[jira] [Commented] (STORM-446) secure Impersonation in storm

Robert Joseph Evans (JIRA) Tue, 24 Feb 2015 07:07:04 -0800

    [ 
https://issues.apache.org/jira/browse/STORM-446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14334970#comment-14334970
 ]


Robert Joseph Evans commented on STORM-446:
-------------------------------------------

I really would like to use the built in SASL mechanism for impersonation.  Yes 
it is on a per-connection basis so it cannot be changed mid stream, but I think 
that is really OK.  ZK is the only protocol that I know of that allows you to 
change who you are mid-connection.  To avoid passing around a UGI object we do 
something very similar to the security context

https://github.com/apache/storm/blob/master/storm-core/src/jvm/backtype/storm/security/auth/ReqContext.java

we store the principal in the ReqContext which has a thread specific user 
stored in there.  

https://github.com/apache/storm/blob/master/storm-core/src/jvm/backtype/storm/security/auth/SimpleTransportPlugin.java
https://github.com/apache/storm/blob/master/storm-core/src/jvm/backtype/storm/security/auth/SaslTransportPlugin.java
https://github.com/apache/storm/blob/master/storm-core/src/jvm/backtype/storm/security/auth/IHttpCredentialsPlugin.java

are where we do this for various transport mechanisms.  We don't do it as a 
real principal in the security context to avoid situations where credentials 
might be mixed up between nimbus and the user we are acting on behalf of.

If you need some examples to make the SASL impersonation code work, I know 
hadoop does some of this, and I can talk to our local expert for more examples 
if you like.

> secure Impersonation in storm
> -----------------------------
>
>                 Key: STORM-446
>                 URL: https://issues.apache.org/jira/browse/STORM-446
>             Project: Apache Storm
>          Issue Type: Improvement
>            Reporter: Sriharsha Chintalapani
>            Assignee: Parth Brahmbhatt
>              Labels: Security
>
> Storm security adds features of authenticating with kerberos and than uses 
> that principal and TGT as way to authorize user operations, topology 
> operation. Currently Storm UI user needs to be part of nimbus.admins to get 
> details on user submitted topologies. Ideally storm ui needs to take 
> authenticated user  principal to submit requests to nimbus which will than 
> authorize the user rather than storm UI user. This feature will also benefit 
> superusers to impersonate other users to submit topologies in a secured way.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (STORM-446) secure Impersonation in storm

Reply via email to