[ https://issues.apache.org/jira/browse/STORM-446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14343356#comment-14343356 ]
ASF GitHub Bot commented on STORM-446: -------------------------------------- Github user revans2 commented on a diff in the pull request: https://github.com/apache/storm/pull/448#discussion_r25613390 --- Diff: storm-core/src/clj/backtype/storm/ui/core.clj --- @@ -45,28 +45,46 @@ (def ^:dynamic *STORM-CONF* (read-storm-config)) (def ^:dynamic *UI-ACL-HANDLER* (mk-authorization-handler (*STORM-CONF* NIMBUS-AUTHORIZER) *STORM-CONF*)) +(def ^:dynamic *UI-IMPERSONATION-HANDLER* (mk-authorization-handler (*STORM-CONF* NIMBUS-IMPERSONATION-AUTHORIZER) *STORM-CONF*)) (def http-creds-handler (AuthUtils/GetUiHttpCredentialsPlugin *STORM-CONF*)) (defmacro with-nimbus [nimbus-sym & body] - `(thrift/with-nimbus-connection - [~nimbus-sym (*STORM-CONF* NIMBUS-HOST) (*STORM-CONF* NIMBUS-THRIFT-PORT)] - ~@body)) + `(let [context# (ReqContext/context) + user# (if (.principal context#) (.getName (.principal context#)))] + (thrift/with-nimbus-connection-as-user + [~nimbus-sym (*STORM-CONF* NIMBUS-HOST) (*STORM-CONF* NIMBUS-THRIFT-PORT) user#] + ~@body))) (defn assert-authorized-user ([servlet-request op] (assert-authorized-user servlet-request op nil)) ([servlet-request op topology-conf] - (if http-creds-handler (.populateContext http-creds-handler (ReqContext/context) servlet-request)) - (if *UI-ACL-HANDLER* - (let [context (ReqContext/context)] - (if-not (.permit *UI-ACL-HANDLER* context op topology-conf) - (let [principal (.principal context) - user (if principal (.getName principal) "unknown")] - (throw (AuthorizationException. - (str "UI request '" op "' for '" - user "' user is not authorized"))))))))) + (let [context (ReqContext/context)] + (if http-creds-handler (.populateContext http-creds-handler context servlet-request)) + + (if (.isImpersonating context) + (if *UI-IMPERSONATION-HANDLER* + (if-not (.permit *UI-IMPERSONATION-HANDLER* context op topology-conf) + (let [principal (.principal context) + real-principal (.realPrincipal context) + user (if principal (.getName principal) "unknown") + real-user (if real-principal (.getName real-principal) "unknown") + remote-address (.remoteAddress context)] + (throw (AuthorizationException. + (str "user '" real-user "' is not authorized to impersonate user '" user "' from host '" remote-address "'. Please + see SECURITY.MD to learn how to configure impersonation ACL."))))) + (log-warn " principal " (.realPrincipal context) " is trying to impersonate " (.principal context) " but " --- End diff -- Again do we want to fail open or fail closed? > secure Impersonation in storm > ----------------------------- > > Key: STORM-446 > URL: https://issues.apache.org/jira/browse/STORM-446 > Project: Apache Storm > Issue Type: Improvement > Reporter: Sriharsha Chintalapani > Assignee: Parth Brahmbhatt > Labels: Security > > Storm security adds features of authenticating with kerberos and than uses > that principal and TGT as way to authorize user operations, topology > operation. Currently Storm UI user needs to be part of nimbus.admins to get > details on user submitted topologies. Ideally storm ui needs to take > authenticated user principal to submit requests to nimbus which will than > authorize the user rather than storm UI user. This feature will also benefit > superusers to impersonate other users to submit topologies in a secured way. -- This message was sent by Atlassian JIRA (v6.3.4#6332)