[jira] [Updated] (KNOX-1872) Update Ranger service definitions to support trusted proxy

Tue, 04 Jun 2019 12:21:06 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-1872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kevin Risden updated KNOX-1872:
-------------------------------
    Summary: Update Ranger service definitions to support trusted proxy  (was: 
Update service.xml for Ranger services to support trusted proxy)

> Update Ranger service definitions to support trusted proxy
> ----------------------------------------------------------
>
>                 Key: KNOX-1872
>                 URL: https://issues.apache.org/jira/browse/KNOX-1872
>             Project: Apache Knox
>          Issue Type: New Feature
>          Components: Server
>            Reporter: Sailaja Polavarapu
>            Assignee: Sailaja Polavarapu
>            Priority: Major
>             Fix For: 1.3.0
>
>         Attachments: 
> 0001-KNOX-1872-Update-service.xml-for-Ranger-UI-service-t.patch
>
>
> In order to support knox trusted proxy for Ranger UI, corresponding 
> service.xml need to be updated. That way, the request will contain doAs in 
> the request parameter as well as the corresponding tokens instead of basic 
> auth credentials of end user.
> Also, add new version of the service definition that defaults to trusted 
> proxy for both Ranger UI & Ranger Admin APIs.
> Following is the sample service.xml for ranger UI trusted proxy testing:
> <service role="RANGERUI" name="rangerui" version="0.5.0">
> <policies>
> <policy role="webappsec"/>
> *{color:#de350b}<policy role="authentication" />{color}*
> <policy role="rewrite"/>
> <policy role="identity-assertion"/>
> <policy role="authorization"/>
> </policies>
> <routes>
> <route path="/ranger">
> <rewrite apply="RANGERUI/rangerui/inbound/root" to="request.url"/>
> <rewrite apply="RANGERUI/rangerui/outbound/links" to="response.body"/>
> <rewrite apply="RANGERUI/rangerui/outbound/headers" to="response.headers"/>
> </route>
> <route path="/ranger/**">
> <rewrite apply="RANGERUI/rangerui/inbound/path" to="request.url"/>
> <rewrite apply="RANGERUI/rangerui/outbound/links" to="response.body"/>
> <rewrite apply="RANGERUI/rangerui/outbound/headers" to="response.headers"/>
> </route>
> <route path="/ranger/**?**">
> <rewrite apply="RANGERUI/rangerui/inbound/query" to="request.url"/>
> <rewrite apply="RANGERUI/rangerui/outbound/links" to="response.body"/>
> <rewrite apply="RANGERUI/rangerui/outbound/headers" to="response.headers"/>
> </route>
> </routes>
> <dispatch 
> classname="{color:#de350b}*org.apache.knox.gateway.dispatch.DefaultDispatch*{color}"/>
> </service> 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to