[
https://issues.apache.org/jira/browse/STORM-1096?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15362047#comment-15362047
]
Sriharsha Chintalapani commented on STORM-1096:
-----------------------------------------------
@revan2 any thoughts on above. This behavior seems to be inverse what we want.
{code}
user = storm-storm, principal = [email protected] is attempting to
impersonate user = ambari-server-storm
{code}
In above we should be listing ambari-server-storm in the
{code}
nimbus.impersonation.acl:
ambari-server-storm: // proxy user
users: [storm-storm, another-user] // wild-card can be
used
groups: [*] // should be optional
hosts: [*]
{code}
if the user is allowed to impersonate ambari-server-storm in above example we
should allow the principal and check if the principal (storm-storm) has access
to the requested resource.
currently we check if ambari-server-storm has access to the resources . IMO
current behavior doesn't seem to be right especially incase of proxy services.
> UI tries to impersonate wrong user when getting topology conf for
> authorization, impersonation is allowed by default
> --------------------------------------------------------------------------------------------------------------------
>
> Key: STORM-1096
> URL: https://issues.apache.org/jira/browse/STORM-1096
> Project: Apache Storm
> Issue Type: Bug
> Components: storm-core
> Affects Versions: 0.10.0
> Reporter: Robert Joseph Evans
> Assignee: Robert Joseph Evans
> Priority: Blocker
> Fix For: 0.10.0
>
>
> We have started using 0.10.0 under load and found a few issues around the UI
> and impersonation.
> The UI when trying to connect to nimbus will impersonate other users.
> Nimbus, by default allows impersonation and just outputs a warning message
> that it is allowed. We really should default to not allowing impersonation.
> having the authorizer configured by default does not hurt when running
> insecure because impersonation is not possible, but when security is enabled
> if someone forgets to set this config we are now insecure by default.
> If you do set all of that up correctly the UI now can impersonate the wrong
> user when connecting to nimbus.
> The UI decides which user to impersonate by pulling it from the request
> context. The requestContext is populated from the HttpRequest when
> assert-authorized-user is called. assert-authorized-user takes a
> topology-conf as a parameter. The only way to get this topology conf is to
> talk to nimbus, which will get the wrong user because the request context has
> not been populated yet.
> This just because a huge pain for users who way too often will not be able to
> see pages on the UI.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
