Philip Zampino created KNOX-2726:
------------------------------------
Summary: Impersonation Params Declared by Service Definitions
Key: KNOX-2726
URL: https://issues.apache.org/jira/browse/KNOX-2726
Project: Apache Knox
Issue Type: Improvement
Components: Server
Affects Versions: 1.6.0
Reporter: Philip Zampino
Assignee: Philip Zampino
_org.apache.knox.gateway.identityasserter.common.filter.IdentityAsserterHttpServletRequestWrapper#getImpersonationParamNames()_
has the following comment:
{noformat}
// TODO: let's have service definitions register their impersonation
// params in a future release and get this list from a central registry.
// This will provide better coverage of protection by removing any
// pre-populated impersonation params.{noformat}
Currently, Knox excludes some well-known impersonation request parameters from
proxied requests. Rather than maintaining a hard-coded list of these params,
service definitions should be able to declare them such that they would be
available at runtime to
{_}org.apache.knox.gateway.identityasserter.common.filter.IdentityAsserterHttpServletRequestWrapper{_}.
This will allow service-specific impersonation parameter details to be defined
by the service definitions, and eliminate the need for Knox runtime code
changes when new impersonation params need to be handled.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
