[
https://issues.apache.org/jira/browse/MAPREDUCE-1455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12836564#action_12836564
]
Vinod K V commented on MAPREDUCE-1455:
--------------------------------------
> What about the configuration webinterface.private.actions?
>>> We need to think of this more and decide.
Let's open a new issue.
> The variable 'conf' should actually be removed
>>> So would it be better to handle this in MAPREDUCE-1493 as that is using
>>> getJobInfo() and in turn this "conf" variable ?
+1
> Make it something like JSPUtil.checkAccessAndDoOperation(JobOperation).
>>> Hmm. This may make the method checkAccessAndDoOperation() complex
OK. We'll leave it as is.
> Authorization for servlets
> --------------------------
>
> Key: MAPREDUCE-1455
> URL: https://issues.apache.org/jira/browse/MAPREDUCE-1455
> Project: Hadoop Map/Reduce
> Issue Type: Sub-task
> Components: jobtracker, security, tasktracker
> Reporter: Devaraj Das
> Assignee: Ravi Gummadi
> Fix For: 0.22.0
>
> Attachments: 1455.patch, 1455.v1.patch
>
>
> This jira is about building the authorization for servlets (on top of
> MAPREDUCE-1307). That is, the JobTracker/TaskTracker runs authorization
> checks on web requests based on the configured job permissions. For e.g., if
> the job permission is 600, then no one except the authenticated user can look
> at the job details via the browser. The authenticated user in the servlet can
> be obtained using the HttpServletRequest method.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
