Hey Bobby, Most of them go through the httpd web server in between which connects to the central ldap server. I missed that the login page & cookie logic for such apps is provided by the httpd webserver and a servlet filter doesn't do it.
Thanks, Jaydeep From: [email protected] At: 06/21/17 10:05:03 To: Jaydeep Karia (BLOOMBERG/ 919 3RD A), [email protected] Subject: Re: Storm UI topology administrative action buttons The issue is that LDAP is not directly a web technology, so I know of no way to simply integrate LDAP with storm. It would require not just a servlet filter but also a corresponding login page that would authenticate the user with LDAP and return a cookie that could be used in future requests for the servlet filter. Most companies already have a Single Sign On solution, like active directory, which provides LDAP integration and a landing page. Most single sign on solutions also provide a servlet filter because there are a lot of enterprise java applications. If all you have is LDAP how are other java web applications in your company authenticating users? - Bobby On Tuesday, June 20, 2017, 5:34:10 PM CDT, Jaydeep Karia (BLOOMBERG/ 919 3RD A) <[email protected]> wrote: Hello Storm Community! Currently any user that has access to the Storm UI can perform the topology administrative actions: Activate, Deactivate, Rebalance and Kill. To add authentication for these actions the security documentation in the git repo (https://github.com/apache/storm/blob/master/SECURITY.md) suggests using java servlet filters. It gives an example of how to use AuthenticationFilter from hadoop-auth using kerberos. Can we use LDAP instead? Can someone point me to a sample config. Thank you.
