You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Sandeep More (Jira)" <ji...@apache.org> on 2022/04/20 05:46:00 UTC
[jira] [Assigned] (KNOX-2726) Impersonation Params Declared by Service Definitions
[ https://issues.apache.org/jira/browse/KNOX-2726?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sandeep More reassigned KNOX-2726:
----------------------------------
Assignee: Sandeep More (was: Philip Zampino)
> Impersonation Params Declared by Service Definitions
> ----------------------------------------------------
>
> Key: KNOX-2726
> URL: https://issues.apache.org/jira/browse/KNOX-2726
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.6.0
> Reporter: Philip Zampino
> Assignee: Sandeep More
> Priority: Major
>
> _org.apache.knox.gateway.identityasserter.common.filter.IdentityAsserterHttpServletRequestWrapper#getImpersonationParamNames()_ has the following comment:
> {noformat}
> // TODO: let's have service definitions register their impersonation
> // params in a future release and get this list from a central registry.
> // This will provide better coverage of protection by removing any
> // pre-populated impersonation params.{noformat}
> Currently, Knox excludes some well-known impersonation request parameters from proxied requests. Rather than maintaining a hard-coded list of these params, service definitions should be able to declare them such that they would be available at runtime to {_}org.apache.knox.gateway.identityasserter.common.filter.IdentityAsserterHttpServletRequestWrapper{_}.
> This will allow service-specific impersonation parameter details to be defined by the service definitions, and eliminate the need for Knox runtime code changes when new impersonation params need to be handled.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)