[
https://issues.apache.org/jira/browse/STORM-438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14086401#comment-14086401
]
Sriharsha Chintalapani commented on STORM-438:
----------------------------------------------
[~revans2] Does it makes sense to allow userOperations succeed for supervisor
users.
Is it ok if a user exists in nimbus.supervisor.users they won't be able to
submit topologies or request clusterInfo.
> SimpleACLAuthorizer should allow users with same keytab as supervisor to
> perform user operations
> ------------------------------------------------------------------------------------------------
>
> Key: STORM-438
> URL: https://issues.apache.org/jira/browse/STORM-438
> Project: Apache Storm (Incubating)
> Issue Type: Bug
> Reporter: Sriharsha Chintalapani
> Priority: Minor
> Labels: Security
>
> Storm security allows user to provider jaas.conf with StormServer and
> StormClient. If the user who is submitting a topology uses StormClient keytab
> than it would throw AuthorizationException. In SimpleACLAuthorizer we check
> if supervisor_users contains context user if that matches we return true or
> false if the operation requested is a supervisor operation.
> In the above case it would return false as user exists in supervisors and the
> operation requested would be "getClusterInfo". This shouldn't fail since its
> part of userOperations.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
