[
https://issues.apache.org/jira/browse/KNOX-18?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13778826#comment-13778826
]
Kevin Minder commented on KNOX-18:
----------------------------------
Note also that I have been changing my mind about how identity assertion in
request bodies should handled. My current thinking is that all entity/body
manipulation should be done via the rewrite filter. The current implementation
in IdentityAsserterHttpServletRequestWrapper suffers from two things.
1) It is applied to all request bodies of content type
application/x-www-form-urlencoded and hard codes the parameter names. This
could result in an unrelated user.name param being rewritten for some service.
2) It requires the request entity to essentially be parsed twice. Once by
IdentityAsserterHttpServletRequestWrapper and again by the rewrite filter. Both
of these are done via streaming but it is still inefficient.
> IdentityAssertionHttpServletRequestWrapper should only be used when required
> by the service
> -------------------------------------------------------------------------------------------
>
> Key: KNOX-18
> URL: https://issues.apache.org/jira/browse/KNOX-18
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 0.2.0
> Reporter: Kevin Minder
> Fix For: 0.4.0
>
>
> From BUG-4297
> This is a performance issue since it filters the request stream.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
