[
https://issues.apache.org/jira/browse/STORM-3218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Joseph Evans updated STORM-3218:
---------------------------------------
Summary: AuthorizedUserFilter should handle authorization exceptions
better. (was: Impersonation should not happen when checking security.)
> AuthorizedUserFilter should handle authorization exceptions better.
> -------------------------------------------------------------------
>
> Key: STORM-3218
> URL: https://issues.apache.org/jira/browse/STORM-3218
> Project: Apache Storm
> Issue Type: Bug
> Components: storm-webapp
> Affects Versions: 2.0.0
> Reporter: Robert Joseph Evans
> Assignee: Robert Joseph Evans
> Priority: Major
>
> Sorry I missed this before when I added back in impersonation. The code that
> gets the topology conf to validate if the user is allowed to make the given
> REST call should not be doing impersonation because. I tested the code as a
> single user, but the issue is that because the ReqContext is tied to a thread
> if we don't clear/clean up the impersonation code properly the old user is
> still in the ReqContext so when we try to get the conf we are doing it as the
> wrong user and get an error.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
