[ https://issues.apache.org/jira/browse/MAPREDUCE-1455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12832450#action_12832450 ]
Ravi Gummadi commented on MAPREDUCE-1455: ----------------------------------------- One more thing is /logs, /static, /stack, /conf, /logLevel etc. are not going through authorization as part of this JIRA. It needs changes in common and will be addressed in a separate JIRA. > Authorization for servlets > -------------------------- > > Key: MAPREDUCE-1455 > URL: https://issues.apache.org/jira/browse/MAPREDUCE-1455 > Project: Hadoop Map/Reduce > Issue Type: Sub-task > Components: jobtracker, security, tasktracker > Reporter: Devaraj Das > Assignee: Ravi Gummadi > Fix For: 0.22.0 > > > This jira is about building the authorization for servlets (on top of > MAPREDUCE-1307). That is, the JobTracker/TaskTracker runs authorization > checks on web requests based on the configured job permissions. For e.g., if > the job permission is 600, then no one except the authenticated user can look > at the job details via the browser. The authenticated user in the servlet can > be obtained using the HttpServletRequest method. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.