[ https://issues.apache.org/jira/browse/KNOX-2726?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17541071#comment-17541071 ]
ASF subversion and git services commented on KNOX-2726: ------------------------------------------------------- Commit 93bceed9c33d8e63cb48bdac86d9bc98fca44f90 in knox's branch refs/heads/master from Sandeep Moré [ https://gitbox.apache.org/repos/asf?p=knox.git;h=93bceed9c ] KNOX-2726 - Impersonation Params should be configurable (#579) * KNOX-2726 - Impersonation Params should be configurable > Impersonation Params Declared by Service Definitions > ---------------------------------------------------- > > Key: KNOX-2726 > URL: https://issues.apache.org/jira/browse/KNOX-2726 > Project: Apache Knox > Issue Type: Improvement > Components: Server > Affects Versions: 1.6.0 > Reporter: Philip Zampino > Assignee: Sandeep More > Priority: Major > Time Spent: 2.5h > Remaining Estimate: 0h > > _org.apache.knox.gateway.identityasserter.common.filter.IdentityAsserterHttpServletRequestWrapper#getImpersonationParamNames()_ > has the following comment: > {noformat} > // TODO: let's have service definitions register their impersonation > // params in a future release and get this list from a central registry. > // This will provide better coverage of protection by removing any > // pre-populated impersonation params.{noformat} > Currently, Knox excludes some well-known impersonation request parameters > from proxied requests. Rather than maintaining a hard-coded list of these > params, service definitions should be able to declare them such that they > would be available at runtime to > {_}org.apache.knox.gateway.identityasserter.common.filter.IdentityAsserterHttpServletRequestWrapper{_}. > This will allow service-specific impersonation parameter details to be > defined by the service definitions, and eliminate the need for Knox runtime > code changes when new impersonation params need to be handled. -- This message was sent by Atlassian Jira (v8.20.7#820007)