You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by su...@apache.org on 2016/11/07 20:20:21 UTC
svn commit: r1768580 - in /knox: site/books/knox-0-10-0/
site/books/knox-0-4-0/ site/books/knox-0-5-0/ site/books/knox-0-6-0/
site/books/knox-0-7-0/ site/books/knox-0-8-0/ site/books/knox-0-9-0/
site/books/knox-0-9-1/ trunk/books/0.10.0/ trunk/markbook/
Author: sumit
Date: Mon Nov 7 20:20:20 2016
New Revision: 1768580
URL: http://svn.apache.org/viewvc?rev=1768580&view=rev
Log:
KNOX-778 Docs for websocket support (Sandeep More via Sumit Gupta)
Added:
knox/trunk/books/0.10.0/websocket-support.md
Modified:
knox/site/books/knox-0-10-0/deployment-overview.png
knox/site/books/knox-0-10-0/deployment-provider.png
knox/site/books/knox-0-10-0/deployment-service.png
knox/site/books/knox-0-10-0/general_saml_flow.png
knox/site/books/knox-0-10-0/runtime-overview.png
knox/site/books/knox-0-10-0/runtime-request-processing.png
knox/site/books/knox-0-10-0/user-guide.html
knox/site/books/knox-0-4-0/deployment-overview.png
knox/site/books/knox-0-4-0/deployment-provider.png
knox/site/books/knox-0-4-0/deployment-service.png
knox/site/books/knox-0-4-0/runtime-overview.png
knox/site/books/knox-0-4-0/runtime-request-processing.png
knox/site/books/knox-0-5-0/deployment-overview.png
knox/site/books/knox-0-5-0/deployment-provider.png
knox/site/books/knox-0-5-0/deployment-service.png
knox/site/books/knox-0-5-0/runtime-overview.png
knox/site/books/knox-0-5-0/runtime-request-processing.png
knox/site/books/knox-0-6-0/deployment-overview.png
knox/site/books/knox-0-6-0/deployment-provider.png
knox/site/books/knox-0-6-0/deployment-service.png
knox/site/books/knox-0-6-0/runtime-overview.png
knox/site/books/knox-0-6-0/runtime-request-processing.png
knox/site/books/knox-0-7-0/deployment-overview.png
knox/site/books/knox-0-7-0/deployment-provider.png
knox/site/books/knox-0-7-0/deployment-service.png
knox/site/books/knox-0-7-0/general_saml_flow.png
knox/site/books/knox-0-7-0/runtime-overview.png
knox/site/books/knox-0-7-0/runtime-request-processing.png
knox/site/books/knox-0-8-0/deployment-overview.png
knox/site/books/knox-0-8-0/deployment-provider.png
knox/site/books/knox-0-8-0/deployment-service.png
knox/site/books/knox-0-8-0/general_saml_flow.png
knox/site/books/knox-0-8-0/runtime-overview.png
knox/site/books/knox-0-8-0/runtime-request-processing.png
knox/site/books/knox-0-9-0/deployment-overview.png
knox/site/books/knox-0-9-0/deployment-provider.png
knox/site/books/knox-0-9-0/deployment-service.png
knox/site/books/knox-0-9-0/general_saml_flow.png
knox/site/books/knox-0-9-0/runtime-overview.png
knox/site/books/knox-0-9-0/runtime-request-processing.png
knox/site/books/knox-0-9-1/deployment-overview.png
knox/site/books/knox-0-9-1/deployment-provider.png
knox/site/books/knox-0-9-1/deployment-service.png
knox/site/books/knox-0-9-1/general_saml_flow.png
knox/site/books/knox-0-9-1/runtime-overview.png
knox/site/books/knox-0-9-1/runtime-request-processing.png
knox/trunk/books/0.10.0/book.md
knox/trunk/books/0.10.0/book_gateway-details.md
knox/trunk/markbook/pom.xml
Modified: knox/site/books/knox-0-10-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-10-0/deployment-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-10-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-10-0/deployment-provider.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-10-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-10-0/deployment-service.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-10-0/general_saml_flow.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-10-0/general_saml_flow.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-10-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-10-0/runtime-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-10-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-10-0/runtime-request-processing.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-10-0/user-guide.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-10-0/user-guide.html?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
--- knox/site/books/knox-0-10-0/user-guide.html (original)
+++ knox/site/books/knox-0-10-0/user-guide.html Mon Nov 7 20:20:20 2016
@@ -49,6 +49,7 @@
<li><a href="#Pac4j+Provider+-+CAS+/+OAuth+/+SAML+/+OpenID+Connect">Pac4j Provider - CAS / OAuth / SAML / OpenID Connect</a></li>
<li><a href="#KnoxSSO+Setup+and+Configuration">KnoxSSO Setup and Configuration</a></li>
<li><a href="#Mutual+Authentication+with+SSL">Mutual Authentication with SSL</a></li>
+ <li><a href="#Websocket+Support">Websocket Support</a></li>
<li><a href="#Audit">Audit</a></li>
</ul></li>
<li><a href="#Client+Details">Client Details</a></li>
@@ -2668,7 +2669,53 @@ APACHE_HOME/bin/apachectl -k stop
</tbody>
</table><p>By only indicating that it is needed with <code>gateway.client.auth.needed</code>, the <code>{GATEWAY_HOME}/data/security/keystores/gateway.jks</code> keystore is used. This is the identity keystore for the server and can also be used as the truststore. We can specify the path to a dedicated truststore via <code>gateway.truststore.path</code>. If the truststore password is different from the gateway master secret then it can be set using</p>
<pre><code>knoxcli.sh create-alias gateway-truststore-password --value {pwd}
-</code></pre><p>Otherwise, the master secret will be used. If the truststore is not a JKS type then it can be set via <code>gateway.truststore.type</code>.</p><h3><a id="Audit">Audit</a> <a href="#Audit"><img src="markbook-section-link.png"/></a></h3><p>The Audit facility within the Knox Gateway introduces functionality for tracking actions that are executed by Knox per user’s request or that are produced by Knox internal events like topology deploy, etc. The Knox Audit module is based on <a href="http://logging.apache.org/log4j/1.2/">Apache log4j</a>.</p><h4><a id="Configuration+needed">Configuration needed</a> <a href="#Configuration+needed"><img src="markbook-section-link.png"/></a></h4><p>Out of the box, the Knox Gateway includes preconfigured auditing capabilities. To change its configuration please read the following sections.</p><h4><a id="Where+audit+logs+go">Where audit logs go</a> <a href="#Where+audit+logs+go"><img src="markbook-section-link.png"/></a></h4><p>The Au
dit module is preconfigured to write audit records to the log file <code>{GATEWAY_HOME}/log/gateway-audit.log</code>.</p><p>This behavior can be changed in the <code>{GATEWAY_HOME}/conf/gateway-log4j.properties</code> file. <code>app.audit.file</code> can be used to change the location. The <code>log4j.appender.auditfile.*</code> properties can be used for further customization. For detailed information read the <a href="http://logging.apache.org/log4j/1.2/">Apache log4j</a> documentation.</p><h4><a id="Audit+format">Audit format</a> <a href="#Audit+format"><img src="markbook-section-link.png"/></a></h4><p>Out of the box, the audit record format is defined by <code>org.apache.hadoop.gateway.audit.log4j.layout.AuditLayout</code>. Its structure is as follows:</p>
+</code></pre><p>Otherwise, the master secret will be used. If the truststore is not a JKS type then it can be set via <code>gateway.truststore.type</code>. <!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--></p><h2><a id="Websocket+Support">Websocket Support</a> <a href="#Websocket+Support"><img src="markbook-section-link.png"/></a></h2><h3><a id="Introduction">Introduction</a> <a href="#Introduction"><img src="markbook-section-link.png"/></a></h3><p>Websocket is a communication protocol that allows full duplex communication over single TCP connection. Knox provides out-of-the-box support for websocket protocol, currently only text messages are supported.</p><h3><a id="Configuration">Configuration</a> <a href="#Configuration"><img src="markbook-section-link.png"/></a></h3><p>By default websocket functionality is disabled, it can be easily enabled by changing the ‘gateway.websocket.feature.enabled’ property to ‘true’ in <KNOX-HOME>/conf/gateway-site.xml file. </p>
+<pre><code> <property>
+ <name>gateway.websocket.feature.enabled</name>
+ <value>true</value>
+ <description>Enable/Disable websocket feature.</description>
+ </property>
+</code></pre><p>Service and rewrite rules need to changed accordingly to match the appropriate websocket context.</p><h3><a id="Example">Example</a> <a href="#Example"><img src="markbook-section-link.png"/></a></h3><p>In the following sample configuration we assume that the backend websocket URL is <a href="ws://myhost:9999/ws">ws://myhost:9999/ws</a>. And ‘gateway.websocket.feature.enabled’ property is set to ‘true’ as shown above.</p><h4><a id="rewrite">rewrite</a> <a href="#rewrite"><img src="markbook-section-link.png"/></a></h4><p>Example code snippet from <KNOX-HOME>/data/services/{myservice}/{version}/rewrite.xml where myservice = websocket and version = 0.6.0</p>
+<pre><code> <rules>
+ <rule dir="IN" name="WEBSOCKET/ws/inbound" pattern="*://*:*/**/ws">
+ <rewrite template="{$serviceUrl[WEBSOCKET]}/ws"/>
+ </rule>
+ </rules>
+</code></pre><h4><a id="service">service</a> <a href="#service"><img src="markbook-section-link.png"/></a></h4><p>Example code snippet from <KNOX-HOME>/data/services/{myservice}/{version}/service.xml where myservice = websocket and version = 0.6.0</p>
+<pre><code> <service role="WEBSOCKET" name="websocket" version="0.6.0">
+ <policies>
+ <policy role="webappsec"/>
+ <policy role="authentication" name="Anonymous"/>
+ <policy role="rewrite"/>
+ <policy role="authorization"/>
+ </policies>
+ <routes>
+ <route path="/ws">
+ <rewrite apply="WEBSOCKET/ws/inbound" to="request.url"/>
+ </route>
+ </routes>
+ </service>
+</code></pre><h4><a id="topology">topology</a> <a href="#topology"><img src="markbook-section-link.png"/></a></h4><p>Finally, update the topology file at <KNOX-HOME>/conf/{topology}.xml with the backend service url</p>
+<pre><code> <service>
+ <role>WEBSOCKET</role>
+ <url>ws://myhost:9999/ws</url>
+ </service>
+</code></pre><h3><a id="Audit">Audit</a> <a href="#Audit"><img src="markbook-section-link.png"/></a></h3><p>The Audit facility within the Knox Gateway introduces functionality for tracking actions that are executed by Knox per user’s request or that are produced by Knox internal events like topology deploy, etc. The Knox Audit module is based on <a href="http://logging.apache.org/log4j/1.2/">Apache log4j</a>.</p><h4><a id="Configuration+needed">Configuration needed</a> <a href="#Configuration+needed"><img src="markbook-section-link.png"/></a></h4><p>Out of the box, the Knox Gateway includes preconfigured auditing capabilities. To change its configuration please read the following sections.</p><h4><a id="Where+audit+logs+go">Where audit logs go</a> <a href="#Where+audit+logs+go"><img src="markbook-section-link.png"/></a></h4><p>The Audit module is preconfigured to write audit records to the log file <code>{GATEWAY_HOME}/log/gateway-audit.log</code>.</p><p>This behavior can be c
hanged in the <code>{GATEWAY_HOME}/conf/gateway-log4j.properties</code> file. <code>app.audit.file</code> can be used to change the location. The <code>log4j.appender.auditfile.*</code> properties can be used for further customization. For detailed information read the <a href="http://logging.apache.org/log4j/1.2/">Apache log4j</a> documentation.</p><h4><a id="Audit+format">Audit format</a> <a href="#Audit+format"><img src="markbook-section-link.png"/></a></h4><p>Out of the box, the audit record format is defined by <code>org.apache.hadoop.gateway.audit.log4j.layout.AuditLayout</code>. Its structure is as follows:</p>
<pre><code>EVENT_PUBLISHING_TIME ROOT_REQUEST_ID|PARENT_REQUEST_ID|REQUEST_ID|LOGGER_NAME|TARGET_SERVICE_NAME|USER_NAME|PROXY_USER_NAME|SYSTEM_USER_NAME|ACTION|RESOURCE_TYPE|RESOURCE_NAME|OUTCOME|LOGGING_MESSAGE
</code></pre><p>The audit record format can be changed by setting <code>log4j.appender.auditfile.layout</code> property in <code>{GATEWAY_HOME}/conf/gateway-log4j.properties</code> to another class that extends <code>org.apache.log4j.Layout</code> or its subclasses.</p><p>For detailed information read <a href="http://logging.apache.org/log4j/1.2/">Apache log4j</a>.</p><h5><a id="How+to+interpret+audit+log">How to interpret audit log</a> <a href="#How+to+interpret+audit+log"><img src="markbook-section-link.png"/></a></h5>
<table>
Modified: knox/site/books/knox-0-4-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-4-0/deployment-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-4-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-4-0/deployment-provider.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-4-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-4-0/deployment-service.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-4-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-4-0/runtime-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-4-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-4-0/runtime-request-processing.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-5-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-5-0/deployment-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-5-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-5-0/deployment-provider.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-5-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-5-0/deployment-service.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-5-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-5-0/runtime-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-5-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-5-0/runtime-request-processing.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-6-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-6-0/deployment-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-6-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-6-0/deployment-provider.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-6-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-6-0/deployment-service.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-6-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-6-0/runtime-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-6-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-6-0/runtime-request-processing.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-7-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-7-0/deployment-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-7-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-7-0/deployment-provider.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-7-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-7-0/deployment-service.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-7-0/general_saml_flow.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-7-0/general_saml_flow.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-7-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-7-0/runtime-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-7-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-7-0/runtime-request-processing.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-8-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-8-0/deployment-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-8-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-8-0/deployment-provider.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-8-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-8-0/deployment-service.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-8-0/general_saml_flow.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-8-0/general_saml_flow.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-8-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-8-0/runtime-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-8-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-8-0/runtime-request-processing.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-9-0/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-9-0/deployment-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-9-0/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-9-0/deployment-provider.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-9-0/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-9-0/deployment-service.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-9-0/general_saml_flow.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-9-0/general_saml_flow.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-9-0/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-9-0/runtime-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-9-0/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-9-0/runtime-request-processing.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-9-1/deployment-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-9-1/deployment-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-9-1/deployment-provider.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-9-1/deployment-provider.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-9-1/deployment-service.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-9-1/deployment-service.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-9-1/general_saml_flow.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-9-1/general_saml_flow.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-9-1/runtime-overview.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-9-1/runtime-overview.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/site/books/knox-0-9-1/runtime-request-processing.png
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-9-1/runtime-request-processing.png?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
Binary files - no diff available.
Modified: knox/trunk/books/0.10.0/book.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.10.0/book.md?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
--- knox/trunk/books/0.10.0/book.md (original)
+++ knox/trunk/books/0.10.0/book.md Mon Nov 7 20:20:20 2016
@@ -54,6 +54,7 @@
* #[Pac4j Provider - CAS / OAuth / SAML / OpenID Connect]
* #[KnoxSSO Setup and Configuration]
* #[Mutual Authentication with SSL]
+ * #[Websocket Support]
* #[Audit]
* #[Client Details]
* #[Service Details]
Modified: knox/trunk/books/0.10.0/book_gateway-details.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.10.0/book_gateway-details.md?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
--- knox/trunk/books/0.10.0/book_gateway-details.md (original)
+++ knox/trunk/books/0.10.0/book_gateway-details.md Mon Nov 7 20:20:20 2016
@@ -96,4 +96,5 @@ In the Hortonworks Sandbox Ambari might
<<config_pac4j_provider.md>>
<<config_knox_sso.md>>
<<config_mutual_authentication_ssl.md>>
+<<websocket-support.md>>
<<config_audit.md>>
Added: knox/trunk/books/0.10.0/websocket-support.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.10.0/websocket-support.md?rev=1768580&view=auto
==============================================================================
--- knox/trunk/books/0.10.0/websocket-support.md (added)
+++ knox/trunk/books/0.10.0/websocket-support.md Mon Nov 7 20:20:20 2016
@@ -0,0 +1,76 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+## Websocket Support ##
+
+### Introduction
+
+Websocket is a communication protocol that allows full duplex communication over single TCP connection.
+Knox provides out-of-the-box support for websocket protocol, currently only text messages are supported.
+
+### Configuration ###
+
+By default websocket functionality is disabled, it can be easily enabled by changing the 'gateway.websocket.feature.enabled' property to 'true' in <KNOX-HOME>/conf/gateway-site.xml file.
+
+ <property>
+ <name>gateway.websocket.feature.enabled</name>
+ <value>true</value>
+ <description>Enable/Disable websocket feature.</description>
+ </property>
+
+Service and rewrite rules need to changed accordingly to match the appropriate websocket context.
+
+### Example ###
+
+In the following sample configuration we assume that the backend websocket URL is ws://myhost:9999/ws. And 'gateway.websocket.feature.enabled' property is set to 'true' as shown above.
+
+#### rewrite ####
+
+Example code snippet from <KNOX-HOME>/data/services/{myservice}/{version}/rewrite.xml where myservice = websocket and version = 0.6.0
+
+ <rules>
+ <rule dir="IN" name="WEBSOCKET/ws/inbound" pattern="*://*:*/**/ws">
+ <rewrite template="{$serviceUrl[WEBSOCKET]}/ws"/>
+ </rule>
+ </rules>
+
+#### service ####
+
+Example code snippet from <KNOX-HOME>/data/services/{myservice}/{version}/service.xml where myservice = websocket and version = 0.6.0
+
+ <service role="WEBSOCKET" name="websocket" version="0.6.0">
+ <policies>
+ <policy role="webappsec"/>
+ <policy role="authentication" name="Anonymous"/>
+ <policy role="rewrite"/>
+ <policy role="authorization"/>
+ </policies>
+ <routes>
+ <route path="/ws">
+ <rewrite apply="WEBSOCKET/ws/inbound" to="request.url"/>
+ </route>
+ </routes>
+ </service>
+
+#### topology ####
+
+Finally, update the topology file at <KNOX-HOME>/conf/{topology}.xml with the backend service url
+
+ <service>
+ <role>WEBSOCKET</role>
+ <url>ws://myhost:9999/ws</url>
+ </service>
Modified: knox/trunk/markbook/pom.xml
URL: http://svn.apache.org/viewvc/knox/trunk/markbook/pom.xml?rev=1768580&r1=1768579&r2=1768580&view=diff
==============================================================================
--- knox/trunk/markbook/pom.xml (original)
+++ knox/trunk/markbook/pom.xml Mon Nov 7 20:20:20 2016
@@ -23,7 +23,7 @@
<parent>
<artifactId>gateway-site</artifactId>
<groupId>org.apache.hadoop.gateway</groupId>
- <version>0.8.0</version>
+ <version>0.9.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -85,4 +85,4 @@
</dependency>
</dependencies>
-</project>
\ No newline at end of file
+</project>