knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject svn commit: r1716902 - in /knox: site/books/knox-0-7-0/user-guide.html trunk/books/0.7.0/config_webappsec_provider.md
Date Fri, 27 Nov 2015 17:23:01 GMT
Author: lmccay
Date: Fri Nov 27 17:23:01 2015
New Revision: 1716902

URL: http://svn.apache.org/viewvc?rev=1716902&view=rev
Log:
fixed table for CORS in user guide 0.7.0

Modified:
    knox/site/books/knox-0-7-0/user-guide.html
    knox/trunk/books/0.7.0/config_webappsec_provider.md

Modified: knox/site/books/knox-0-7-0/user-guide.html
URL: http://svn.apache.org/viewvc/knox/site/books/knox-0-7-0/user-guide.html?rev=1716902&r1=1716901&r2=1716902&view=diff
==============================================================================
--- knox/site/books/knox-0-7-0/user-guide.html (original)
+++ knox/site/books/knox-0-7-0/user-guide.html Fri Nov 27 17:23:01 2015
@@ -1934,12 +1934,33 @@ APACHE_HOME/bin/apachectl -k stop
     </tr>
     <tr>
       <td>cors.supportedMethods</td>
-      <td>{method-list} defaults to &ldquo;GET, POST, HEAD, OPTIONS&rdquo;.
List of the supported HTTP methods. These are advertised through the Access-Control-Allow-Methods
header and must also be implemented by the actual CORS web service. Requests for methods not
included here will be refused by the CORS filter with an HTTP 405 &ldquo;Method not allowed&rdquo;
response.</td>
-      <td>&ldquo;GET, POST, HEAD, OPTIONS&rdquo;</td>
+      <td>{method-list} defaults to GET, POST, HEAD, OPTIONS. List of the supported
HTTP methods. These are advertised through the Access-Control-Allow-Methods header and must
also be implemented by the actual CORS web service. Requests for methods not included here
will be refused by the CORS filter with an HTTP 405 &ldquo;Method not allowed&rdquo;
response.</td>
+      <td>GET, POST, HEAD, OPTIONS</td>
     </tr>
     <tr>
-      <td>cors.supportedHeaders </td>
-      <td>{&quot;*&quot;|header-list} defaults to *. The names of the supported
author request headers. These are advertised through the Access-Control-Allow-Headers header.
If the configuration property value is set to * (asterisk) any author request header will
be allowed. The CORS Filter implements this by simply echoing the requested value back to
the browser. What is an author request header? This any custom header set by the browser JavaScript
application through the XMLHttpRequest.setRequestHeader() method.|&ldquo;*&rdquo;
cors.exposedHeaders | {header-list} defaults to empty list. List of the response headers other
than simple response headers that the browser should expose to the author of the cross-domain
request through the XMLHttpRequest.getResponseHeader() method. The CORS filter supplies this
information through the Access-Control-Expose-Headers header.| empty cors.supportsCredentials
| {true|false} defaults to true. Indicates whether user credentials, such as cookies,
  HTTP authentication or client-side certificates, are supported. The CORS filter uses this
value in constructing the Access-Control-Allow-Credentials header.|true cors.maxAge | {int}
defaults to -1 (unspecified). Indicates how long the results of a preflight request can be
cached by the web browser, in seconds. If -1 unspecified. This information is passed to the
browser via the Access-Control-Max-Age header.| -1 cors.tagRequests| {true|false} defaults
to false (no tagging). Enables HTTP servlet request tagging to provide CORS information to
downstream handlers (filters and/or servlets).| false</td>
+      <td>cors.supportedHeaders</td>
+      <td>{&ldquo;*&rdquo;|header-list} defaults to *. The names of the supported
author request headers. These are advertised through the Access-Control-Allow-Headers header.
If the configuration property value is set to * (asterisk) any author request header will
be allowed. The CORS Filter implements this by simply echoing the requested value back to
the browser.</td>
+      <td>*</td>
+    </tr>
+    <tr>
+      <td>cors.exposedHeaders </td>
+      <td>{header-list} defaults to empty list. List of the response headers other
than simple response headers that the browser should expose to the author of the cross-domain
request through the XMLHttpRequest.getResponseHeader() method. The CORS filter supplies this
information through the Access-Control-Expose-Headers header.</td>
+      <td>empty</td>
+    </tr>
+    <tr>
+      <td>cors.supportsCredentials </td>
+      <td>{true|false} defaults to true. Indicates whether user credentials, such as
cookies, HTTP authentication or client-side certificates, are supported. The CORS filter uses
this value in constructing the Access-Control-Allow-Credentials header.</td>
+      <td>true</td>
+    </tr>
+    <tr>
+      <td>cors.maxAge </td>
+      <td>{int} defaults to -1 (unspecified). Indicates how long the results of a preflight
request can be cached by the web browser, in seconds. If -1 unspecified. This information
is passed to the browser via the Access-Control-Max-Age header.</td>
+      <td>-1</td>
+    </tr>
+    <tr>
+      <td>cors.tagRequests</td>
+      <td>{true|false} defaults to false (no tagging). Enables HTTP servlet request
tagging to provide CORS information to downstream handlers (filters and/or servlets).</td>
+      <td>false</td>
     </tr>
   </tbody>
 </table><h3><a id="Preauthenticated+SSO+Provider">Preauthenticated SSO
Provider</a> <a href="#Preauthenticated+SSO+Provider"><img src="markbook-section-link.png"/></a></h3><p>A
number of SSO solutions provide mechanisms for federating an authenticated identity across
applications. These mechanisms are at times simple HTTP Header type tokens that can be used
to propagate the identity across process boundaries.</p><p>Knox Gateway needs
a pluggable mechanism for consuming these tokens and federating the asserted identity through
an interaction with the Hadoop cluster. </p><p><strong>CAUTION: The use
of this provider requires that proper network security and identity provider configuration
and deployment does not allow requests directly to the Knox gateway. Otherwise, this provider
will leave the gateway exposed to identity spoofing.</strong></p><h4><a
id="Configuration">Configuration</a> <a href="#Configuration"><img src="markbook-section-link.png"/></a></h4><h5><a
id="Overview">Overvi
 ew</a> <a href="#Overview"><img src="markbook-section-link.png"/></a></h5><p>This
provider was designed for use with identity solutions such as those provided by CA&rsquo;s
SiteMinder and IBM&rsquo;s Tivoli Access Manager. While direct testing with these products
has not been done, there has been extensive unit and functional testing that ensure that it
should work with such providers.</p><p>The HeaderPreAuth provider is configured
within the topology file and has a minimal configuration that assumes SM_USER for CA SiteMinder.
The following example is the bare minimum configuration for SiteMinder (with no IP address
validation).</p>

Modified: knox/trunk/books/0.7.0/config_webappsec_provider.md
URL: http://svn.apache.org/viewvc/knox/trunk/books/0.7.0/config_webappsec_provider.md?rev=1716902&r1=1716901&r2=1716902&view=diff
==============================================================================
--- knox/trunk/books/0.7.0/config_webappsec_provider.md (original)
+++ knox/trunk/books/0.7.0/config_webappsec_provider.md Fri Nov 27 17:23:01 2015
@@ -83,10 +83,10 @@ Name | Description | Default
 ---------|-----------
 cors.enabled|This param enables the CORS capabilities|false
 cors.allowGenericHttpRequests|{true\|false} defaults to true. If true generic HTTP requests
will be allowed to pass through the filter, else only valid and accepted CORS requests will
be allowed (strict CORS filtering).|true
-cors.allowOrigin|{"\*"\|origin-list} defaults to "\*". Whitespace-separated list of origins
that the CORS filter must allow. Requests from origins not included here will be refused with
an HTTP 403 "Forbidden" response. If set to * (asterisk) any origin will be allowed.|"\*"
+cors.allowOrigin|{"\*"\|origin-list} defaults to "\*". Whitespace-separated list of origins
that the CORS filter must allow. Requests from origins not included here will be refused with
an HTTP 403 "Forbidden" response. If set to \* (asterisk) any origin will be allowed.|"\*"
 cors.allowSubdomains|{true\|false} defaults to false. If true the CORS filter will allow
requests from any origin which is a subdomain origin of the allowed origins. A subdomain is
matched by comparing its scheme and suffix (host name / IP address and optional port number).|false
-cors.supportedMethods|{method-list} defaults to "GET, POST, HEAD, OPTIONS". List of the supported
HTTP methods. These are advertised through the Access-Control-Allow-Methods header and must
also be implemented by the actual CORS web service. Requests for methods not included here
will be refused by the CORS filter with an HTTP 405 "Method not allowed" response.| "GET,
POST, HEAD, OPTIONS"
-cors.supportedHeaders |{"*"\|header-list} defaults to *. The names of the supported author
request headers. These are advertised through the Access-Control-Allow-Headers header. If
the configuration property value is set to * (asterisk) any author request header will be
allowed. The CORS Filter implements this by simply echoing the requested value back to the
browser. What is an author request header? This any custom header set by the browser JavaScript
application through the XMLHttpRequest.setRequestHeader() method.|"\*"
+cors.supportedMethods|{method-list} defaults to GET, POST, HEAD, OPTIONS. List of the supported
HTTP methods. These are advertised through the Access-Control-Allow-Methods header and must
also be implemented by the actual CORS web service. Requests for methods not included here
will be refused by the CORS filter with an HTTP 405 "Method not allowed" response.| GET, POST,
HEAD, OPTIONS
+cors.supportedHeaders|{"\*"\|header-list} defaults to \*. The names of the supported author
request headers. These are advertised through the Access-Control-Allow-Headers header. If
the configuration property value is set to \* (asterisk) any author request header will be
allowed. The CORS Filter implements this by simply echoing the requested value back to the
browser.|\*
 cors.exposedHeaders | {header-list} defaults to empty list. List of the response headers
other than simple response headers that the browser should expose to the author of the cross-domain
request through the XMLHttpRequest.getResponseHeader() method. The CORS filter supplies this
information through the Access-Control-Expose-Headers header.| empty
 cors.supportsCredentials | {true\|false} defaults to true. Indicates whether user credentials,
such as cookies, HTTP authentication or client-side certificates, are supported. The CORS
filter uses this value in constructing the Access-Control-Allow-Credentials header.|true
 cors.maxAge | {int} defaults to -1 (unspecified). Indicates how long the results of a preflight
request can be cached by the web browser, in seconds. If -1 unspecified. This information
is passed to the browser via the Access-Control-Max-Age header.| -1



Mime
View raw message