Author: lmccay
Date: Fri Nov 27 17:23:01 2015
New Revision: 1716902
URL: http://svn.apache.org/viewvc?rev=1716902&view=rev
Log:
fixed table for CORS in user guide 0.7.0
Modified:
knox/site/books/knox-0-7-0/user-guide.html
knox/trunk/books/0.7.0/config_webappsec_provider.md
Modified: knox/site/books/knox-0-7-0/user-guide.html
URL:
http://svn.apache.org/viewvc/knox/site/books/knox-0-7-0/user-guide.html?rev=1716902&r1=1716901&r2=1716902&view=diff
==============================================================================
--- knox/site/books/knox-0-7-0/user-guide.html (original)
+++ knox/site/books/knox-0-7-0/user-guide.html Fri Nov 27 17:23:01 2015
@@ -1934,12 +1934,33 @@ APACHE_HOME/bin/apachectl -k stop
</tr>
<tr>
<td>cors.supportedMethods</td>
- <td>{method-list} defaults to “GET, POST, HEAD, OPTIONS”.
List of the supported HTTP methods. These are advertised through the
Access-Control-Allow-Methods header and must also be implemented by the actual
CORS web service. Requests for methods not included here will be refused by the
CORS filter with an HTTP 405 “Method not allowed” response.</td>
- <td>“GET, POST, HEAD, OPTIONS”</td>
+ <td>{method-list} defaults to GET, POST, HEAD, OPTIONS. List of the
supported HTTP methods. These are advertised through the
Access-Control-Allow-Methods header and must also be implemented by the actual
CORS web service. Requests for methods not included here will be refused by the
CORS filter with an HTTP 405 “Method not allowed” response.</td>
+ <td>GET, POST, HEAD, OPTIONS</td>
</tr>
<tr>
- <td>cors.supportedHeaders </td>
- <td>{"*"|header-list} defaults to *. The names of the
supported author request headers. These are advertised through the
Access-Control-Allow-Headers header. If the configuration property value is set
to * (asterisk) any author request header will be allowed. The CORS Filter
implements this by simply echoing the requested value back to the browser. What
is an author request header? This any custom header set by the browser
JavaScript application through the XMLHttpRequest.setRequestHeader()
method.|“*” cors.exposedHeaders | {header-list} defaults to empty
list. List of the response headers other than simple response headers that the
browser should expose to the author of the cross-domain request through the
XMLHttpRequest.getResponseHeader() method. The CORS filter supplies this
information through the Access-Control-Expose-Headers header.| empty
cors.supportsCredentials | {true|false} defaults to true. Indicates whether
user credentials, such as cookies,
HTTP authentication or client-side certificates, are supported. The CORS
filter uses this value in constructing the Access-Control-Allow-Credentials
header.|true cors.maxAge | {int} defaults to -1 (unspecified). Indicates how
long the results of a preflight request can be cached by the web browser, in
seconds. If -1 unspecified. This information is passed to the browser via the
Access-Control-Max-Age header.| -1 cors.tagRequests| {true|false} defaults to
false (no tagging). Enables HTTP servlet request tagging to provide CORS
information to downstream handlers (filters and/or servlets).| false</td>
+ <td>cors.supportedHeaders</td>
+ <td>{“*”|header-list} defaults to *. The names of the
supported author request headers. These are advertised through the
Access-Control-Allow-Headers header. If the configuration property value is set
to * (asterisk) any author request header will be allowed. The CORS Filter
implements this by simply echoing the requested value back to the browser.</td>
+ <td>*</td>
+ </tr>
+ <tr>
+ <td>cors.exposedHeaders </td>
+ <td>{header-list} defaults to empty list. List of the response headers
other than simple response headers that the browser should expose to the author
of the cross-domain request through the XMLHttpRequest.getResponseHeader()
method. The CORS filter supplies this information through the
Access-Control-Expose-Headers header.</td>
+ <td>empty</td>
+ </tr>
+ <tr>
+ <td>cors.supportsCredentials </td>
+ <td>{true|false} defaults to true. Indicates whether user credentials,
such as cookies, HTTP authentication or client-side certificates, are
supported. The CORS filter uses this value in constructing the
Access-Control-Allow-Credentials header.</td>
+ <td>true</td>
+ </tr>
+ <tr>
+ <td>cors.maxAge </td>
+ <td>{int} defaults to -1 (unspecified). Indicates how long the results
of a preflight request can be cached by the web browser, in seconds. If -1
unspecified. This information is passed to the browser via the
Access-Control-Max-Age header.</td>
+ <td>-1</td>
+ </tr>
+ <tr>
+ <td>cors.tagRequests</td>
+ <td>{true|false} defaults to false (no tagging). Enables HTTP servlet
request tagging to provide CORS information to downstream handlers (filters
and/or servlets).</td>
+ <td>false</td>
</tr>
</tbody>
</table><h3><a id="Preauthenticated+SSO+Provider">Preauthenticated SSO
Provider</a> <a href="#Preauthenticated+SSO+Provider"><img
src="markbook-section-link.png"/></a></h3><p>A number of SSO solutions provide
mechanisms for federating an authenticated identity across applications. These
mechanisms are at times simple HTTP Header type tokens that can be used to
propagate the identity across process boundaries.</p><p>Knox Gateway needs a
pluggable mechanism for consuming these tokens and federating the asserted
identity through an interaction with the Hadoop cluster.
</p><p><strong>CAUTION: The use of this provider requires that proper network
security and identity provider configuration and deployment does not allow
requests directly to the Knox gateway. Otherwise, this provider will leave the
gateway exposed to identity spoofing.</strong></p><h4><a
id="Configuration">Configuration</a> <a href="#Configuration"><img
src="markbook-section-link.png"/></a></h4><h5><a id="Overview">Overvi
ew</a> <a href="#Overview"><img
src="markbook-section-link.png"/></a></h5><p>This provider was designed for use
with identity solutions such as those provided by CA’s SiteMinder and
IBM’s Tivoli Access Manager. While direct testing with these products has
not been done, there has been extensive unit and functional testing that ensure
that it should work with such providers.</p><p>The HeaderPreAuth provider is
configured within the topology file and has a minimal configuration that
assumes SM_USER for CA SiteMinder. The following example is the bare minimum
configuration for SiteMinder (with no IP address validation).</p>
Modified: knox/trunk/books/0.7.0/config_webappsec_provider.md
URL:
http://svn.apache.org/viewvc/knox/trunk/books/0.7.0/config_webappsec_provider.md?rev=1716902&r1=1716901&r2=1716902&view=diff
==============================================================================
--- knox/trunk/books/0.7.0/config_webappsec_provider.md (original)
+++ knox/trunk/books/0.7.0/config_webappsec_provider.md Fri Nov 27 17:23:01 2015
@@ -83,10 +83,10 @@ Name | Description | Default
---------|-----------
cors.enabled|This param enables the CORS capabilities|false
cors.allowGenericHttpRequests|{true\|false} defaults to true. If true generic
HTTP requests will be allowed to pass through the filter, else only valid and
accepted CORS requests will be allowed (strict CORS filtering).|true
-cors.allowOrigin|{"\*"\|origin-list} defaults to "\*". Whitespace-separated
list of origins that the CORS filter must allow. Requests from origins not
included here will be refused with an HTTP 403 "Forbidden" response. If set to
* (asterisk) any origin will be allowed.|"\*"
+cors.allowOrigin|{"\*"\|origin-list} defaults to "\*". Whitespace-separated
list of origins that the CORS filter must allow. Requests from origins not
included here will be refused with an HTTP 403 "Forbidden" response. If set to
\* (asterisk) any origin will be allowed.|"\*"
cors.allowSubdomains|{true\|false} defaults to false. If true the CORS filter
will allow requests from any origin which is a subdomain origin of the allowed
origins. A subdomain is matched by comparing its scheme and suffix (host name /
IP address and optional port number).|false
-cors.supportedMethods|{method-list} defaults to "GET, POST, HEAD, OPTIONS".
List of the supported HTTP methods. These are advertised through the
Access-Control-Allow-Methods header and must also be implemented by the actual
CORS web service. Requests for methods not included here will be refused by the
CORS filter with an HTTP 405 "Method not allowed" response.| "GET, POST, HEAD,
OPTIONS"
-cors.supportedHeaders |{"*"\|header-list} defaults to *. The names of the
supported author request headers. These are advertised through the
Access-Control-Allow-Headers header. If the configuration property value is set
to * (asterisk) any author request header will be allowed. The CORS Filter
implements this by simply echoing the requested value back to the browser. What
is an author request header? This any custom header set by the browser
JavaScript application through the XMLHttpRequest.setRequestHeader()
method.|"\*"
+cors.supportedMethods|{method-list} defaults to GET, POST, HEAD, OPTIONS. List
of the supported HTTP methods. These are advertised through the
Access-Control-Allow-Methods header and must also be implemented by the actual
CORS web service. Requests for methods not included here will be refused by the
CORS filter with an HTTP 405 "Method not allowed" response.| GET, POST, HEAD,
OPTIONS
+cors.supportedHeaders|{"\*"\|header-list} defaults to \*. The names of the
supported author request headers. These are advertised through the
Access-Control-Allow-Headers header. If the configuration property value is set
to \* (asterisk) any author request header will be allowed. The CORS Filter
implements this by simply echoing the requested value back to the browser.|\*
cors.exposedHeaders | {header-list} defaults to empty list. List of the
response headers other than simple response headers that the browser should
expose to the author of the cross-domain request through the
XMLHttpRequest.getResponseHeader() method. The CORS filter supplies this
information through the Access-Control-Expose-Headers header.| empty
cors.supportsCredentials | {true\|false} defaults to true. Indicates whether
user credentials, such as cookies, HTTP authentication or client-side
certificates, are supported. The CORS filter uses this value in constructing
the Access-Control-Allow-Credentials header.|true
cors.maxAge | {int} defaults to -1 (unspecified). Indicates how long the
results of a preflight request can be cached by the web browser, in seconds. If
-1 unspecified. This information is passed to the browser via the
Access-Control-Max-Age header.| -1
