Sailaja Polavarapu created KNOX-1872:
----------------------------------------
Summary: Update service.xml for Ranger UI service to support
trusted proxy
Key: KNOX-1872
URL: https://issues.apache.org/jira/browse/KNOX-1872
Project: Apache Knox
Issue Type: New Feature
Components: Server
Reporter: Sailaja Polavarapu
In order to support knox trusted proxy for Ranger UI, corresponding service.xml
need to be updated. That way, the request will contain doAs in the request
parameter as well as the corresponding tokens instead of basic auth credentials
of end user.
Also, add new version of the service definition that defaults to trusted proxy
for both Ranger UI & Ranger Admin APIs.
Following is the sample service.xml for ranger UI trusted proxy testing:
<service role="RANGERUI" name="rangerui" version="0.5.0">
<policies>
<policy role="webappsec"/>
*{color:#de350b}<policy role="authentication" />{color}*
<policy role="rewrite"/>
<policy role="identity-assertion"/>
<policy role="authorization"/>
</policies>
<routes>
<route path="/ranger">
<rewrite apply="RANGERUI/rangerui/inbound/root" to="request.url"/>
<rewrite apply="RANGERUI/rangerui/outbound/links" to="response.body"/>
<rewrite apply="RANGERUI/rangerui/outbound/headers" to="response.headers"/>
</route>
<route path="/ranger/**">
<rewrite apply="RANGERUI/rangerui/inbound/path" to="request.url"/>
<rewrite apply="RANGERUI/rangerui/outbound/links" to="response.body"/>
<rewrite apply="RANGERUI/rangerui/outbound/headers" to="response.headers"/>
</route>
<route path="/ranger/**?**">
<rewrite apply="RANGERUI/rangerui/inbound/query" to="request.url"/>
<rewrite apply="RANGERUI/rangerui/outbound/links" to="response.body"/>
<rewrite apply="RANGERUI/rangerui/outbound/headers" to="response.headers"/>
</route>
</routes>
<dispatch
classname="{color:#de350b}*org.apache.knox.gateway.dispatch.DefaultDispatch*{color}"/>
</service>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
