[
https://issues.apache.org/jira/browse/HBASE-27792?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nihal Jain updated HBASE-27792:
-------------------------------
Description:
Currently RSDumpServlet and MasterDumpServlet do not require any check for
whether the user has privileges to access to instrumentation servlets.
This is unlike other servlets like ProfileServlet, ConfServlet, JMXJsonServlet
etc. which are guarded by admin checks.
Goal of this JIRA is to add similar check for RS and Master Dump Servlet. Post
this change only admins will be able to access RSDumpServlet and
MasterDumpServlet, if _hadoop.security.instrumentation.requires.admin_ is
enabled.
was:
Currently RSDumpServlet and MasterDumpServlet do not require any check for
whether the user has privileges to access to instrumentation servlets.
This is unlike other servlets like ProfileServlet, ConfServlet, JMXJsonServlet
etc. which are guarded by admin checks.
Goal of this JIRA is to add similar check for RS and Master Dump Servlet.
> Guard Master/RS Dump Servlet behind admin walls
> -----------------------------------------------
>
> Key: HBASE-27792
> URL: https://issues.apache.org/jira/browse/HBASE-27792
> Project: HBase
> Issue Type: Improvement
> Components: security, UI
> Reporter: Nihal Jain
> Assignee: Nihal Jain
> Priority: Minor
>
> Currently RSDumpServlet and MasterDumpServlet do not require any check for
> whether the user has privileges to access to instrumentation servlets.
> This is unlike other servlets like ProfileServlet, ConfServlet,
> JMXJsonServlet etc. which are guarded by admin checks.
> Goal of this JIRA is to add similar check for RS and Master Dump Servlet.
> Post this change only admins will be able to access RSDumpServlet and
> MasterDumpServlet, if _hadoop.security.instrumentation.requires.admin_ is
> enabled.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)