Robert Joseph Evans created STORM-349:
-----------------------------------------
Summary: (Security) ui actions should have nimbus like
authroization
Key: STORM-349
URL: https://issues.apache.org/jira/browse/STORM-349
Project: Apache Storm (Incubating)
Issue Type: Bug
Reporter: Robert Joseph Evans
The UI provides APIs to kill, rebalance, ... a topology. For security we
originally took the route to optionally disable these, but ideally the UI
server would load an IAuthorizer instance like nimbus, and check if the user is
allowed to perform that operation before doing it on behalf of the user.
This should be fairly straight forward but may require some glue code like is
being used in the drpc server for its web interface.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
