5fc1141f63
The Hadoop AccessControlList allows us to specify admins of the webUI via a list of users and/or groups. Admins of the WebUI can mutate the system, potentially seeing sensitive data or modifying the system. hbase.security.authentication.spnego.admin.users is a comma-separated list of users who are admins. hbase.security.authentication.spnego.admin.groups is a comma-separated list of groups whose membership are admins. Either of these configuration properties may also contain an asterisk (*) which denotes "any entity" (e.g user, group). Previously, when a user was denied from some endpoint that was designated for admins, they received an HTTP/401. In this case, it is more correct to return HTTP/403 as they were correctly authenticated, but they were disallowed from fetching the given resource. This commit incorporates this change. hbase.security.authentication.ui.config.protected also exists for users who have sensitive information stored in the Hadoop service configuration and want to limit access to this endpoint. By default, the Hadoop configuration endpoint is not protected and any authenticated user can access it. The test is based off of work by Nihal Jain in HBASE-20472. Co-authored-by: Nihal Jain <nihaljain.cs@gmail.com> Signed-off-by: Sean Busbey <busbey@apache.org> |
||
|---|---|---|
| .idea | ||
| bin | ||
| conf | ||
| dev-support | ||
| hbase-annotations | ||
| hbase-archetypes | ||
| hbase-assembly | ||
| hbase-build-configuration | ||
| hbase-checkstyle | ||
| hbase-client | ||
| hbase-common | ||
| hbase-endpoint | ||
| hbase-examples | ||
| hbase-external-blockcache | ||
| hbase-hadoop-compat | ||
| hbase-hadoop2-compat | ||
| hbase-hbtop | ||
| hbase-http | ||
| hbase-it | ||
| hbase-mapreduce | ||
| hbase-metrics | ||
| hbase-metrics-api | ||
| hbase-procedure | ||
| hbase-protocol | ||
| hbase-protocol-shaded | ||
| hbase-replication | ||
| hbase-resource-bundle | ||
| hbase-rest | ||
| hbase-rsgroup | ||
| hbase-server | ||
| hbase-shaded | ||
| hbase-shell | ||
| hbase-testing-util | ||
| hbase-thrift | ||
| hbase-zookeeper | ||
| src | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .pylintrc | ||
| .rubocop.yml | ||
| CHANGES.txt | ||
| LICENSE.txt | ||
| NOTICE.txt | ||
| README.txt | ||
| pom.xml | ||
README.txt
Apache HBase [1] is an open-source, distributed, versioned, column-oriented store modeled after Google' Bigtable: A Distributed Storage System for Structured Data by Chang et al.[2] Just as Bigtable leverages the distributed data storage provided by the Google File System, HBase provides Bigtable-like capabilities on top of Apache Hadoop [3]. To get started using HBase, the full documentation for this release can be found under the doc/ directory that accompanies this README. Using a browser, open the docs/index.html to view the project home page (or browse to [1]). The hbase 'book' at http://hbase.apache.org/book.html has a 'quick start' section and is where you should being your exploration of the hbase project. The latest HBase can be downloaded from an Apache Mirror [4]. The source code can be found at [5] The HBase issue tracker is at [6] Apache HBase is made available under the Apache License, version 2.0 [7] The HBase mailing lists and archives are listed here [8]. The HBase distribution includes cryptographic software. See the export control notice here [9]. 1. http://hbase.apache.org 2. http://research.google.com/archive/bigtable.html 3. http://hadoop.apache.org 4. http://www.apache.org/dyn/closer.cgi/hbase/ 5. https://hbase.apache.org/source-repository.html 6. https://hbase.apache.org/issue-tracking.html 7. http://hbase.apache.org/license.html 8. http://hbase.apache.org/mail-lists.html 9. https://hbase.apache.org/export_control.html