THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
The initial topology file we will start with doesn’t integrate with ActiveDirectory at all. Instead , it uses a capability of Shiro to embed users directly within its configuration. This approach is largely taken to “shake out” the process of editing topology files for various purposes. At the same time it minimizes external dependencies to help ensure a successful starting point. Now, create this topology file.
...
...
<GATEWAY_HOME>/conf/topologies/sample1.xml
...
<topology>
<gateway>
<provider>
...
<role>authentication</role>
...
<name>ShiroProvider</name>
...
<enabled>true</enabled>
<param name="users.admin" value="admin-secret"/>
<param name="urls./**" value="authcBasic"/>
</provider>
</gateway>
<service>
...
<role>KNOX</role>
</service>
</topology>
If you are a seasoned Knox veteran, you may notice the alternative <param name=“” value=“”/> style syntax. Both this and <param><name></name><value></value></param> style are supported. I’ve used the attribute style here for compactness.
...
Below is an example response body output from the command above.
Note: The -i causes the return of the full response including status line and headers which aren’t shown below for brevity.
...
...
<?xml version="1.0" encoding="UTF-8"?>
<ServerVersion>
...
<version>0.7.0-...
SNAPSHOT</version>
...
<hash>9632b697060bfeffa2e03425451a3e9b3980c45e</hash>
</ServerVersion>...
As an aside, if you prefer JSON you can request that using the HTTP Accept header via the cURL -H flag.
Don’t forget to scroll right in these code boxes as some of these commands will start to get long.
...
...
| language | bash |
|---|
curl -u admin:admin-secret -H 'Accept: application/json' -ik 'https://localhost:8443/gateway/sample/api/v1/version'
Below is an example response JSON body for this command.
...
...
{
...
"ServerVersion" : {
"version" : "0.7.0-SNAPSHOT",
"hash" : "9632b697060bfeffa2e03425451a3e9b3980c45e"
}
}...
...
Sample 2
With authentication working, now add authorization since the real goal is an example with ActiveDirectory including both. The second sample topology file below adds a second user (guest) and an authorization provider. The <param name="knox.acl" value="admin;*;*"/> dictates that only the admin user can access the knox service. Go ahead and create this topology file. Notice the examples use a different name for each topology file so you can always refer back to the previous ones.
...