正如我在other问题中所讨论的,在Knox中不支持websockets身份验证,但作为临时解决方案,我们可以在后端服务中处理身份验证。然而,我们的测试显示,Knox不会将授权标头传递给后端。如何配置Knox使其将授权标头传递给后端服务?
[client]$ curl -i -u ':' https://knox-server/gateway/default/myservice/ping
# 8090 is our backend port
[knox-server]$ ngrep -W byline port 8090
interface: eth0
filter: (port 8090) and ((ip || ip6) || (vlan && (ip || ip6)))
#
T :59118 -> :8090 [AP]
GET /ping?doAs= HTTP/1.1.
X-Forwarded-For: .
X-Forwarded-Proto: https.
X-Forwarded-Port: 443.
X-Forwarded-Host: .
X-Forwarded-Server: .
X-Forwarded-Context: /gateway/default.
User-Agent: curl/7.54.0.
Accept: */*.
Host: :8090.
Connection: Keep-Alive.
Accept-Encoding: gzip,deflate.
.
#
T :8090 -> :59118 [AP]
HTTP/1.1 200 OK.
Date: Sat, 14 Oct 2017 14:27:58 GMT.
X-Application-Context: myservice:prod:8090.
Content-Type: text/plain;charset=utf-8.
Content-Length: 4.
.
PONG
我应该如何配置诺克斯(0.12.0从HDP 2.6.2),使它传递到websocket连接的后端的授权标头?
2017-10-14
tomek