[
https://issues.apache.org/jira/browse/HBASE-9866?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13811471#comment-13811471
]
Jimmy Xiang commented on HBASE-9866:
------------------------------------
bq. + Lock lock = locker.acquireLock(effectiveUser.get().getUserName());
Are we sure effectiveUser is always set even when SPENGO/security is not
enabled?
bq. final String doAsUserFromQuery = request.getParameter("doas");
Should we use parameter "doAs"?
Can we make sure there is no javadoc/findbugs warnings?
Another thing is that we have two proxy users. One is the user authenticated
with SPENGO. The other is the real user. We switch the proxy user in the
middle. Is this a security concern?
I was wondering if Knox should talks to HBase directly as a proxy, instead of
going through REST server as another level proxying?
[~toffer], any comments?
> Support the mode where REST server authorizes proxy users
> ---------------------------------------------------------
>
> Key: HBASE-9866
> URL: https://issues.apache.org/jira/browse/HBASE-9866
> Project: HBase
> Issue Type: Improvement
> Reporter: Devaraj Das
> Assignee: Devaraj Das
> Fix For: 0.96.1
>
> Attachments: 9866-1.txt
>
>
> In one use case, someone was trying to authorize with the REST server as a
> proxy user. That mode is not supported today.
> The curl request would be something like (assuming SPNEGO auth) -
> {noformat}
> curl -i --negotiate -u : http://<HOST>:<PORT>/version/cluster?doas=<USER>
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.1#6144)
