[jira] [Created] (OOZIE-3287) Able to access the oozie web GUI with any invalid user when oozie.authentication.simple.anonymous.allowed is false

Ramgopal N (JIRA) Fri, 15 Jun 2018 00:41:30 -0700

Ramgopal N created OOZIE-3287:
---------------------------------

             Summary: Able to access the oozie web GUI with any invalid user 
when oozie.authentication.simple.anonymous.allowed is false
                 Key: OOZIE-3287
                 URL: https://issues.apache.org/jira/browse/OOZIE-3287
             Project: Oozie
          Issue Type: Bug
          Components: ui
    Affects Versions: 4.1.0
            Reporter: Ramgopal N



i have made "oozie.authentication.simple.anonymous.allowed=false" in 
oozie-site.xml to not allow anonymous user to access 
"http://ooziebaseurl:11000/oozie/v2/admin/metrics";

I want to access this url with admin user(hdfs) listed in conf/adminusers.txt 
under oozie.

Able to access 
"http://ooziebaseurl:11000/oozie/v2/admin/metrics?user.name=hdfs" 

But also able to access with any random user like 
"http://ooziebaseurl:11000/oozie/v2/admin/metrics?user.name=XYZ";

 

Couldnt find any other configuration restricting radom users.

 

 

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (OOZIE-3287) Able to access the oozie web GUI with any invalid user when oozie.authentication.simple.anonymous.allowed is false

Reply via email to