Github user revans2 commented on the pull request:
https://github.com/apache/incubator-storm/pull/215#issuecomment-51250810
Overall it looks good. I think in the future we probably want to explore
allowing the UI to pretend to be a different user to nimbus. This would make
the code a lot simpler, and would open up a number of other possibilities in
the future.
We could try to do this by modifying the SASL negotiation that happens when
authenticating the connection, but I think it would be simpler to update the
different Thrift operations to optionally include a doAs argument. Then Nimbus
would validate that the real user is authorized to perform operations on behalf
of other users and update things accordingly. Perhaps you could file a JIRA
for this.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
