[ https://issues.apache.org/jira/browse/HADOOP-10679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14027125#comment-14027125 ]
Benoy Antony commented on HADOOP-10679: --------------------------------------- Here is the proposal: 1. Define an AuthorizationFilter. 2. The AuthorizationFilter looks up ACL in hadoop-policy.xml using the key derived from HttpServletRequest.getServletPath() . 3. If ACL is not found, the ACL defaults to *. This will inherit the following features (in progress) Note 1 : Administrator can override default ACL - HADOOP-10649 Note 2 : Administrator can specify a reverse ACL - HADOOP-10650 Note 3 : Administrator block/grant access via IPS - HADOOP-10651 Note 4 : One can plugin a different AuthZ module - HADOOP-10654 > Authorize webui access using ServiceAuthorizationManager > -------------------------------------------------------- > > Key: HADOOP-10679 > URL: https://issues.apache.org/jira/browse/HADOOP-10679 > Project: Hadoop Common > Issue Type: Sub-task > Components: security > Reporter: Benoy Antony > Assignee: Benoy Antony > > Currently accessing Hadoop via RPC can be authorized using > _ServiceAuthorizationManager_. But there is no uniform authorization of the > HTTP access. Some of the servlets check for admin privilege. > This creates an inconsistency of authorization between access via RPC vs > HTTP. > The fix is to enable authorization of the webui access using > _ServiceAuthorizationManager_. -- This message was sent by Atlassian JIRA (v6.2#6252)