[ https://issues.apache.org/jira/browse/HADOOP-10679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14359342#comment-14359342 ]
Haohui Mai commented on HADOOP-10679: ------------------------------------- The idea makes sense. It's good to have an auth filter that works for both RPC and WebUI. There is one loose end though: how will WebHDFS authorization be handled? I think that it is closely related to what eventually happens in HDFS-5796. Therefore it might make sense to settle HDFS-5796 first and revisit this one. > Authorize webui access using ServiceAuthorizationManager > -------------------------------------------------------- > > Key: HADOOP-10679 > URL: https://issues.apache.org/jira/browse/HADOOP-10679 > Project: Hadoop Common > Issue Type: Sub-task > Components: security > Reporter: Benoy Antony > Assignee: Benoy Antony > Attachments: HADOOP-10679.patch, HADOOP-10679.patch, hadoop-10679.pdf > > > Currently accessing Hadoop via RPC can be authorized using > _ServiceAuthorizationManager_. But there is no uniform authorization of the > HTTP access. Some of the servlets check for admin privilege. > This creates an inconsistency of authorization between access via RPC vs > HTTP. > The fix is to enable authorization of the webui access also using > _ServiceAuthorizationManager_. -- This message was sent by Atlassian JIRA (v6.3.4#6332)