[jira] [Commented] (KNOX-1559) Create Dispatch implementation that is configurable via service.xml file

Mon, 19 Nov 2018 14:31:52 -0800 


    [ 
https://issues.apache.org/jira/browse/KNOX-1559?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16692368#comment-16692368
 ] 

Robert Levas commented on KNOX-1559:
------------------------------------

[~risdenk]..

For exclude headers, does that mean exclude from passing through the proxy... 
or exclude altogether?  

For example in a trusted proxy scenario, the user will authenticate using basic 
auth to Knox.  Knox will then forward the request on to the destination 
service.  Ideally excluding the original Authorization header.  However Knox 
may or may not provide its own Authorization header. In the case of Kerberos 
authentication, Knox will want to wait for a challenge from the destination 
service.  So not Authorization header will be sent. Then after the challenge is 
received, Knox will send it Kerberos token.

   

> Create Dispatch implementation that is configurable via service.xml file
> ------------------------------------------------------------------------
>
>                 Key: KNOX-1559
>                 URL: https://issues.apache.org/jira/browse/KNOX-1559
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Robert Levas
>            Assignee: Kevin Risden
>            Priority: Major
>              Labels: ambari
>             Fix For: 1.3.0
>
>         Attachments: KNOX-1559.patch
>
>
> Create a {{org.apache.knox.gateway.dispatch.Dispatch}} implementation that is 
> configurable via metadata file (for example, {{service.xml}}).   Configurable 
> parameters should be 
> * headers to exclude when forwarding requests
> * whether parameters should URL-encoded or not
> Such an implementation should be able to make at least the following Dispatch 
> implementations obsolete:
> * org.apache.knox.gateway.dispatch.PassAllHeadersNoEncodingDispatch
> * org.apache.knox.gateway.dispatch.PassAllHeadersDispatch
> A possible declaration could be:
> {code}
>     <dispatch 
> classname="org.apache.knox.gateway.dispatch.ConfigurableDispatch">
>        <property>
>            <name>excludeHeaders<name>
>            <value>Authorization, Content-Length</value>
>        </property>
>        <property>
>            <name>removeUrlEncoding<name>
>            <value>false</value>
>        </property>
>     </dispatch>
> {code}
> Or maybe
> {code}
>     <dispatch 
> classname="org.apache.knox.gateway.dispatch.ConfigurableDispatch" 
> removeUrlEncoding="true" excludeHeaders="Authorization, Content-Length" />
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to