[
https://issues.apache.org/jira/browse/HADOOP-5740?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12703697#action_12703697
]
Steve Loughran commented on HADOOP-5740:
----------------------------------------
Hadoop doesn't work at all with a proper security manager, noted in
HADOOP-5731, caused by the service level auth of HADOOP-4348.
Even if you switch to a minimal security manager that blocks System.exit()
calls (see HADOOP-4532 and HADOOP-5453) but doesnt delegate authorisation to
the normal sun policy-driven code doesn't work, because libraries in Hadoop
(here, jetty) and elsewhere RMI both check for a security manager being
present, and if so, get the codebase's policy and add rights to it. That is,
they assume that they can do this, and that it is needed.
This patch lets both libraries get away with setting permissions, without
paying any attention to the values. It is not a step towards hosting Hadoop
under a fully functional security manager, but should be enough to run Hadoop
under a simple manager that blocks exit calls unless asked very nicely.
Now, ultimately, I would like to work with a Security Manager, but fixing that
is going to require way more effort.
> Hadoop JSP pages don't work under a security manager
> ----------------------------------------------------
>
> Key: HADOOP-5740
> URL: https://issues.apache.org/jira/browse/HADOOP-5740
> Project: Hadoop Core
> Issue Type: Bug
> Components: fs, mapred
> Affects Versions: 0.21.0
> Reporter: Steve Loughran
> Assignee: Steve Loughran
> Priority: Minor
> Attachments: hadoop-5740.patch
>
>
> When you run Hadoop under a security manager that says "yes" to all security
> checks, you get stack traces when Jetty tries to initialise the JSP engine.
> Which implies you can't use Jasper under a security manager
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
