[jira] [Work logged] (KNOX-3279) REST Catalog dispatch implementation for including configurable metadata as outbound request headers

Mon, 23 Mar 2026 09:08:08 -0700 


     [ 
https://issues.apache.org/jira/browse/KNOX-3279?focusedWorklogId=1010960&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1010960
 ]

ASF GitHub Bot logged work on KNOX-3279:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 23/Mar/26 16:07
            Start Date: 23/Mar/26 16:07
    Worklog Time Spent: 10m 
      Work Description: pzampino commented on code in PR #1182:
URL: https://github.com/apache/knox/pull/1182#discussion_r2976027553


##########
gateway-service-restcatalog/src/main/java/org/apache/knox/gateway/service/restcatalog/TokenMetadataHeaderHandler.java:
##########
@@ -0,0 +1,161 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.knox.gateway.service.restcatalog;
+
+import com.github.benmanes.caffeine.cache.Cache;
+import com.github.benmanes.caffeine.cache.Caffeine;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.knox.gateway.services.GatewayServices;
+import org.apache.knox.gateway.services.ServiceType;
+import org.apache.knox.gateway.services.security.token.TokenMetadata;
+import org.apache.knox.gateway.services.security.token.TokenStateService;
+import org.apache.knox.gateway.services.security.token.UnknownTokenException;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletRequest;
+import javax.servlet.http.HttpServletRequest;
+import java.util.Base64;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+
+public class TokenMetadataHeaderHandler {
+    static final String TOKEN_METADATA_PARAM = "token-metadata-headers";
+
+    static final String HEADER_PREFIX = "X-Knox-Meta-";
+
+    static final String GRANT_TYPE = "grant_type";
+    static final String CLIENT_CREDENTIALS = "client_credentials";
+    static final String CLIENT_SECRET = "client_secret";
+    static final String INVALID_CLIENT_SECRET = "Error while parsing the 
received client secret";
+
+    TokenStateService tss;
+
+    Set<String> metadataHeaderConfig = new HashSet<>();
+
+    Cache<String, TokenMetadata> metadataCache = 
Caffeine.newBuilder().maximumSize(100).build();

Review Comment:
   Ack





Issue Time Tracking
-------------------

    Worklog Id:     (was: 1010960)
    Time Spent: 2h  (was: 1h 50m)

> REST Catalog dispatch implementation for including configurable metadata as 
> outbound request headers
> ----------------------------------------------------------------------------------------------------
>
>                 Key: KNOX-3279
>                 URL: https://issues.apache.org/jira/browse/KNOX-3279
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>            Reporter: Philip Zampino
>            Assignee: Philip Zampino
>            Priority: Major
>          Time Spent: 2h
>  Remaining Estimate: 0h
>
> For Iceberg REST Catalog proxying, Knox should support the ability to convey 
> a configurable set of token metadata elements associated with the client 
> credentials from the inbound request as headers in the outbound (dispatch) 
> request.
> A custom dispatch for the ICEBERG-REST service should be implemented to 
> provide this support.
> Proposed topology contents (example):
> {code:java}
>     <service>
>         <role>ICEBERG-REST</role>
>         <param>
>             <name>token-metadata-headers</name>
>             <value>email,category</value>
>         </param>
>     </service> {code}
> If the configured metadata items don't exist for a given client_id, then no 
> headers for those items should be conveyed in the outbound request (i.e., 
> they should be ignored).
>  
> It's not clear whether the standard {{userName}} metadata item should be 
> included by default.
> The resulting header names can be of the form {{X-Knox-Meta-<ITEM_NAME>}} 
> where {{<ITEM_NAME>}} is the token metadata item name.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to