[
https://issues.apache.org/jira/browse/STORM-438?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sriharsha Chintalapani updated STORM-438:
-----------------------------------------
Description:
Storm security allows user to provider jaas.conf with StormServer and
StormClient. If the user who is submitting a topology uses StormClient keytab
than it would throw AuthorizationException. In SimpleACLAuthorizer we check if
supervisor_users contains context user if that matches we return true or false
if the operation requested is a supervisor operation.
In the above case it would return false as user exists in supervisors and the
operation requested would be "getClusterInfo". This shouldn't fail since its
part of userOperations.
> SimpleACLAuthorizer should allow users with same keytab as supervisor to
> perform user operations
> ------------------------------------------------------------------------------------------------
>
> Key: STORM-438
> URL: https://issues.apache.org/jira/browse/STORM-438
> Project: Apache Storm (Incubating)
> Issue Type: Bug
> Reporter: Sriharsha Chintalapani
> Priority: Minor
> Labels: Security
>
> Storm security allows user to provider jaas.conf with StormServer and
> StormClient. If the user who is submitting a topology uses StormClient keytab
> than it would throw AuthorizationException. In SimpleACLAuthorizer we check
> if supervisor_users contains context user if that matches we return true or
> false if the operation requested is a supervisor operation.
> In the above case it would return false as user exists in supervisors and the
> operation requested would be "getClusterInfo". This shouldn't fail since its
> part of userOperations.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
