pzampino commented on code in PR #681:
URL: https://github.com/apache/knox/pull/681#discussion_r1033944407
##########
gateway-provider-identity-assertion-common/src/main/java/org/apache/knox/gateway/identityasserter/common/filter/CommonIdentityAssertionFilter.java:
##########
@@ -187,21 +216,46 @@ public void doFilter(ServletRequest request,
ServletResponse response, FilterCha
}
String principalName = getPrincipalName(subject);
+ String mappedPrincipalName = null;
+ try {
+ mappedPrincipalName = handleProxyUserImpersonation(request,
principalName);
Review Comment:
I think the principal mapping is orthogonal to the requests that are
received by Knox. Just as in the case without impersonation, the authenticated
user will be mapped to whatever is configured. Similarly, with impersonation,
the authenticated user (e.g., user1) is requesting to act on behalf of another
user (e.g., user2), who is then mapped to user3 just as in the
non-impersonation scenario.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
