[
https://issues.apache.org/jira/browse/HADOOP-8343?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alejandro Abdelnur updated HADOOP-8343:
---------------------------------------
Status: Open (was: Patch Available)
After some investigation on how the HttpServer binds the JMX and METRICS
servlets (hardcoded not to add the SPNEGO filter) it seems to me that the
correct approach would be:
* have a 'hadoop.security.require.authentication.for.instrumentation' config
property set to FALSE by default.
* HttpServer addition of JMX, METRICS and CONF servlets should register the
servlets to require authentication or not based on the above property.
* remove the hasAdminAccess check for the JMX, METRICS and CONF servlets.
> Allow configuration of authorization for JmxJsonServlet and MetricsServlet
> --------------------------------------------------------------------------
>
> Key: HADOOP-8343
> URL: https://issues.apache.org/jira/browse/HADOOP-8343
> Project: Hadoop Common
> Issue Type: New Feature
> Components: util
> Affects Versions: 2.0.0
> Reporter: Philip Zeyliger
> Assignee: Alejandro Abdelnur
> Attachments: HADOOP-8343.patch
>
>
> When using authorization for the daemons' web server, it would be useful to
> specifically control the authorization requirements for accessing /jmx and
> /metrics. Currently, they require administrative access. This JIRA would
> propose that whether or not they are available to administrators only or to
> all users be controlled by "hadoop.instrumentation.requires.administrator"
> (or similar). The default would be that administrator access is required.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
