[ https://issues.apache.org/jira/browse/STORM-446?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14352146#comment-14352146 ]
ASF GitHub Bot commented on STORM-446: -------------------------------------- Github user harshach commented on a diff in the pull request: https://github.com/apache/storm/pull/448#discussion_r26007092 --- Diff: STORM-UI-REST-API.md --- @@ -32,6 +32,11 @@ You can use a tool such as `curl` to talk to the REST API: # Note: We assume ui.port is configured to the default value of 8080. $ curl http://<ui-host>:8080/api/v1/cluster/configuration +##Impersonating a user in secure environment +In a secure environment an authenticated user can impersonate another user. To impersonate a user the caller must pass +`doAsUser` param or header with value set to the user that the request needs to be performed as. Please see SECURITY.MD +to learn more about how to setup impersonation ACLs and authorization. The rest API uses the same configs and acls that +are used by nimbus. --- End diff -- can you add a curl example for this. > secure Impersonation in storm > ----------------------------- > > Key: STORM-446 > URL: https://issues.apache.org/jira/browse/STORM-446 > Project: Apache Storm > Issue Type: Improvement > Reporter: Sriharsha Chintalapani > Assignee: Parth Brahmbhatt > Labels: Security > > Storm security adds features of authenticating with kerberos and than uses > that principal and TGT as way to authorize user operations, topology > operation. Currently Storm UI user needs to be part of nimbus.admins to get > details on user submitted topologies. Ideally storm ui needs to take > authenticated user principal to submit requests to nimbus which will than > authorize the user rather than storm UI user. This feature will also benefit > superusers to impersonate other users to submit topologies in a secured way. -- This message was sent by Atlassian JIRA (v6.3.4#6332)