[
https://issues.apache.org/jira/browse/KNOX-1156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16308708#comment-16308708
]
Rick Kellogg edited comment on KNOX-1156 at 1/2/18 9:08 PM:
------------------------------------------------------------
Upon careful review, I have decided to leave this as WILL NOT FIX. The
ServiceDeploymentContributorBase class includes a number of methods related to
contributing filters for web app security, authentication, authorization, etc..
In each of these cases, the role alone is used for filtering. It does not
pass in a name for the provider. Changes to address this are just too
sensitive to touch from a risk perspective.
To be clear, one should only have a single instance of a provider listed in the
topology XML file. The "enabled" element does not really work and could
probably be removed from the ProviderPropertyInterpreter class. If specified
it might be worthwhile to display a warning message that the element is no
longer supported.
Another potential spot for correction could be done in the Topology.getProvider
method.
was (Author: rkellogg):
Upon careful review, I have decided to leave this as WILL NOT FIX. The
ServiceDeploymentContributorBase class includes a number of methods related to
contributing filters for web app security, authentication, authorization, etc..
In each of these cases, the role alone is used for filtering. It does not
pass in a name for the provider. Changes to address this are just too
sensitive to touch from a risk perspective.
To be clear, one should only have a single instance of a provider listed in the
topology XML file. The "enabled" element does not really work and could
probably be removed from the ProviderPropertyInterpreter class. If specified
it might be worthwhile to disable a warning message that the element is no
longer supported.
Another potential spot for correction could be done in the Topology.getProvider
method.
> Disabled / Multiple Providers Yield Broken Deployment
> -----------------------------------------------------
>
> Key: KNOX-1156
> URL: https://issues.apache.org/jira/browse/KNOX-1156
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.10.0, 0.11.0, 0.12.0, 0.13.0, 0.14.0
> Reporter: Rick Kellogg
> Assignee: Rick Kellogg
> Priority: Minor
> Fix For: 1.0.0
>
> Attachments: KNOX-1056.patch
>
>
> Within the topology XML file, the providers include an enabled element. If
> you include multiple providers with the same role the generated gateway.xml
> file might not include the enabled providers.
> In my specific example, I had two authentication providers. The first of
> which was disabled and the second was enabled. The second provider was
> ignored yielding no authentication provider in the gateway.xml and then
> subsequent use of the identity provider failed with a missing Subject.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
