Apache
/
hbase
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HBASE-13085 Security issue in the implementation of Rest gataway 'doAs' proxy user support (Jerry He)

This commit is contained in:
Andrew Purtell 2015-02-24 10:18:17 -08:00
parent af848f8a71
commit c3a9c2a87f
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
hbase-rest/src/main/java/org/apache/hadoop/hbase/rest/RESTServletContainer.java
View File

@ -56,7 +56,8 @@ public class RESTServletContainer extends ServletContainer {
if (!servlet.supportsProxyuser()) { if (!servlet.supportsProxyuser()) {
throw new ServletException("Support for proxyuser is not configured"); throw new ServletException("Support for proxyuser is not configured");
} }
UserGroupInformation ugi = servlet.getRealUser(); // Authenticated remote user is attempting to do 'doAs' proxy user.
UserGroupInformation ugi = UserGroupInformation.createRemoteUser(request.getRemoteUser());
// create and attempt to authorize a proxy user (the client is attempting // create and attempt to authorize a proxy user (the client is attempting
// to do proxy user) // to do proxy user)
ugi = UserGroupInformation.createProxyUser(doAsUserFromQuery, ugi); ugi = UserGroupInformation.createProxyUser(doAsUserFromQuery, ugi);