[
https://issues.apache.org/jira/browse/OOZIE-1498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13741214#comment-13741214
]
Hadoop QA commented on OOZIE-1498:
----------------------------------
Testing JIRA OOZIE-1498
Cleaning local svn workspace
----------------------------
{color:red}-1{color} Patch failed to apply to head of branch
----------------------------
> Any user is allowed to manage job not as owner
> ----------------------------------------------
>
> Key: OOZIE-1498
> URL: https://issues.apache.org/jira/browse/OOZIE-1498
> Project: Oozie
> Issue Type: Bug
> Reporter: Eugene Shevchuk
> Attachments: fix.patch
>
>
> The problem was that anonymous users are enabled in oozie configuration. It
> can lead to the following problem. When user's token is expired
> PseudoAuthenticationHandler searches for user.name parameter in request.
> Obviously, it can't find it because client doesn't know anything about
> expired token. So auth handler assumes that user is anonymous and return
> anonymous token with username=null. Oozie server can't deal with doAs
> parameter and anonymous request simultaneously because 500 error will occur
> (user is null). By default this option is disabled so any user can manage any
> job. Now it's disabled by default
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
