[jira] [Commented] (STORM-446) secure Impersonation in storm

[Parth Brahmbhatt (JIRA)]

    [ 
https://issues.apache.org/jira/browse/STORM-446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14334154#comment-14334154
 ] 

Parth Brahmbhatt commented on STORM-446:
----------------------------------------

[~revans2] [~harsha_ch] I wanted to check with you guys if the following 
approach makes sense to support this feature I tried to do the following:

* Added an API in StormSubmitter , *submitTopologyAs* which takes all the usual 
params + String doAsUser. 
* Authenticate using the keytab in the jaas.conf.
* Create a new subject using the doAsUser as the principal, make the server 
side call as a privileged action with this subject. 
{code:java}
Nimbus.Client client = NimbusClient.getConfiguredClient(conf).getClient();
User proxyUser = new User(doAsUser);
Subject subject = new Subject();
subject.getPrincipals().add(proxyUser);
Subject.doAs(subject, new PrivilegedAction<Object>() {
            @Override
            public Object run() {
                client.submitTopology(args);
            }
        })
{code}

I originally thought sasl would forward the principal from the current thread 
context's subject to the server but on the server side *String authId = 
saslServer.getAuthorizationID();* still returns the original authenticated Id 
that was sent as part of connection establishment. 

I dont want to modify all the APIs to include a UserGroupInfomration 
look-a-like param but looking at the hadoop implementation it seems hadoop also 
passes the UGI as part of the RPC call that they make. Do you guys have any 
other alternative ideas that does not involve changing all the thrift APIS?

> secure Impersonation in storm
> -----------------------------
>
>                 Key: STORM-446
>                 URL: https://issues.apache.org/jira/browse/STORM-446
>             Project: Apache Storm
>          Issue Type: Improvement
>            Reporter: Sriharsha Chintalapani
>            Assignee: Parth Brahmbhatt
>              Labels: Security
>
> Storm security adds features of authenticating with kerberos and than uses 
> that principal and TGT as way to authorize user operations, topology 
> operation. Currently Storm UI user needs to be part of nimbus.admins to get 
> details on user submitted topologies. Ideally storm ui needs to take 
> authenticated user  principal to submit requests to nimbus which will than 
> authorize the user rather than storm UI user. This feature will also benefit 
> superusers to impersonate other users to submit topologies in a secured way.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)