[jira] [Work logged] (KNOX-2726) Impersonation Params Declared by Service Definitions

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-2726?focusedWorklogId=772959&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-772959
 ]

ASF GitHub Bot logged work on KNOX-2726:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 20/May/22 18:23
            Start Date: 20/May/22 18:23
    Worklog Time Spent: 10m 
      Work Description: zeroflag commented on code in PR #579:
URL: https://github.com/apache/knox/pull/579#discussion_r878434087


##########
gateway-provider-identity-assertion-common/pom.xml:
##########
@@ -85,8 +85,23 @@
             <groupId>org.eclipse.jetty</groupId>
             <artifactId>jetty-util</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.jboss.shrinkwrap.descriptors</groupId>

Review Comment:
   Isn't compile the default scope in maven? I thought if we don't specify any 
scope it will be compile. My suggestion was to change it to test scope, if we 
only use this library from the test code.





Issue Time Tracking
-------------------

    Worklog Id:     (was: 772959)
    Time Spent: 1h 20m  (was: 1h 10m)

> Impersonation Params Declared by Service Definitions
> ----------------------------------------------------
>
>                 Key: KNOX-2726
>                 URL: https://issues.apache.org/jira/browse/KNOX-2726
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 1.6.0
>            Reporter: Philip Zampino
>            Assignee: Sandeep More
>            Priority: Major
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> _org.apache.knox.gateway.identityasserter.common.filter.IdentityAsserterHttpServletRequestWrapper#getImpersonationParamNames()_
>  has the following comment:
> {noformat}
> // TODO: let's have service definitions register their impersonation
> // params in a future release and get this list from a central registry.
> // This will provide better coverage of protection by removing any
> // pre-populated impersonation params.{noformat}
> Currently, Knox excludes some well-known impersonation request parameters 
> from proxied requests. Rather than maintaining a hard-coded list of these 
> params, service definitions should be able to declare them such that they 
> would be available at runtime to 
> {_}org.apache.knox.gateway.identityasserter.common.filter.IdentityAsserterHttpServletRequestWrapper{_}.
> This will allow service-specific impersonation parameter details to be 
> defined by the service definitions, and eliminate the need for Knox runtime 
> code changes when new impersonation params need to be handled.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)