[
https://issues.apache.org/jira/browse/OOZIE-1498?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Eugene Shevchuk updated OOZIE-1498:
-----------------------------------
Attachment: (was: fix_1498.patch)
> Any user is allowed to manage job not as owner
> ----------------------------------------------
>
> Key: OOZIE-1498
> URL: https://issues.apache.org/jira/browse/OOZIE-1498
> Project: Oozie
> Issue Type: Bug
> Reporter: Eugene Shevchuk
> Assignee: Eugene Shevchuk
> Attachments: fix_1498.patch
>
>
> The problem was that anonymous users are enabled in oozie configuration. It
> can lead to the following problem. When user's token is expired
> PseudoAuthenticationHandler searches for user.name parameter in request.
> Obviously, it can't find it because client doesn't know anything about
> expired token. So auth handler assumes that user is anonymous and return
> anonymous token with username=null. Oozie server can't deal with doAs
> parameter and anonymous request simultaneously because 500 error will occur
> (user is null). By default this option is disabled so any user can manage any
> job. Now it's disabled by default
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
