some code to do the log viewer changes already, and I will throw up a pull request for that, and to remove the unneeded USERS config.
> (Security) add groups support to UI and logviewer
> -------------------------------------------------
>
> Key: STORM-410
> URL: https://issues.apache.org/jira/browse/STORM-410
> Project: Apache Storm
> Issue Type: Improvement
> Affects Versions: 0.10.0
> Reporter: Robert Joseph Evans
> Assignee: Raghavendra Nandagopal
> Labels: security
>
> Once STORM-347 goes in we should look at allowing topologies to grant access to the UI and logs by group, not just by user. This should probably involve adding in new configs for ui and logs groups. Updating the code that does checks to also check if the user is a part of these groups, and updating the logviewer metadata file to include the groups allowed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)