[
https://issues.apache.org/jira/browse/HADOOP-6568?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ravi Gummadi updated HADOOP-6568:
---------------------------------
Release Note: Added web-authorization for the default servlets - /logs,
/stacks, /logLevel, /metrics, /conf, so that only cluster administrators can
access these servlets. hadoop.cluster.administrators is the new configuration
in core-default.xml that can be used to specify the ACL against which an
authenticated user should be verified if he/she is an administrator. (was:
Added web-authorization for the default servlets - /logs, /stacks, /logLevel,
/metrics, /conf, so that only cluster administrators can access these servlets.
hadoop.http.administrators-acl is the new configuration in core-default.xml
that can be used to specify the ACL against which an authenticated user should
be verified if he/she is an administrator.)
> Authorization for default servlets
> ----------------------------------
>
> Key: HADOOP-6568
> URL: https://issues.apache.org/jira/browse/HADOOP-6568
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Reporter: Vinod K V
> Assignee: Vinod K V
> Fix For: 0.22.0
>
> Attachments: HADOOP-6568-20100216.txt, HADOOP-6568-20100224.1.txt,
> HADOOP-6568-20100224.txt, HADOOP-6568-20100225.1.txt,
> HADOOP-6568-20100225.2.txt, HADOOP-6568-20100225.txt,
> HADOOP-6568-20100226-ydist.txt, HADOOP-6568-20100226.1-ydist.patch
>
>
> We have the following default servlets: /logs, /static, /stacks, /logLevel,
> /metrics, /conf. Barring "/static", rest of the servlets provide information
> that is only for administrators. In the context of security for the
> web-servlets, we need protected access to these pages.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
