[
https://issues.apache.org/jira/browse/HADOOP-10679?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14359342#comment-14359342
]
Haohui Mai commented on HADOOP-10679:
-------------------------------------
The idea makes sense. It's good to have an auth filter that works for both RPC
and WebUI.
There is one loose end though: how will WebHDFS authorization be handled? I
think that it is closely related to what eventually happens in HDFS-5796.
Therefore it might make sense to settle HDFS-5796 first and revisit this one.
> Authorize webui access using ServiceAuthorizationManager
> --------------------------------------------------------
>
> Key: HADOOP-10679
> URL: https://issues.apache.org/jira/browse/HADOOP-10679
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: security
> Reporter: Benoy Antony
> Assignee: Benoy Antony
> Attachments: HADOOP-10679.patch, HADOOP-10679.patch, hadoop-10679.pdf
>
>
> Currently accessing Hadoop via RPC can be authorized using
> _ServiceAuthorizationManager_. But there is no uniform authorization of the
> HTTP access. Some of the servlets check for admin privilege.
> This creates an inconsistency of authorization between access via RPC vs
> HTTP.
> The fix is to enable authorization of the webui access also using
> _ServiceAuthorizationManager_.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
