You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by "Robert Joseph Evans (JIRA)" <ji...@apache.org> on 2014/06/10 21:41:01 UTC

[jira] [Created] (STORM-349) (Security) ui actions should have nimbus like authroization

Robert Joseph Evans created STORM-349:
-----------------------------------------

             Summary: (Security) ui actions should have nimbus like authroization
                 Key: STORM-349
                 URL: https://issues.apache.org/jira/browse/STORM-349
             Project: Apache Storm (Incubating)
          Issue Type: Bug
            Reporter: Robert Joseph Evans


The UI provides APIs to kill, rebalance, ... a topology.  For security we originally took the route to optionally disable these, but ideally the UI server would load an IAuthorizer instance like nimbus, and check if the user is allowed to perform that operation before doing it on behalf of the user.

This should be fairly straight forward but may require some glue code like is being used in the drpc server for its web interface.



--
This message was sent by Atlassian JIRA
(v6.2#6252)