[
https://issues.apache.org/jira/browse/KNOX-911?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Attila Kanto updated KNOX-911:
------------------------------
Assignee: Attila Kanto
Status: Patch Available (was: Open)
hi [~jeffreyr97], [~lmccay], [~sumitgupta225],
I have attached a patch in order to make it easier to explain how I imagined
the implementation of this feature.
The attached includes:
* a new servlet filter to scope the cookies (whenever Knox receives a
"Set-Cookie" header (from a backend), then it adds a Path=.... value to it, or
if the Path value is already present in the Set-Cookie header, then changes the
existing Path to scope it to Knox's gateway.path value.
* introduction of a new property to enable/disable this feature (disabled by
default)
* junit tests
How I tested it:
* created 3 clusters, each of them containing the same services (Ambari,
Zeppelin, Ranger)
* changed Knox's gateway path on to gateway1, gateway2, gateway3 on the
gateway-site.xml
* introduced a centralised reverse proxy at the front of the Knox instances
* the Services were accessible on
https://reverse.proxy.address/gateway1/topo/ambari/,
https://reverse.proxy.address/gateway2topo/ambari/,
https://reverse.proxy.address/gateway3/topo/ambari/ etc.
https://reverse.proxy.address/gateway1/topo/zeppelin/, etc..
* verified that logging in to
https://reverse.proxy.address/gateway1/topo/ambari/ will not overwrite the
cookies of https://reverse.proxy.address/gateway2/topo/ambari/ or
https://reverse.proxy.address/gateway3/topo/ambari/
Kindly ask you to take a look at the patch and share your thoughts.
Thanks,
Attila
> Ability to scope cookies to a given Path
> ----------------------------------------
>
> Key: KNOX-911
> URL: https://issues.apache.org/jira/browse/KNOX-911
> Project: Apache Knox
> Issue Type: Wish
> Reporter: Attila Kanto
> Assignee: Attila Kanto
> Fix For: 0.13.0
>
>
> If there are multiple individual Knox instances behind of a reverse proxy,
> then it would be very useful if the Cookies could be scoped to a given Path.
> If a reverse proxy is put at the font of multiple Knox instances then scoping
> the Cookies to domain is not sufficient since the /gateway1/... and
> /gateway2/... cookies will overwrite each other.
> {code}
> +---------------------------------+
> | |
> | Reverse Proxy |
> | |
> +---------------------------------+
> | |
> /gateway1/topology | | /gateway2/topology
> | |
> +----------------------------v----+
> +--v------------------------------+
> | | |
> |
> | Knox 1 (/gateway1/topology) | | Knox 2 (/gateway2/topology)
> |
> | | |
> |
> +---------------------------------+
> +---------------------------------+
> {code}
> Proposal:
> Cookies can be scoped with Set-Cookie: Path=/somepath header field.
> It would be very convenient if this scope path could be set in
> gateway-site.xml and Knox would return it in Set-Cookie header field to
> clients.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
