moresandeep opened a new pull request #544:
URL: https://github.com/apache/knox/pull/544
## What changes were proposed in this pull request?
This PR adds a new identity assertion provider `NoDoAsProvider` that does
not add doAs parameter at the end of the query string. This is needed for
services that do not tolerate addition of query params like RStudio.
This feature can be enabled using `<policies>` in service.xml for proxied
service. e.g.
```
<policies>
<policy role="webappsec"/>
<policy role="authentication"/>
<policy role="rewrite"/>
<policy role="authorization"/>
<policy role="identity-assertion"
name="NoDoAsProvider"/>
</policies>
```
**NOTE**: to use `identity-assertion` you need to use `authentication`
policy.
## How was this patch tested?
This patch was tested locally
```
2022-03-07 16:22:22,919 346c6508-0750-4d40-bd33-739e10e76e59 WARN
knox.gateway (DefaultDispatch.java:executeOutboundRequest(183)) - Connection
exception dispatching request:
http://localhost:50070/webhdfs/v1/tmp/hello.txt?op=create
org.apache.http.conn.HttpHostConnectException: Connect to localhost:50070
[localhost/127.0.0.1, localhost/0:0:0:0:0:0:0:1] failed: Connection refused
(Connection refused)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
