[
https://issues.apache.org/jira/browse/HADOOP-8343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13267901#comment-13267901
]
Aaron T. Myers commented on HADOOP-8343:
----------------------------------------
Patch looks pretty good to me. Just a few small comments. +1 once these are
addressed:
# I think we should take /logLevel out of the set of servlets which this new
config allows anon access to. Since its writable, it seems like requiring admin
access in all cases is reasonable.
# Recommend renaming "hadoop.security.authorization.for.instrumentation" to
"hadoop.security.instrumentation.requires.admin".
# Recommend renaming "checkInstrumentationAccess" to
"isInstrumentationAccessAllowed".
# The method comment of checkInstrumentationAccess is a little misleading.
Instead of "Returns if anonymous authentication access to instrumentation
servlets is allowed or not" it should be something like "Return true if admin
privileges are not required to access instrumentation, or this user is
authenticated and an administrator. Return false otherwise."
# The method checkInstrumentationAccess can be simplified a little, e.g.
"return !adminAccessRequired || hasAdministratorAccess(...)"
# The entry for this new config in core-default.xml only lists /jmx, /metrics,
and /conf. /stacks should also be added (and /logLevel if you object to comment
#1 above.)
# There's a few spots in the patch where you use 4-space indentation instead of
Hadoop's standard 2.
# The test should probably also include the case where admin access is required
and the user _is_ listed as an admin.
> Allow configuration of authorization for JmxJsonServlet and MetricsServlet
> --------------------------------------------------------------------------
>
> Key: HADOOP-8343
> URL: https://issues.apache.org/jira/browse/HADOOP-8343
> Project: Hadoop Common
> Issue Type: New Feature
> Components: util
> Affects Versions: 2.0.0
> Reporter: Philip Zeyliger
> Assignee: Alejandro Abdelnur
> Attachments: HADOOP-8343.patch, HADOOP-8343.patch
>
>
> When using authorization for the daemons' web server, it would be useful to
> specifically control the authorization requirements for accessing /jmx and
> /metrics. Currently, they require administrative access. This JIRA would
> propose that whether or not they are available to administrators only or to
> all users be controlled by "hadoop.instrumentation.requires.administrator"
> (or similar). The default would be that administrator access is required.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
