[jira] [Updated] (STORM-3218) AuthorizedUserFilter should handle authorization exceptions better.
[ https://issues.apache.org/jira/browse/STORM-3218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Joseph Evans updated STORM-3218: --- Summary: AuthorizedUserFilter should handle authorization exceptions better. (was: Impersonation should not happen when checking security.) > AuthorizedUserFilter should handle authorization exceptions better. > --- > > Key: STORM-3218 > URL: https://issues.apache.org/jira/browse/STORM-3218 > Project: Apache Storm > Issue Type: Bug > Components: storm-webapp >Affects Versions: 2.0.0 >Reporter: Robert Joseph Evans >Assignee: Robert Joseph Evans >Priority: Major > > Sorry I missed this before when I added back in impersonation. The code that > gets the topology conf to validate if the user is allowed to make the given > REST call should not be doing impersonation because. I tested the code as a > single user, but the issue is that because the ReqContext is tied to a thread > if we don't clear/clean up the impersonation code properly the old user is > still in the ReqContext so when we try to get the conf we are doing it as the > wrong user and get an error. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (STORM-3218) AuthorizedUserFilter should handle authorization exceptions better.
[ https://issues.apache.org/jira/browse/STORM-3218?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] ASF GitHub Bot updated STORM-3218: -- Labels: pull-request-available (was: ) > AuthorizedUserFilter should handle authorization exceptions better. > --- > > Key: STORM-3218 > URL: https://issues.apache.org/jira/browse/STORM-3218 > Project: Apache Storm > Issue Type: Bug > Components: storm-webapp >Affects Versions: 2.0.0 >Reporter: Robert Joseph Evans >Assignee: Robert Joseph Evans >Priority: Major > Labels: pull-request-available > > Sorry I missed this before when I added back in impersonation. The code that > gets the topology conf to validate if the user is allowed to make the given > REST call should not be doing impersonation because. I tested the code as a > single user, but the issue is that because the ReqContext is tied to a thread > if we don't clear/clean up the impersonation code properly the old user is > still in the ReqContext so when we try to get the conf we are doing it as the > wrong user and get an error. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
