[
https://issues.apache.org/jira/browse/AURORA-1746?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Benjamin Staffin closed AURORA-1746.
------------------------------------
Resolution: Duplicate
Whoops, I was testing against an old version of Aurora.
> Shiro authorization errors could be friendlier
> ----------------------------------------------
>
> Key: AURORA-1746
> URL: https://issues.apache.org/jira/browse/AURORA-1746
> Project: Aurora
> Issue Type: Story
> Components: Scheduler
> Reporter: Benjamin Staffin
> Priority: Minor
>
> When the scheduler is configured to use Kerberos auth with shiro, the error
> messages it returns to clients are not as informative as they could be. For
> example:
> {code}
> Subject org.apache.shiro.web.subject.support.WebDelegatingSubject@585fe96c is
> not permitted to JobScopedRpcPermission{rpc=startJobUpdate,
> permittedJob=IJobKey{role=foo, environment=devel, name=fancyjob}}
> {code}
> It would be very nice if the message masked the
> {{org.apache.shiro.web.subject[...]}} class name and either (a) listed the
> actual subject/principal name of the client ({{[email protected]}}), or (b)
> generically referred to "the client".
> I would also suggest using the term "authorized" rather than "permitted".
> This is probably debatable, and the semantic difference is minimal, but to me
> the former more directly hints at a thing that can be configured, whereas the
> current message might be misinterpreted to mean something that cannot be done
> at all.
> For bonus points, also rewrite the {{JobScopedRpcPermission}} part of the
> message to be friendlier. That part at least includes enough details that an
> informed user could figure out what it means after staring at it a bit.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
