[
https://issues.apache.org/jira/browse/KNOX-1872?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Kevin Risden updated KNOX-1872:
-------------------------------
Description:
In order to support knox trusted proxy for Ranger UI, corresponding service.xml
need to be updated. That way, the request will contain doAs in the request
parameter as well as the corresponding tokens instead of basic auth credentials
of end user.
Also, add new version of the service definition that defaults to trusted proxy
for both Ranger UI & Ranger Admin APIs.
was:
In order to support knox trusted proxy for Ranger UI, corresponding service.xml
need to be updated. That way, the request will contain doAs in the request
parameter as well as the corresponding tokens instead of basic auth credentials
of end user.
Also, add new version of the service definition that defaults to trusted proxy
for both Ranger UI & Ranger Admin APIs.
Following is the sample service.xml for ranger UI trusted proxy testing:
<service role="RANGERUI" name="rangerui" version="0.5.0">
<policies>
<policy role="webappsec"/>
*{color:#de350b}<policy role="authentication" />{color}*
<policy role="rewrite"/>
<policy role="identity-assertion"/>
<policy role="authorization"/>
</policies>
<routes>
<route path="/ranger">
<rewrite apply="RANGERUI/rangerui/inbound/root" to="request.url"/>
<rewrite apply="RANGERUI/rangerui/outbound/links" to="response.body"/>
<rewrite apply="RANGERUI/rangerui/outbound/headers" to="response.headers"/>
</route>
<route path="/ranger/**">
<rewrite apply="RANGERUI/rangerui/inbound/path" to="request.url"/>
<rewrite apply="RANGERUI/rangerui/outbound/links" to="response.body"/>
<rewrite apply="RANGERUI/rangerui/outbound/headers" to="response.headers"/>
</route>
<route path="/ranger/**?**">
<rewrite apply="RANGERUI/rangerui/inbound/query" to="request.url"/>
<rewrite apply="RANGERUI/rangerui/outbound/links" to="response.body"/>
<rewrite apply="RANGERUI/rangerui/outbound/headers" to="response.headers"/>
</route>
</routes>
<dispatch
classname="{color:#de350b}*org.apache.knox.gateway.dispatch.DefaultDispatch*{color}"/>
</service>
> Update Ranger service definitions to support trusted proxy
> ----------------------------------------------------------
>
> Key: KNOX-1872
> URL: https://issues.apache.org/jira/browse/KNOX-1872
> Project: Apache Knox
> Issue Type: New Feature
> Reporter: Sailaja Polavarapu
> Assignee: Sailaja Polavarapu
> Priority: Major
> Fix For: 1.3.0
>
> Attachments:
> 0001-KNOX-1872-Update-service.xml-for-Ranger-UI-service-t.patch
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> In order to support knox trusted proxy for Ranger UI, corresponding
> service.xml need to be updated. That way, the request will contain doAs in
> the request parameter as well as the corresponding tokens instead of basic
> auth credentials of end user.
> Also, add new version of the service definition that defaults to trusted
> proxy for both Ranger UI & Ranger Admin APIs.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
