[jira] [Work logged] (KNOX-2726) Impersonation Params Declared by Service Definitions

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-2726?focusedWorklogId=772944&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-772944
 ]

ASF GitHub Bot logged work on KNOX-2726:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 20/May/22 17:41
            Start Date: 20/May/22 17:41
    Worklog Time Spent: 10m 
      Work Description: moresandeep commented on code in PR #579:
URL: https://github.com/apache/knox/pull/579#discussion_r878393585


##########
gateway-provider-identity-assertion-common/pom.xml:
##########
@@ -85,8 +85,23 @@
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-util</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.jboss.shrinkwrap.descriptors</groupId>

Review Comment:
   Actually, this is compile time, that's why I added scope compile.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 772944)
    Time Spent: 50m  (was: 40m)

> Impersonation Params Declared by Service Definitions
> ----------------------------------------------------
>
>                 Key: KNOX-2726
>                 URL: https://issues.apache.org/jira/browse/KNOX-2726
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 1.6.0
>            Reporter: Philip Zampino
>            Assignee: Sandeep More
>            Priority: Major
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> _org.apache.knox.gateway.identityasserter.common.filter.IdentityAsserterHttpServletRequestWrapper#getImpersonationParamNames()_
>  has the following comment:
> {noformat}
> // TODO: let's have service definitions register their impersonation
> // params in a future release and get this list from a central registry.
> // This will provide better coverage of protection by removing any
> // pre-populated impersonation params.{noformat}
> Currently, Knox excludes some well-known impersonation request parameters 
> from proxied requests. Rather than maintaining a hard-coded list of these 
> params, service definitions should be able to declare them such that they 
> would be available at runtime to 
> {_}org.apache.knox.gateway.identityasserter.common.filter.IdentityAsserterHttpServletRequestWrapper{_}.
> This will allow service-specific impersonation parameter details to be 
> defined by the service definitions, and eliminate the need for Knox runtime 
> code changes when new impersonation params need to be handled.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)