Hello Tomasz, Thanks for your interest with this ! While working on KNOX-895 <https://issues.apache.org/jira/browse/KNOX-895> I have been thinking about this, as a result of which I have been asking myself few questions:
1. Are there are any clients out there which support Basic Auth for Websocket ? from my brief search I could not find any. 2. The specs <https://tools.ietf.org/html/rfc6455#section-10.5> do mention that one could use HTTP Auth, if we do this we need to make sure we do not break other existing services. 3. For now, when a WS request is made, Knox's Websocket handler is invoked skipping the security framework (servlet based), this part needs to be revisited to make sure there is no duplication of code. 4. Some of the things, such as policies, makes sense for HTTP but not for WebSocket how do we pick and choose these things. These are some of the questions to think about. Following are the answers to your question 1. IMO this should go in 0.14.0 / 1.0.0 2. Are you wanting to backport this to 0.12.0 ? If you are looking to port it back in an HDP release, you might want to open a ticket with HDP folks. 3. You might want to take this up to the HDP folks, once you have a patch out, we can get it reviewed, tested and put it in 0.14.0 / 1.0.0 4. I am sorry but I did not understand the question, do you wish to add this new change to Knox or you want to fork Knox and install a separate fork. I am not sure how Ambari manages separate versions but I presume there is a way to do that, may be someone knowledgeable in Ambari can answer this question. 5. Sure, you can start with gateway-server module, look for "org.apache.hadoop.gateway.websockets" package. Best, Sandeep On Wed, Oct 11, 2017 at 11:55 AM, Tomasz Uliński < [email protected]> wrote: > Hello, > > I'd like to fork Knox and add authentication functionality for websocket > connections. > Here is a StackOverflow question ( > https://stackoverflow.com/q/46589806/4177726) describing what I'd like to > achieve. > We use Knox 0.12.0 from HDP 2.6.2.0-205. > > I have following questions: > 1. Which version should we enhance with websocket authentication > functionality in order to use it along with other HDP 2.6.2 components? We > want to fork a stable version, but we are wondering whether we should stick > with 0.12.0 or move to 0.13.0. > 2. How fast can it happen to merge our changes to official version of Knox > (e.g. to release it as 0.12.1)? > 3. How fast it could be included into HDP release (e.g. 2.6.3)? > 4. What way of deployment of our enhanced Knox version you'd recommend > before our changes will be accepted and released? Is it possible to force > Ambari to manage different version of the particular component (in our case > Knox version built on our own)? > 5. I cloned Knox git repo. In which module I should make changes to add > websocket auth functionality? Any advice related to particular classes will > be very helpful for me. > > Looking forward for your recommendations. > Best, > Tomasz Ulinski >
