[ https://issues.apache.org/jira/browse/HADOOP-14077?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Douglas resolved HADOOP-14077. ------------------------------------ Resolution: Fixed This has already been part of a release. Please leave it resolved. > Improve the patch of HADOOP-13119 > --------------------------------- > > Key: HADOOP-14077 > URL: https://issues.apache.org/jira/browse/HADOOP-14077 > Project: Hadoop Common > Issue Type: Improvement > Components: security > Reporter: Yuanbo Liu > Assignee: Yuanbo Liu > Priority: Major > Fix For: 3.0.0-alpha4 > > Attachments: HADOOP-14077.001.patch, HADOOP-14077.002.patch, > HADOOP-14077.003.patch > > > For some links(such as "/jmx, /stack"), blocking the links in filter chain > due to impersonation issue is not friendly for users. For example, user "sam" > is not allowed to be impersonated by user "knox", and the link "/jmx" doesn't > need any user to do authorization by default. It only needs user "knox" to do > authentication, in this case, it's not right to block the access in SPNEGO > filter. We intend to check impersonation permission when the method > "getRemoteUser" of request is used, so that such kind of links("/jmx, > /stack") would not be blocked by mistake. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-dev-h...@hadoop.apache.org