[
https://issues.apache.org/jira/browse/STORM-349?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14079522#comment-14079522
]
Sriharsha Chintalapani commented on STORM-349:
----------------------------------------------
[~revans2] I am working on this JIRA. To clarify we need a UI filter class that
can authenticate users against to kerberos and let them login and show only the
topologies that users are authorized for. Please let me know if there are any
other requirements that I need to consider. Thanks.
> (Security) ui actions should have nimbus like authroization
> -----------------------------------------------------------
>
> Key: STORM-349
> URL: https://issues.apache.org/jira/browse/STORM-349
> Project: Apache Storm (Incubating)
> Issue Type: Bug
> Reporter: Robert Joseph Evans
> Labels: security
>
> The UI provides APIs to kill, rebalance, ... a topology. For security we
> originally took the route to optionally disable these, but ideally the UI
> server would load an IAuthorizer instance like nimbus, and check if the user
> is allowed to perform that operation before doing it on behalf of the user.
> This should be fairly straight forward but may require some glue code like is
> being used in the drpc server for its web interface.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
