[
https://issues.apache.org/jira/browse/OOZIE-1498?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13742393#comment-13742393
]
Robert Kanter commented on OOZIE-1498:
--------------------------------------
I'm not sure I follow the issue; can you explain it again? Also, I'd be
hesitant to change the default value of a configuration property that has been
like that for quite a long time.
> Any user is allowed to manage job not as owner
> ----------------------------------------------
>
> Key: OOZIE-1498
> URL: https://issues.apache.org/jira/browse/OOZIE-1498
> Project: Oozie
> Issue Type: Bug
> Reporter: Eugene Shevchuk
> Assignee: Eugene Shevchuk
> Attachments: OOZIE-1498.patch
>
>
> The problem was that anonymous users are enabled in oozie configuration. It
> can lead to the following problem. When user's token is expired
> PseudoAuthenticationHandler searches for user.name parameter in request.
> Obviously, it can't find it because client doesn't know anything about
> expired token. So auth handler assumes that user is anonymous and return
> anonymous token with username=null. Oozie server can't deal with doAs
> parameter and anonymous request simultaneously because 500 error will occur
> (user is null). By default this option is disabled so any user can manage any
> job. Now it's disabled by default
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
