[jira] [Updated] (DRILL-6690) Non-admin users can access threads page using restAPI

Wed, 15 Aug 2018 14:30:51 -0700 


     [ 
https://issues.apache.org/jira/browse/DRILL-6690?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Krystal updated DRILL-6690:
---------------------------
    Description: 
Through restapi, non-admin users can access drill threads data:
{code:java}
curl -b ~/.drill_cookies -k -H "Content-Type: application/json"  -X GET  
https://10.10.30.206:8047/status/threads
"Reference Handler" id=2 state=WAITING
    - waiting on <0x15c20b08> (a java.lang.ref.Reference$Lock)
    - locked <0x15c20b08> (a java.lang.ref.Reference$Lock)
    at java.lang.Object.wait(Native Method)
    at java.lang.Object.wait(Object.java:502)
    at java.lang.ref.Reference.tryHandlePending(Reference.java:191)
    at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:153)
{code}

  was:
Through restapi, non-admin users can access drill metrics data:
{code:java}
[root@mfs41 ~]# curl -b ~/.drill_cookies -k -H "Content-Type: application/json" 
 -X GET  https://10.10.10.000:8047/status/metrics
{"version":"4.0.0","gauges":{"G1-Old-Generation.count":{"value":0},"G1-Old-Generation.time":{"value":0},"G1-Young-Generation.count":{"value":8},"G1-Young-Generation.time":{"value":329},"blocked.count":{"value":0},"count":{"value":28},"daemon.count":{"value":19},...{code}


> Non-admin users can access threads page using restAPI
> -----------------------------------------------------
>
>                 Key: DRILL-6690
>                 URL: https://issues.apache.org/jira/browse/DRILL-6690
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Security
>    Affects Versions: 1.14.0
>            Reporter: Krystal
>            Priority: Major
>
> Through restapi, non-admin users can access drill threads data:
> {code:java}
> curl -b ~/.drill_cookies -k -H "Content-Type: application/json"  -X GET  
> https://10.10.30.206:8047/status/threads
> "Reference Handler" id=2 state=WAITING
>     - waiting on <0x15c20b08> (a java.lang.ref.Reference$Lock)
>     - locked <0x15c20b08> (a java.lang.ref.Reference$Lock)
>     at java.lang.Object.wait(Native Method)
>     at java.lang.Object.wait(Object.java:502)
>     at java.lang.ref.Reference.tryHandlePending(Reference.java:191)
>     at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:153)
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to