[
https://issues.apache.org/jira/browse/KNOX-2998?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandeep More updated KNOX-2998:
-------------------------------
Description:
We will need a new acls extension (similar to AclsAuthz) to support this
functionality. Following, is an example of how this might look.
{code:java}
<provider>
<role>authorization</role>
<name>PathAclsAuthz</name>
<enabled>true</enabled>
<param>
<name>path.acl</name>
<value>https://*:*/**/knoxtoken/api/**;admin;*;*</value>
</param>
</provider>
{code}
This new extension (`path` in the above example) will work with CompositeAuthz
and follow the same pattern as AclsAuthz provider.
was:
We will need a new acls extension (similar to AclsAuthz) to support this
functionality. Following, is an example of how this might look.
{code:java}
<param>
<name>path.KNOX-AUTH-SERVICE.acl</name>
<value>/foo/* [,
*|path...];username[,*|username...];group[,*|group...];ipaddr[,*|ipaddr...]</value>
</param>
{code}
This new extension (`path` in the above example) will work with CompositeAuthz
and follow the same pattern as AclsAuthz provider.
> Path based authorization
> ------------------------
>
> Key: KNOX-2998
> URL: https://issues.apache.org/jira/browse/KNOX-2998
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Reporter: Sandeep More
> Assignee: Sandeep More
> Priority: Major
> Fix For: 2.1.0
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> We will need a new acls extension (similar to AclsAuthz) to support this
> functionality. Following, is an example of how this might look.
>
> {code:java}
> <provider>
> <role>authorization</role>
> <name>PathAclsAuthz</name>
> <enabled>true</enabled>
> <param>
> <name>path.acl</name>
> <value>https://*:*/**/knoxtoken/api/**;admin;*;*</value>
> </param>
> </provider>
> {code}
> This new extension (`path` in the above example) will work with
> CompositeAuthz and follow the same pattern as AclsAuthz provider.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
