[
https://issues.apache.org/jira/browse/STORM-349?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14086673#comment-14086673
]
ASF GitHub Bot commented on STORM-349:
--------------------------------------
Github user harshach commented on a diff in the pull request:
https://github.com/apache/incubator-storm/pull/215#discussion_r15837836
--- Diff: storm-core/pom.xml ---
@@ -197,6 +201,21 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-auth</artifactId>
--- End diff --
@revans2 I understand having that as dependency is going to be issue. But
wanted to have kerberos based filter to be shipped with storm it will give
users an easy access instead of putting hadoop-auth in the classpath to enable
the filter. What you think about copying required code from hadoop-auth into
storm. Mostly duplicating as there wasn't anything to chnage apart from
probably cookie name.
> (Security) ui actions should have nimbus like authroization
> -----------------------------------------------------------
>
> Key: STORM-349
> URL: https://issues.apache.org/jira/browse/STORM-349
> Project: Apache Storm (Incubating)
> Issue Type: Bug
> Reporter: Robert Joseph Evans
> Assignee: Sriharsha Chintalapani
> Labels: security
>
> The UI provides APIs to kill, rebalance, ... a topology. For security we
> originally took the route to optionally disable these, but ideally the UI
> server would load an IAuthorizer instance like nimbus, and check if the user
> is allowed to perform that operation before doing it on behalf of the user.
> This should be fairly straight forward but may require some glue code like is
> being used in the drpc server for its web interface.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
