[
https://issues.apache.org/jira/browse/STORM-446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14352146#comment-14352146
]
ASF GitHub Bot commented on STORM-446:
--------------------------------------
Github user harshach commented on a diff in the pull request:
https://github.com/apache/storm/pull/448#discussion_r26007092
--- Diff: STORM-UI-REST-API.md ---
@@ -32,6 +32,11 @@ You can use a tool such as `curl` to talk to the REST
API:
# Note: We assume ui.port is configured to the default value of 8080.
$ curl http://<ui-host>:8080/api/v1/cluster/configuration
+##Impersonating a user in secure environment
+In a secure environment an authenticated user can impersonate another
user. To impersonate a user the caller must pass
+`doAsUser` param or header with value set to the user that the request
needs to be performed as. Please see SECURITY.MD
+to learn more about how to setup impersonation ACLs and authorization. The
rest API uses the same configs and acls that
+are used by nimbus.
--- End diff --
can you add a curl example for this.
> secure Impersonation in storm
> -----------------------------
>
> Key: STORM-446
> URL: https://issues.apache.org/jira/browse/STORM-446
> Project: Apache Storm
> Issue Type: Improvement
> Reporter: Sriharsha Chintalapani
> Assignee: Parth Brahmbhatt
> Labels: Security
>
> Storm security adds features of authenticating with kerberos and than uses
> that principal and TGT as way to authorize user operations, topology
> operation. Currently Storm UI user needs to be part of nimbus.admins to get
> details on user submitted topologies. Ideally storm ui needs to take
> authenticated user principal to submit requests to nimbus which will than
> authorize the user rather than storm UI user. This feature will also benefit
> superusers to impersonate other users to submit topologies in a secured way.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
