Shield the kill function of storm UI

Today, a storm topology is killed, but no one can find it. Storm UI has the kill topology function, but has no permission verification, in this way, anyone who knows the UI address can kill topology, which is dangerous. Consider disable this action.

There are two methods:

1. nginx is added to the front end for Location

Analyze the UI page, corresponding to the kill button, and the action in HTML is:

<input enabled="" onclick="confirmAction(‘xxxxxxxxxx‘, ‘xxxxxxxx‘, ‘kill‘, true, 30)" type="button" value="Kill">

The confirmaction method of JS is called. This method exists in storm-core/src/UI/public/JS/script. js,

The method is defined as follows:

function confirmAction(id, name, action, wait, defaultWait) {    var opts = {        type:‘POST‘,        url:‘/topology/‘ + id + ‘/‘ + action    };    if (wait) {        var waitSecs = prompt(‘Do you really want to ‘ + action + ‘ topology "‘ + name + ‘"? ‘ +                              ‘If yes, please, specify wait time in seconds:‘,                              defaultWait);        if (waitSecs != null && waitSecs != "" && ensureInt(waitSecs)) {            opts.url += ‘/‘ + waitSecs;        } else {            return false;        }    } else if (!confirm(‘Do you really want to ‘ + action + ‘ topology "‘ + name + ‘"?‘)) {        return false;    }    $("input[type=button]").attr("disabled", "disabled");    $.ajax(opts).always(function () {        window.location.reload();    }).fail(function () {        alert("Error while communicating with Nimbus.")    });    return false;}

The method is divided into two steps: generate the URL of the POST request, in the format of '/topology/' + ID + '/' + Action + '/' + waitsecs, here, action is kill, and waitsecs is the time manually filled in when the kill is triggered, for example, 30 s. The final URL format is as follows:

/topology/xxxxx/kill/xxxx

The second step is to trigger an Ajax request according to this setting. Here we only need to care about the first step. Set nginx as follows:

upstream storm {            server  127.0.0.1:8888 weight=3 max_fails=3 fail_timeout=5s;}    server {                    server_name storm.xxx.com;                            listen 80;                                proxy_set_header Host $host;                                proxy_read_timeout 3600;                                proxy_set_header X-Forwarded-For  $remote_addr;                                access_log /var/log/nginx/storm.access.log main;                                error_log  /var/log/nginx/storm.error.log debug;                                location ~* /topology/(.*)/kill/(.*) {                                        return 403;                                        }                                location / {                                                proxy_pass http://storm;                                        }        }

In this way, the kill function of the front end can be blocked.

Pay attention to a detail, storm UI default port 8080, this port conflicts with the nm (See Bug https://github.com/yahoo/storm-yarn/issues/25), set storm. yaml UI. Port: 8888, and restart the UI.

2. Change the code and remove the action-related buttons.

Storm-core/src/UI/public/topology.html
Remove the following parts:

<div id="topology-actions">
It needs to be re-compiled and has not been tested yet ..
This article from the "Food light blog" blog, please be sure to keep this source http://caiguangguang.blog.51cto.com/1652935/1557514
Shield the kill function of storm UI