Robert Joseph Evans created STORM-1096:
------------------------------------------
Summary: UI tries to impersonate wrong user when getting topology
conf for authorization, impersonation is allowed by default
Key: STORM-1096
URL: https://issues.apache.org/jira/browse/STORM-1096
Project: Apache Storm
Issue Type: Bug
Components: storm-core
Affects Versions: 0.10.0
Reporter: Robert Joseph Evans
Assignee: Robert Joseph Evans
Priority: Blocker
We have started using 0.10.0 under load and found a few issues around the UI
and impersonation.
The UI when trying to connect to nimbus will impersonate other users. Nimbus,
by default allows impersonation and just outputs a warning message that it is
allowed. We really should default to not allowing impersonation. having the
authorizer configured by default does not hurt when running insecure because
impersonation is not possible, but when security is enabled if someone forgets
to set this config we are now insecure by default.
If you do set all of that up correctly the UI now can impersonate the wrong
user when connecting to nimbus.
The UI decides which user to impersonate by pulling it from the request
context. The requestContext is populated from the HttpRequest when
assert-authorized-user is called. assert-authorized-user takes a topology-conf
as a parameter. The only way to get this topology conf is to talk to nimbus,
which will get the wrong user because the request context has not been
populated yet.
This just because a huge pain for users who way too often will not be able to
see pages on the UI.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
