Sandor Molnar created KNOX-3219:
-----------------------------------
Summary: New Virtual Group mapping function to check request
parameters
Key: KNOX-3219
URL: https://issues.apache.org/jira/browse/KNOX-3219
Project: Apache Knox
Issue Type: Improvement
Components: Server
Affects Versions: 2.1.0, 2.0.0
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Fix For: 3.0.0
KNOX-2707 added a very cool feature that allows virtual group mapping using
predicates. There are many pre-defined functions, including {{request-header}}
and {{{}request-attribute{}}}.
It'd be beneficial to add a new request-related function called
{{request-parameter}} that works the same way as the above listed ones, but it
gets the value to compare from the request parameters.
For instance:
{code:java}
<param>
<name>group.mapping.non_rejected_requests</name>
<value>(= (strlen (request-parameter 'impala.doas.user')) 0)</value>
</param> {code}
This would map user principals to the {{non_rejected_requests}} where the
request doesn't contain the {{impala.doas.user}} parameter.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
