[jira] [Commented] (STORM-446) secure Impersonation in storm

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/STORM-446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14343354#comment-14343354
 ] 

ASF GitHub Bot commented on STORM-446:
--------------------------------------

Github user revans2 commented on a diff in the pull request:

    https://github.com/apache/storm/pull/448#discussion_r25613289
  
    --- Diff: storm-core/src/clj/backtype/storm/daemon/nimbus.clj ---
    @@ -778,9 +779,22 @@
     (defn check-authorization! 
       ([nimbus storm-name storm-conf operation context]
          (let [aclHandler (:authorization-handler nimbus)
    +           impersonation-authorizer (:impersonation-authorization-handler 
nimbus)
                ctx (or context (ReqContext/context))
                check-conf (if storm-conf storm-conf (if storm-name 
{TOPOLOGY-NAME storm-name}))]
            (log-message "[req " (.requestID ctx) "] Access from: " 
(.remoteAddress ctx) " principal:" (.principal ctx) " op:" operation)
    +
    +       (if (.isImpersonating ctx)
    +         (do
    +          (log-warn "principal: " (.realPrincipal ctx) " is trying to 
impersonate principal: " (.principal ctx))
    +          (if impersonation-authorizer
    +           (if-not (.permit impersonation-authorizer ctx operation 
check-conf)
    +             (throw (AuthorizationException. (str "principal " 
(.realPrincipal ctx) " is not authorized to impersonate
    +                        principal " (.principal ctx) " from host " 
(.remoteAddress ctx) " Please see SECURITY.MD to learn
    +                        how to configure impersonation acls."))))
    +           (log-warn "impersonation attempt but " 
NIMBUS-IMPERSONATION-AUTHORIZER " has no authorizer configured. potential
    --- End diff --
    
    Do we want to fail open or fail closed in this case.  For me if someone 
tries to do impersonation and we have not configured anything for this I would 
rather fail closed.


> secure Impersonation in storm
> -----------------------------
>
>                 Key: STORM-446
>                 URL: https://issues.apache.org/jira/browse/STORM-446
>             Project: Apache Storm
>          Issue Type: Improvement
>            Reporter: Sriharsha Chintalapani
>            Assignee: Parth Brahmbhatt
>              Labels: Security
>
> Storm security adds features of authenticating with kerberos and than uses 
> that principal and TGT as way to authorize user operations, topology 
> operation. Currently Storm UI user needs to be part of nimbus.admins to get 
> details on user submitted topologies. Ideally storm ui needs to take 
> authenticated user  principal to submit requests to nimbus which will than 
> authorize the user rather than storm UI user. This feature will also benefit 
> superusers to impersonate other users to submit topologies in a secured way.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)