You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@storm.apache.org by "Robert Joseph Evans (JIRA)" <ji...@apache.org> on 2014/06/10 21:41:01 UTC
[jira] [Created] (STORM-349) (Security) ui actions should have
nimbus like authroization
Robert Joseph Evans created STORM-349:
-----------------------------------------
Summary: (Security) ui actions should have nimbus like authroization
Key: STORM-349
URL: https://issues.apache.org/jira/browse/STORM-349
Project: Apache Storm (Incubating)
Issue Type: Bug
Reporter: Robert Joseph Evans
The UI provides APIs to kill, rebalance, ... a topology. For security we originally took the route to optionally disable these, but ideally the UI server would load an IAuthorizer instance like nimbus, and check if the user is allowed to perform that operation before doing it on behalf of the user.
This should be fairly straight forward but may require some glue code like is being used in the drpc server for its web interface.
--
This message was sent by Atlassian JIRA
(v6.2#6252)