[jira] [Commented] (OOZIE-3287) Able to access the oozie web GUI with any invalid user when oozie.authentication.simple.anonymous.allowed is false

Peter Cseh (JIRA) Fri, 15 Jun 2018 01:39:57 -0700


    [ 
https://issues.apache.org/jira/browse/OOZIE-3287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16513532#comment-16513532
 ]


Peter Cseh commented on OOZIE-3287:
-----------------------------------

Hi!
Is your cluster uses Kerberos? If not, everyone just can change usernames as 
they want.

> Able to access the oozie web GUI with any invalid user when 
> oozie.authentication.simple.anonymous.allowed is false
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: OOZIE-3287
>                 URL: https://issues.apache.org/jira/browse/OOZIE-3287
>             Project: Oozie
>          Issue Type: Bug
>          Components: ui
>    Affects Versions: 4.1.0
>            Reporter: Ramgopal N
>            Priority: Trivial
>
> i have made "oozie.authentication.simple.anonymous.allowed=false" in 
> oozie-site.xml to not allow anonymous user to access 
> "http://ooziebaseurl:11000/oozie/v2/admin/metrics";
> I want to access this url with admin user(hdfs) listed in conf/adminusers.txt 
> under oozie.
> Able to access 
> "http://ooziebaseurl:11000/oozie/v2/admin/metrics?user.name=hdfs" 
> But also able to access with any random user like 
> "http://ooziebaseurl:11000/oozie/v2/admin/metrics?user.name=XYZ";
>  
> Couldnt find any other configuration restricting radom users.
>  
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (OOZIE-3287) Able to access the oozie web GUI with any invalid user when oozie.authentication.simple.anonymous.allowed is false

Reply via email to