Chinmay N Hegde created RANGER-5539:
---------------------------------------
Summary: Add Authorisation Check for doAsUser Parameter
Key: RANGER-5539
URL: https://issues.apache.org/jira/browse/RANGER-5539
Project: Ranger
Issue Type: Sub-task
Components: Ranger, ranger-authn
Reporter: Chinmay N Hegde
Assignee: Chinmay N Hegde
Currently {{RangerJwtAuthHandler}} accepts the {{doAsUser}} value directly from
the incoming request and uses it to establish the authenticated user identity
without performing any validation.
So the user should be validated for impersonation permission on {{doAsUser}}
parameter.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
