[ 
https://issues.apache.org/jira/browse/MAPREDUCE-1455?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12836564#action_12836564
 ] 

Vinod K V commented on MAPREDUCE-1455:
--------------------------------------

> What about the configuration webinterface.private.actions?
>>> We need to think of this more and decide.
Let's open a new issue.

> The variable 'conf' should actually be removed
>>> So would it be better to handle this in MAPREDUCE-1493 as that is using 
>>> getJobInfo() and in turn this "conf" variable ?
+1

> Make it something like JSPUtil.checkAccessAndDoOperation(JobOperation).
>>> Hmm. This may make the method checkAccessAndDoOperation() complex
OK. We'll leave it as is.

> Authorization for servlets
> --------------------------
>
>                 Key: MAPREDUCE-1455
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-1455
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: jobtracker, security, tasktracker
>            Reporter: Devaraj Das
>            Assignee: Ravi Gummadi
>             Fix For: 0.22.0
>
>         Attachments: 1455.patch, 1455.v1.patch
>
>
> This jira is about building the authorization for servlets (on top of 
> MAPREDUCE-1307). That is, the JobTracker/TaskTracker runs authorization 
> checks on web requests based on the configured job permissions. For e.g., if 
> the job permission is 600, then no one except the authenticated user can look 
> at the job details via the browser. The authenticated user in the servlet can 
> be obtained using the HttpServletRequest method.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to