Github user revans2 commented on a diff in the pull request:
https://github.com/apache/storm/pull/448#discussion_r25521108
--- Diff:
storm-core/src/jvm/backtype/storm/security/auth/authorizer/SimpleACLAuthorizer.java
---
@@ -50,6 +50,7 @@
protected Set<String> _supervisors;
protected IPrincipalToLocal _ptol;
protected IGroupMappingServiceProvider _groupMappingProvider;
+ protected ImpersonationAuthorizer _impersonationAuthorizer;
--- End diff --
I don't really like the idea of having all authorizers have to be updated
to support the impersonation code. I would much rather have the code spliced
in at a much higher level that cannot be turned off. Otherwise a custom
IAuthorizer instance that does not know to update after this change is now wide
open for anyone to impersonate anyone else. The logging changes should also
probably happen at the same level.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
