[
https://issues.apache.org/jira/browse/STORM-349?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14086667#comment-14086667
]
ASF GitHub Bot commented on STORM-349:
--------------------------------------
Github user harshach commented on a diff in the pull request:
https://github.com/apache/incubator-storm/pull/215#discussion_r15837693
--- Diff: storm-core/src/clj/backtype/storm/ui/helpers.clj ---
@@ -23,7 +23,8 @@
(:use [backtype.storm.util :only [clojurify-structure uuid defnk
url-encode]])
(:use [clj-time coerce format])
(:import [backtype.storm.generated ExecutorInfo ExecutorSummary])
- (:import [org.mortbay.jetty.security SslSocketConnector])
+ (:import [org.eclipse.jetty.server.ssl SslSocketConnector]
--- End diff --
@revans2 Yes upgraded the ring to 1.3.0 which uses jetty-7
> (Security) ui actions should have nimbus like authroization
> -----------------------------------------------------------
>
> Key: STORM-349
> URL: https://issues.apache.org/jira/browse/STORM-349
> Project: Apache Storm (Incubating)
> Issue Type: Bug
> Reporter: Robert Joseph Evans
> Assignee: Sriharsha Chintalapani
> Labels: security
>
> The UI provides APIs to kill, rebalance, ... a topology. For security we
> originally took the route to optionally disable these, but ideally the UI
> server would load an IAuthorizer instance like nimbus, and check if the user
> is allowed to perform that operation before doing it on behalf of the user.
> This should be fairly straight forward but may require some glue code like is
> being used in the drpc server for its web interface.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
