You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by mo...@apache.org on 2017/02/21 14:47:09 UTC

svn commit: r1783897 - in /knox: site/books/knox-0-12-0/user-guide.html site/index.html site/issue-tracking.html site/license.html site/mail-lists.html site/project-info.html site/team-list.html trunk/books/0.12.0/config_preauth_sso_provider.md

Author: more
Date: Tue Feb 21 14:47:09 2017
New Revision: 1783897

URL: http://svn.apache.org/viewvc?rev=1783897&view=rev
Log:
KNOX-886 - Document multiple preauth validator (Mohammad Kamrul Islam via Sandeep More)

Modified:
    knox/site/books/knox-0-12-0/user-guide.html
    knox/site/index.html
    knox/site/issue-tracking.html
    knox/site/license.html
    knox/site/mail-lists.html
    knox/site/project-info.html
    knox/site/team-list.html
    knox/trunk/books/0.12.0/config_preauth_sso_provider.md

Modified: knox/site/books/knox-0-12-0/user-guide.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-12-0/user-guide.html?rev=1783897&r1=1783896&r2=1783897&view=diff
==============================================================================
--- knox/site/books/knox-0-12-0/user-guide.html (original)
+++ knox/site/books/knox-0-12-0/user-guide.html Tue Feb 21 14:47:09 2017
@@ -2435,7 +2435,7 @@ APACHE_HOME/bin/apachectl -k stop
   <tbody>
     <tr>
       <td>preauth.validation.method</td>
-      <td>Optional parameter that indicates the type of trust validation to perform on incoming requests. Possible values are: null, preauth.default.validation, preauth.ip.validation, custom validator (details described in <a href="dev-guide.html#Validator">Custom Validator</a>). Failure results in a 403 forbidden HTTP status response.</td>
+      <td>Optional parameter that indicates the types of trust validation to perform on incoming requests. There could be one or more comma-separated validators defined in this property. If there are multiple validators, Apache Knox validates each validator in the same sequence as it is configured. This works similar to short-circuit AND operation i.e. if any validator fails, Knox does not perform further validation and returns overall failure immediately. Possible values are: null, preauth.default.validation, preauth.ip.validation, custom validator (details described in <a href="dev-guide.html#Validator">Custom Validator</a>). Failure results in a 403 forbidden HTTP status response.</td>
       <td>null - which means &lsquo;preauth.default.validation&rsquo; that is no validation will be performed and that we are assuming that the network security and external authentication system is sufficient.</td>
     </tr>
     <tr>

Modified: knox/site/index.html
URL: http://svn.apache.org/viewvc/knox/site/index.html?rev=1783897&r1=1783896&r2=1783897&view=diff
==============================================================================
--- knox/site/index.html (original)
+++ knox/site/index.html Tue Feb 21 14:47:09 2017
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2017-02-14
+ | Generated by Apache Maven Doxia at 2017-02-21
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20170214" />
+    <meta name="Date-Revision-yyyymmdd" content="20170221" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; REST API Gateway for the Apache Hadoop Ecosystem</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2017-02-14</li> 
+                  <li id="publishDate" class="pull-right">Last Published: 2017-02-21</li> 
             
                             </ul>
       </div>

Modified: knox/site/issue-tracking.html
URL: http://svn.apache.org/viewvc/knox/site/issue-tracking.html?rev=1783897&r1=1783896&r2=1783897&view=diff
==============================================================================
--- knox/site/issue-tracking.html (original)
+++ knox/site/issue-tracking.html Tue Feb 21 14:47:09 2017
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2017-02-14
+ | Generated by Apache Maven Doxia at 2017-02-21
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20170214" />
+    <meta name="Date-Revision-yyyymmdd" content="20170221" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Issue Tracking</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2017-02-14</li> 
+                  <li id="publishDate" class="pull-right">Last Published: 2017-02-21</li> 
             
                             </ul>
       </div>

Modified: knox/site/license.html
URL: http://svn.apache.org/viewvc/knox/site/license.html?rev=1783897&r1=1783896&r2=1783897&view=diff
==============================================================================
--- knox/site/license.html (original)
+++ knox/site/license.html Tue Feb 21 14:47:09 2017
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2017-02-14
+ | Generated by Apache Maven Doxia at 2017-02-21
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20170214" />
+    <meta name="Date-Revision-yyyymmdd" content="20170221" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Project License</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2017-02-14</li> 
+                  <li id="publishDate" class="pull-right">Last Published: 2017-02-21</li> 
             
                             </ul>
       </div>

Modified: knox/site/mail-lists.html
URL: http://svn.apache.org/viewvc/knox/site/mail-lists.html?rev=1783897&r1=1783896&r2=1783897&view=diff
==============================================================================
--- knox/site/mail-lists.html (original)
+++ knox/site/mail-lists.html Tue Feb 21 14:47:09 2017
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2017-02-14
+ | Generated by Apache Maven Doxia at 2017-02-21
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20170214" />
+    <meta name="Date-Revision-yyyymmdd" content="20170221" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Project Mailing Lists</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2017-02-14</li> 
+                  <li id="publishDate" class="pull-right">Last Published: 2017-02-21</li> 
             
                             </ul>
       </div>

Modified: knox/site/project-info.html
URL: http://svn.apache.org/viewvc/knox/site/project-info.html?rev=1783897&r1=1783896&r2=1783897&view=diff
==============================================================================
--- knox/site/project-info.html (original)
+++ knox/site/project-info.html Tue Feb 21 14:47:09 2017
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2017-02-14
+ | Generated by Apache Maven Doxia at 2017-02-21
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20170214" />
+    <meta name="Date-Revision-yyyymmdd" content="20170221" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Project Information</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2017-02-14</li> 
+                  <li id="publishDate" class="pull-right">Last Published: 2017-02-21</li> 
             
                             </ul>
       </div>

Modified: knox/site/team-list.html
URL: http://svn.apache.org/viewvc/knox/site/team-list.html?rev=1783897&r1=1783896&r2=1783897&view=diff
==============================================================================
--- knox/site/team-list.html (original)
+++ knox/site/team-list.html Tue Feb 21 14:47:09 2017
@@ -1,13 +1,13 @@
 <!DOCTYPE html>
 <!--
- | Generated by Apache Maven Doxia at 2017-02-14
+ | Generated by Apache Maven Doxia at 2017-02-21
  | Rendered using Apache Maven Fluido Skin 1.3.0
 -->
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="Date-Revision-yyyymmdd" content="20170214" />
+    <meta name="Date-Revision-yyyymmdd" content="20170221" />
     <meta http-equiv="Content-Language" content="en" />
     <title>Knox Gateway &#x2013; Team list</title>
     <link rel="stylesheet" href="./css/apache-maven-fluido-1.3.0.min.css" />
@@ -58,7 +58,7 @@
               
                 
                     
-                  <li id="publishDate" class="pull-right">Last Published: 2017-02-14</li> 
+                  <li id="publishDate" class="pull-right">Last Published: 2017-02-21</li> 
             
                             </ul>
       </div>

Modified: knox/trunk/books/0.12.0/config_preauth_sso_provider.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.12.0/config_preauth_sso_provider.md?rev=1783897&r1=1783896&r2=1783897&view=diff
==============================================================================
--- knox/trunk/books/0.12.0/config_preauth_sso_provider.md (original)
+++ knox/trunk/books/0.12.0/config_preauth_sso_provider.md Tue Feb 21 14:47:09 2017
@@ -41,7 +41,7 @@ The following table describes the config
 
 Name | Description | Default
 ---------|-----------
-preauth.validation.method|Optional parameter that indicates the type of trust validation to perform on incoming requests. Possible values are: null, preauth.default.validation, preauth.ip.validation, custom validator (details described in [Custom Validator](dev-guide.html#Validator)). Failure results in a 403 forbidden HTTP status response.|null - which means 'preauth.default.validation' that is  no validation will be performed and that we are assuming that the network security and external authentication system is sufficient. 
+preauth.validation.method|Optional parameter that indicates the types of trust validation to perform on incoming requests. There could be one or more comma-separated validators defined in this property. If there are multiple validators, Apache Knox validates each validator in the same sequence as it is configured. This works similar to short-circuit AND operation i.e. if any validator fails, Knox does not perform further validation and returns overall failure immediately. Possible values are: null, preauth.default.validation, preauth.ip.validation, custom validator (details described in [Custom Validator](dev-guide.html#Validator)). Failure results in a 403 forbidden HTTP status response.|null - which means 'preauth.default.validation' that is  no validation will be performed and that we are assuming that the network security and external authentication system is sufficient. 
 preauth.ip.addresses|Optional parameter that indicates the list of trusted ip addresses. When preauth.ip.validation is indicated as the validation method this parameter must be provided to indicate the trusted ip address set. Wildcarded IPs may be used to indicate subnet level trust. ie. 127.0.*|null - which means that no validation will be performed.
 preauth.custom.header|Required parameter for indicating a custom header to use for extracting the preauthenticated principal. The value extracted from this header is utilized as the PrimaryPrincipal within the established Subject. An incoming request that is missing the configured header will be refused with a 401 unauthorized HTTP status.|SM_USER for SiteMinder usecase
 preauth.custom.group.header|Optional parameter for indicating a HTTP header name that contains a comma separated list of groups. These are added to the authenticated Subject as group principals. A missing group header will result in no groups being extracted from the incoming request and a log entry but processing will continue.|null - which means that there will be no group principals extracted from the request and added to the established Subject.