[jira] [Updated] (KNOX-933) PicketLink Provider must set Secure and HTTPOnly flags on Cookie

[Krishna Pandey (JIRA)]

 [ 
https://issues.apache.org/jira/browse/KNOX-933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Krishna Pandey updated KNOX-933:

Attachment: KNOX-933_master_v2.patch

> PicketLink Provider must set Secure and HTTPOnly flags on Cookie
> 
>
> Key: KNOX-933
> URL: https://issues.apache.org/jira/browse/KNOX-933
> Project: Apache Knox
>  Issue Type: Bug
>  Components: Server
>Reporter: Larry McCay
>Assignee: Krishna Pandey
>  Labels: KIP-7
> Fix For: 0.13.0
>
> Attachments: KNOX-933_master_v1.patch, KNOX-933_master_v2.patch
>
>
> The provider creates a cookie in CaptureOriginalURLFilter.java at line 68, 
> but fails to set the HttpOnly and Secure flags to true.
> This provider is not really supported anymore and isn't even documented but 
> we should make sure that all cookies have HttpOnly and Secure flags set. We 
> should separately consider deprecating and removing this provider.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (KNOX-931) asType will not work for body filter when using IdentityAsserterFilter

[Shi Wang (JIRA)]

[ 
https://issues.apache.org/jira/browse/KNOX-931?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16011288#comment-16011288
 ] 

Shi Wang commented on KNOX-931:
---

Hi [~lmc...@apache.org],

I attached the patch as well. Do you have any suggestion to replace the 
instanceof method?

> asType will not work for body filter when using IdentityAsserterFilter
> --
>
> Key: KNOX-931
> URL: https://issues.apache.org/jira/browse/KNOX-931
> Project: Apache Knox
>  Issue Type: Bug
>Affects Versions: 0.11.0
>Reporter: Shi Wang
>Assignee: Shi Wang
> Fix For: 0.13.0
>
> Attachments: 
> 0001-KNOX-931-asType-will-not-work-for-body-filter-when-u.patch
>
>
> In IdentityAsserterHttpServletsWrapper.java, method getInputStream(),
> The body will always be urlEncoded if the contentType is 
> "application/x-www-form-urlencoded"
> And self defined filter that change "application/x-www-form-urlencoded" as 
> other contentType for requestbody will be invalid.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (KNOX-822) In Knox can we capture Bytes transfered info in logs

[Rajesh Chandramohan (JIRA)]

[ 
https://issues.apache.org/jira/browse/KNOX-822?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16011058#comment-16011058
 ] 

Rajesh Chandramohan commented on KNOX-822:
--

 Kevin Minder 
To dev@knox.apache.org Rajesh Chandramohan
CC u...@knox.apache.org
15/12/16 at 6:35 AM
Actually if you enable the properties shown in gateway-log4j.properties and 
restart you should get request/response sizes in a separate access log but 
unfortunately not the authenticated/mapped user.  Keep in mind that the request 
length might be based on the request Content-Length header.  The code involved 
is in gateway-server/src/main/java/org/apache/hadoop/gateway/trace and 
AccessHandler.java in particular.

#log4j.logger.org.apache.hadoop.gateway.access=TRACE,httpaccess
#log4j.additivity.org.apache.hadoop.gateway.access=false

#log4j.appender.httpaccess=org.apache.log4j.DailyRollingFileAppender
#log4j.appender.httpaccess.File=${app.log.dir}/${launcher.name}-http-access.log
#log4j.appender.httpaccess.DatePattern=.-MM-dd
#log4j.appender.httpaccess.layout=org.apache.log4j.PatternLayout
#log4j.appender.httpaccess.layout.ConversionPattern=%d{ISO8601}|%t|%m%n

> On Dec 14, 2016, at 11:15 PM, larry mccay  wrote:
>
> Hello Rajesh -
>
> I don't think that we have any way to do this today.
> There may be extension points in our metrics or in our audit logging to 
> capture payload sizes.
> I imagine that the interesting place to do this would be in the dispatch 
> classes to capture what is being sent to and received from the backend 
> services.
>
> This would require some investigation to determine whether we can gather the 
> sizes and how best to capture them.
>
> I would suggest filing an improvement JIRA and continuing the discussion 
> there.
>
> Thanks for your interest in Knox!
>
> --larry

> In Knox can we capture Bytes transfered info in logs
> 
>
> Key: KNOX-822
> URL: https://issues.apache.org/jira/browse/KNOX-822
> Project: Apache Knox
>  Issue Type: Wish
>  Components: Server
>Affects Versions: 0.6.0, 0.7.0, 0.9.0, 0.10.0
>Reporter: Rajesh Chandramohan
>
> Hi Knox-team,
> In knox can we capture the bytes transferred information along with file name 
> etc. This would help us to track how much transaction each users are doing  
> via knox , Any method or thoughts on this?
>  We make use of audit logs to capture each user how many transaction doing 
> per hr per day. But we like to capture the details of how much bytes per 
> transaction users are doing which will help us for various cases to manage 
> Hadoop and Knox better. Any thoughts on this ? 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (KNOX-928) Topology Port Mapping

[Sandeep More (JIRA)]

 [ 
https://issues.apache.org/jira/browse/KNOX-928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sandeep More updated KNOX-928:
--
Attachment: KNOX-928.003.patch

Patch that addresses the recent review comments.


> Topology Port Mapping
> -
>
> Key: KNOX-928
> URL: https://issues.apache.org/jira/browse/KNOX-928
> Project: Apache Knox
>  Issue Type: New Feature
>  Components: Server
>Reporter: Sandeep More
>Assignee: Sandeep More
>  Labels: KIP-6
> Fix For: 0.13.0
>
> Attachments: KNOX-928.001.patch, KNOX-928.002.patch, 
> KNOX-928.003.patch
>
>
> Instead of having a single "default topology" we can map topologies to
> specific ports and have a dedicated URL without the gateway specific app
> context.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (KNOX-941) Ranger HA does not work through Knox

[Krisztian Horvath (JIRA)]

 [ 
https://issues.apache.org/jira/browse/KNOX-941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Krisztian Horvath updated KNOX-941:
---
Attachment: ranger-ha.bp

> Ranger HA does not work through Knox
> 
>
> Key: KNOX-941
> URL: https://issues.apache.org/jira/browse/KNOX-941
> Project: Apache Knox
>  Issue Type: Bug
>Affects Versions: 0.11.0
>Reporter: Krisztian Horvath
> Attachments: gateway.log, ranger_admin_compact.log, ranger-ha.bp, 
> services.xml
>
>
> Ranger Admin runs in HA mode and knox is configured with:
> {code}
> 
>  ha
>  HaProvider
>  true
>  
> RANGERUI
> 
> maxFailoverAttempts=3;failoverSleep=1000;enabled=true
>  
>   
>  
> RANGERUI
> http://ip-10-0-2-243.eu-west-1.compute.internal:6080
> http://ip-10-0-2-10.eu-west-1.compute.internal:6080
>  
> {code}
> Knox keeps redirecting to the login page. In Ranger log I can see however the 
> login was successful so it accepted the credentials. Load-balancing works as 
> I stop one of the Ranger Admins I still can reach the UI, but cannot move on 
> from the login page. Might be some session issue.
> Attached the knox topology and log file and ranger aggregated log.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (KNOX-941) Ranger HA does not work through Knox

[Krisztian Horvath (JIRA)]

 [ 
https://issues.apache.org/jira/browse/KNOX-941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Krisztian Horvath updated KNOX-941:
---
Description: 
Ranger Admin runs in HA mode and knox is configured with:
{code}

 ha
 HaProvider
 true
 
RANGERUI
maxFailoverAttempts=3;failoverSleep=1000;enabled=true
 
  

 
RANGERUI
http://ip-10-0-2-243.eu-west-1.compute.internal:6080
http://ip-10-0-2-10.eu-west-1.compute.internal:6080
 
{code}

Knox keeps redirecting to the login page. In Ranger log I can see however the 
login was successful so it accepted the credentials. Load-balancing works as I 
stop one of the Ranger Admins I still can reach the UI, but cannot move on from 
the login page. Might be some session issue.

Attached the knox topology and log file and ranger aggregated log.

Ranger is installed with Ambari through Blueprints (see attachment)


  was:
Ranger Admin runs in HA mode and knox is configured with:
{code}

 ha
 HaProvider
 true
 
RANGERUI
maxFailoverAttempts=3;failoverSleep=1000;enabled=true
 
  

 
RANGERUI
http://ip-10-0-2-243.eu-west-1.compute.internal:6080
http://ip-10-0-2-10.eu-west-1.compute.internal:6080
 
{code}

Knox keeps redirecting to the login page. In Ranger log I can see however the 
login was successful so it accepted the credentials. Load-balancing works as I 
stop one of the Ranger Admins I still can reach the UI, but cannot move on from 
the login page. Might be some session issue.

Attached the knox topology and log file and ranger aggregated log.




> Ranger HA does not work through Knox
> 
>
> Key: KNOX-941
> URL: https://issues.apache.org/jira/browse/KNOX-941
> Project: Apache Knox
>  Issue Type: Bug
>Affects Versions: 0.11.0
>Reporter: Krisztian Horvath
> Attachments: gateway.log, ranger_admin_compact.log, ranger-ha.bp, 
> services.xml
>
>
> Ranger Admin runs in HA mode and knox is configured with:
> {code}
> 
>  ha
>  HaProvider
>  true
>  
> RANGERUI
> 
> maxFailoverAttempts=3;failoverSleep=1000;enabled=true
>  
>   
>  
> RANGERUI
> http://ip-10-0-2-243.eu-west-1.compute.internal:6080
> http://ip-10-0-2-10.eu-west-1.compute.internal:6080
>  
> {code}
> Knox keeps redirecting to the login page. In Ranger log I can see however the 
> login was successful so it accepted the credentials. Load-balancing works as 
> I stop one of the Ranger Admins I still can reach the UI, but cannot move on 
> from the login page. Might be some session issue.
> Attached the knox topology and log file and ranger aggregated log.
> Ranger is installed with Ambari through Blueprints (see attachment)



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Updated] (KNOX-941) Ranger HA does not work through Knox

[Krisztian Horvath (JIRA)]

 [ 
https://issues.apache.org/jira/browse/KNOX-941?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Krisztian Horvath updated KNOX-941:
---
Affects Version/s: 0.11.0

> Ranger HA does not work through Knox
> 
>
> Key: KNOX-941
> URL: https://issues.apache.org/jira/browse/KNOX-941
> Project: Apache Knox
>  Issue Type: Bug
>Affects Versions: 0.11.0
>Reporter: Krisztian Horvath
> Attachments: gateway.log, ranger_admin_compact.log, services.xml
>
>
> Ranger Admin runs in HA mode and knox is configured with:
> {code}
> 
>  ha
>  HaProvider
>  true
>  
> RANGERUI
> 
> maxFailoverAttempts=3;failoverSleep=1000;enabled=true
>  
>   
>  
> RANGERUI
> http://ip-10-0-2-243.eu-west-1.compute.internal:6080
> http://ip-10-0-2-10.eu-west-1.compute.internal:6080
>  
> {code}
> Knox keeps redirecting to the login page. In Ranger log I can see however the 
> login was successful so it accepted the credentials. Load-balancing works as 
> I stop one of the Ranger Admins I still can reach the UI, but cannot move on 
> from the login page. Might be some session issue.
> Attached the knox topology and log file and ranger aggregated log.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Created] (KNOX-941) Ranger HA does not work through Knox

[Krisztian Horvath (JIRA)]

Krisztian Horvath created KNOX-941:
--

 Summary: Ranger HA does not work through Knox
 Key: KNOX-941
 URL: https://issues.apache.org/jira/browse/KNOX-941
 Project: Apache Knox
  Issue Type: Bug
Reporter: Krisztian Horvath
 Attachments: gateway.log, ranger_admin_compact.log, services.xml

Ranger Admin runs in HA mode and knox is configured with:
{code}

 ha
 HaProvider
 true
 
RANGERUI
maxFailoverAttempts=3;failoverSleep=1000;enabled=true
 
  

 
RANGERUI
http://ip-10-0-2-243.eu-west-1.compute.internal:6080
http://ip-10-0-2-10.eu-west-1.compute.internal:6080
 
{code}

Knox keeps redirecting to the login page. In Ranger log I can see however the 
login was successful so it accepted the credentials. Load-balancing works as I 
stop one of the Ranger Admins I still can reach the UI, but cannot move on from 
the login page. Might be some session issue.

Attached the knox topology and log file and ranger aggregated log.





--
This message was sent by Atlassian JIRA
(v6.3.15#6346)