org.apache.knox.gateway.config

Interface GatewayConfig

public interface GatewayConfig

Field Summary

Fields

Modifier and Type	Field and Description
static String	CREDENTIAL_STORE_ALG
static String	CREDENTIAL_STORE_TYPE
static String	DEFAULT_CREDENTIAL_STORE_ALG
static String	DEFAULT_CREDENTIAL_STORE_TYPE
static String	DEFAULT_GATEWAY_KEYSTORE_NAME
static String	DEFAULT_GATEWAY_TRUSTSTORE_PASSWORD_ALIAS
static String	DEFAULT_GATEWAY_TRUSTSTORE_TYPE
static String	DEFAULT_HTTP_CLIENT_TRUSTSTORE_PASSWORD_ALIAS
static String	DEFAULT_HTTP_CLIENT_TRUSTSTORE_TYPE
static String	DEFAULT_IDENTITY_KEY_ALIAS
static String	DEFAULT_IDENTITY_KEY_PASSPHRASE_ALIAS
static String	DEFAULT_IDENTITY_KEYSTORE_PASSWORD_ALIAS
static String	DEFAULT_IDENTITY_KEYSTORE_TYPE
static String	DEFAULT_SIGNING_KEY_ALIAS
static String	DEFAULT_SIGNING_KEY_PASSPHRASE_ALIAS
static String	DEFAULT_SIGNING_KEYSTORE_PASSWORD_ALIAS
static String	DEFAULT_SIGNING_KEYSTORE_TYPE
static String	GATEWAY_CONF_HOME_VAR Deprecated. use KNOX_GATEWAY_CONF_DIR_VAR instead
static String	GATEWAY_CONFIG_ATTRIBUTE
static String	GATEWAY_DATA_HOME_VAR Deprecated. use KNOX_GATEWAY_DATA_DIR instead
static String	GATEWAY_HOME_VAR
static String	GATEWAY_TRUSTSTORE_PASSWORD_ALIAS
static String	GATEWAY_TRUSTSTORE_PATH
static String	GATEWAY_TRUSTSTORE_TYPE
static String	HADOOP_KERBEROS_SECURED
static String	HTTP_CLIENT_TRUSTSTORE_PASSWORD_ALIAS
static String	HTTP_CLIENT_TRUSTSTORE_PATH
static String	HTTP_CLIENT_TRUSTSTORE_TYPE
static String	IDENTITY_KEY_ALIAS
static String	IDENTITY_KEY_PASSPHRASE_ALIAS
static String	IDENTITY_KEYSTORE_PASSWORD_ALIAS
static String	IDENTITY_KEYSTORE_PATH
static String	IDENTITY_KEYSTORE_TYPE
static String	KNOX_GATEWAY_CONF_DIR_VAR
static String	KNOX_GATEWAY_DATA_DIR
static String	KRB5_CONFIG
static String	KRB5_DEBUG
static String	KRB5_LOGIN_CONFIG
static String	KRB5_USE_SUBJECT_CREDS_ONLY
static String	PROXYUSER_SERVICES_IGNORE_DOAS
static String	REMOTE_CONFIG_REGISTRY_ADDRESS
static String	REMOTE_CONFIG_REGISTRY_AUTH_TYPE
static String	REMOTE_CONFIG_REGISTRY_CREDENTIAL_ALIAS
static String	REMOTE_CONFIG_REGISTRY_KEYTAB
static String	REMOTE_CONFIG_REGISTRY_NAMESPACE
static String	REMOTE_CONFIG_REGISTRY_PRINCIPAL
static String	REMOTE_CONFIG_REGISTRY_TYPE
static String	REMOTE_CONFIG_REGISTRY_USE_KEYTAB
static String	REMOTE_CONFIG_REGISTRY_USE_TICKET_CACHE
static String	SIGNING_KEY_ALIAS
static String	SIGNING_KEY_PASSPHRASE_ALIAS
static String	SIGNING_KEYSTORE_NAME
static String	SIGNING_KEYSTORE_PASSWORD_ALIAS
static String	SIGNING_KEYSTORE_TYPE
static String	ZOOKEEPER_REMOTE_CONFIG_REGISTRY_BACKWARDS_COMPATIBLE

Method Summary

Modifier and Type	Method and Description
boolean	allowUnauthenticatedRemoteRegistryReadAccess() When new remote registry entries must be created, or new ACLs applied to existing entries, this method indicates whether unauthenticated connections should be given read access to those entries.
String	getAlgorithm() Configured Algorithm name to be used by the CryptoService and MasterService implementations
List<String>	getAutoDeployTopologyNames() Get the list of topology names that should be redeployed on restart.
long	getClouderaManagerAdvancedServiceDiscoveryConfigurationMonitoringInterval()
long	getClouderaManagerDescriptorsMonitoringInterval()
int	getClusterMonitorPollingInterval(String type)
String	getCredentialStoreAlgorithm()
String	getCredentialStoreType()
String	getDatabaseConnectionUrl()
String	getDatabaseHost()
String	getDatabaseName()
int	getDatabasePort()
String	getDatabaseSslTruststoreFileName()
String	getDatabaseType()
String	getDefaultAppRedirectPath()
String	getDefaultDiscoveryAddress() Determine the default address for discovering service endpoint details.
String	getDefaultDiscoveryCluster() Determine the default target cluster for discovering service endpoint details.
String	getDefaultTopologyName()
String	getDispatchWhitelist()
List<String>	getDispatchWhitelistServices() Get the set of service roles to which the dispatch whitelist will be applied.
String	getEphemeralDHKeySize()
List<String>	getExcludedSSLCiphers()
List<String>	getExcludedSSLProtocols()
String	getFederationHeaderName() Custom header name to be used to pass the authenticated principal via dispatch
String	getFrontendUrl()
InetSocketAddress	getGatewayAddress()
String	getGatewayApplicationsDir() The location of the gateway applications's root directory
String	getGatewayConfDir() The location of the gateway configuration.
String	getGatewayDataDir() The location of the gateway runtime generated data.
String	getGatewayDeploymentDir()
long	getGatewayDeploymentsBackupAgeLimit()
int	getGatewayDeploymentsBackupVersionLimit()
String	getGatewayDescriptorsDir()
String	getGatewayHost()
long	getGatewayIdleTimeout()
String	getGatewayKeystoreDir() Returns the path to the Gateway's keystore directory
String	getGatewayPath()
int	getGatewayPort()
Map<String,Integer>	getGatewayPortMappings() Map of Topology names and their ports.
String	getGatewayProvidersConfigDir()
String	getGatewaySecurityDir()
String	getGatewayServicesDir() The location of the gateway services definition's root directory
String	getGatewayTopologyDir()
String	getGlobalLogoutPageUrl()
List<String>	getGlobalRulesServices()
String	getGraphiteHost()
int	getGraphitePort()
int	getGraphiteReportingFrequency()
String	getHadoopConfDir()
String	getHeaderNameForRemoteAddress() Configured name of the HTTP Header that is expected to be set by a proxy in front of the gateway.
Set<String>	getHiddenTopologiesOnHomepage()
Map<String,Collection<String>>	getHomePageProfiles() Gets the home page profiles (pre-configured and user-defined profiles too).
int	getHttpClientConnectionTimeout()
int	getHttpClientMaxConnections()
int	getHttpClientSocketTimeout()
String	getHttpClientTruststorePasswordAlias() Returns the configured value for the alias name to use when to looking up the HTTP client's truststore password.
String	getHttpClientTruststorePath() Returns the configured value for the path to the truststore to be used by the HTTP client instance connecting to a service from the Gateway.
String	getHttpClientTruststoreType() Returns the configured value for the type of the truststore specified by getHttpClientTruststorePath().
int	getHttpServerRequestBuffer()
int	getHttpServerRequestHeaderBuffer()
int	getHttpServerResponseBuffer()
int	getHttpServerResponseHeaderBuffer()
String	getIdentityKeyAlias() Returns the configured value for the alias name to use when to looking up the Gateway's identity from the Gateway's identity keystore.
String	getIdentityKeyPassphraseAlias() Returns the configured value for the alias name to use when to looking up the Gateway's identity key's password.
String	getIdentityKeystorePasswordAlias() Returns the configured value for the alias name to use when to looking up the Gateway's identity keystore's password.
String	getIdentityKeystorePath() Returns the configured value for the path to the keystore holding the key and certificate for the Gateway's TLS identity.
String	getIdentityKeystoreType() Returns the configured value for the type of the keystore holding the Gateway's identity.
List<String>	getIncludedSSLCiphers()
String	getIterationCount() Configured IterationCount to be used by the CryptoService and MasterService implementations
String	getKerberosConfig()
String	getKerberosLoginConfig()
String	getKeyLength() Configured KeyLength to be used by the CryptoService and MasterService implementations
long	getKeystoreCacheEntryTimeToLiveInMinutes()
long	getKeystoreCacheSizeLimit()
String	getKeystoreType()
String	getKnoxAdminGroups() Get the comma separated list of group names that represent Knox Admin users
String	getKnoxAdminUsers() Get the comma separated list of user names that represent Knox Admin users
long	getKnoxTokenEvictionGracePeriod() Return the configured grace period (in seconds) after which an expired token should be evicted
long	getKnoxTokenEvictionInterval() Return the configured interval (in seconds) at which token eviction job should run
String	getKnoxTokenHashAlgorithm()
long	getKnoxTokenStateAliasPersistenceInterval() Return the configured token state alias persistence interval (in seconds).
int	getMaximumNumberOfTokensPerUser()
String	getPBEAlgorithm() Configured Algorithm name to be used by the CryptoService for password based encryption
Set<String>	getPinnedTopologiesOnHomepage()
List<String>	getReadOnlyOverrideTopologyNames() Get the list of those topology names which should be treated as read-only, regardless of their actual read-write status.
Map<String,String>	getRemoteAliasServiceConfiguration() Uses result of getRemoteAliasServiceConfigurationPrefix to return configurations
String	getRemoteAliasServiceConfigurationPrefix() Returns prefix for the remote alias service configuration
String	getRemoteConfigurationMonitorClientName()
String	getRemoteRegistryConfiguration(String name)
List<String>	getRemoteRegistryConfigurationNames()
String	getSaltSize() Configured SaltSize to be used by the CryptoService and MasterService implementations
String	getServiceParameter(String service, String parameter)
Set<String>	getServicesToIgnoreDoAs() Returns a set of service principal names that indicate which services to ignore doAs requests.
String	getSigningKeyAlias()
String	getSigningKeyPassphraseAlias() Returns the configured value for the alias name to use when to looking up the signing key's password.
String	getSigningKeystoreName()
String	getSigningKeystorePasswordAlias() Returns the configured value for the alias name to use when to looking up the Gateway's signing keystore's password.
String	getSigningKeystorePath() Returns the calculated value for the path to the keystore holding the key and certificate for the Gateway's signing key.
String	getSigningKeystoreType() Returns the configured value for the type of the keystore holding the Gateway's signing key.
int	getThreadPoolMax()
String	getTransformation() Configured Transformation name to be used by the CryptoService and MasterService implementations
boolean	getTrustAllCerts()
String	getTruststorePasswordAlias() Returns the configured value for the alias name to use when to looking up the Gateway's truststore password.
String	getTruststorePath()
String	getTruststoreType()
int	getWebsocketAsyncWriteTimeout() Websocket connection async write timeout.
int	getWebsocketIdleTimeout() Websocket connection idle timeout.
int	getWebsocketInputBufferSize() Websocket connection input buffer size.
int	getWebsocketMaxBinaryMessageBufferSize() Websocket connection max binary message buffer size.
int	getWebsocketMaxBinaryMessageSize() Websocket connection max binary message size.
int	getWebsocketMaxTextMessageBufferSize() Websocket connection max text message buffer size.
int	getWebsocketMaxTextMessageSize() Websocket connection max text message size.
int	getWebsocketMaxWaitBufferCount() Max count of messages that can be temporarily buffered in memory before a connection is properly setup.
List<String>	getXForwardContextAppendServices() Returns a list of services that need service name appended to X-Forward-Context header as a result of which the new header would look /{gateway}/{sandbox}/{serviceName}
boolean	homePageLogoutEnabled()
boolean	isClientAuthNeeded()
boolean	isClientAuthWanted()
boolean	isClusterMonitorEnabled(String type)
boolean	isCookieScopingToPathEnabled() Enable cookie scoping to gateway path
boolean	isDatabaseSslEnabled()
boolean	isGatewayPortMappingEnabled() Is the Port Mapping feature on
boolean	isGatewayServerHeaderEnabled() Is the Server header suppressed
boolean	isGatewayServerIncomingXForwardedSupportEnabled() Indicates whether the embedded Jetty Server support for X-Forwarded Headers should be enabled.
boolean	isGraphiteMetricsReportingEnabled()
boolean	isHadoopKerberosSecured()
boolean	isJmxMetricsReportingEnabled()
boolean	isKerberosDebugEnabled()
boolean	isKnoxTokenPermissiveValidationEnabled()
boolean	isMetricsEnabled()
boolean	isRemoteAliasServiceEnabled() Returns whether the Remote Alias Service is enabled or not.
boolean	isServerManagedTokenStateEnabled()
boolean	isSSLEnabled()
boolean	isTopologyValidationEnabled() Returns true when strict topology validation is enabled, in which case if topology validation fails Knox will throw a runtime exception.
boolean	isWebsocketEnabled() Returns true if websocket feature enabled else false.
boolean	isXForwardedEnabled()
boolean	verifyDatabaseSslServerCertificate()

Field Detail

GATEWAY_HOME_VAR

static final String GATEWAY_HOME_VAR

See Also:

Constant Field Values

GATEWAY_CONF_HOME_VAR

@Deprecated
static final String GATEWAY_CONF_HOME_VAR

Deprecated. use KNOX_GATEWAY_CONF_DIR_VAR instead

Variable name for the location of configuration files edited by users

See Also:

Constant Field Values

KNOX_GATEWAY_CONF_DIR_VAR

static final String KNOX_GATEWAY_CONF_DIR_VAR

See Also:

Constant Field Values

GATEWAY_DATA_HOME_VAR

@Deprecated
static final String GATEWAY_DATA_HOME_VAR

Deprecated. use KNOX_GATEWAY_DATA_DIR instead

Variable name for the location of data files generated by the gateway at runtime.

See Also:

Constant Field Values

KNOX_GATEWAY_DATA_DIR

static final String KNOX_GATEWAY_DATA_DIR

See Also:

Constant Field Values

GATEWAY_CONFIG_ATTRIBUTE

static final String GATEWAY_CONFIG_ATTRIBUTE

See Also:

Constant Field Values

HADOOP_KERBEROS_SECURED

static final String HADOOP_KERBEROS_SECURED

See Also:

Constant Field Values

KRB5_CONFIG

static final String KRB5_CONFIG

See Also:

Constant Field Values

KRB5_DEBUG

static final String KRB5_DEBUG

See Also:

Constant Field Values

KRB5_LOGIN_CONFIG

static final String KRB5_LOGIN_CONFIG

See Also:

Constant Field Values

KRB5_USE_SUBJECT_CREDS_ONLY

static final String KRB5_USE_SUBJECT_CREDS_ONLY

See Also:

Constant Field Values

IDENTITY_KEYSTORE_PASSWORD_ALIAS

static final String IDENTITY_KEYSTORE_PASSWORD_ALIAS

See Also:

Constant Field Values

IDENTITY_KEYSTORE_PATH

static final String IDENTITY_KEYSTORE_PATH

See Also:

Constant Field Values

IDENTITY_KEYSTORE_TYPE

static final String IDENTITY_KEYSTORE_TYPE

See Also:

Constant Field Values

IDENTITY_KEY_ALIAS

static final String IDENTITY_KEY_ALIAS

See Also:

Constant Field Values

IDENTITY_KEY_PASSPHRASE_ALIAS

static final String IDENTITY_KEY_PASSPHRASE_ALIAS

See Also:

Constant Field Values

DEFAULT_IDENTITY_KEYSTORE_TYPE

static final String DEFAULT_IDENTITY_KEYSTORE_TYPE

DEFAULT_IDENTITY_KEYSTORE_PASSWORD_ALIAS

static final String DEFAULT_IDENTITY_KEYSTORE_PASSWORD_ALIAS

See Also:

Constant Field Values

DEFAULT_IDENTITY_KEY_ALIAS

static final String DEFAULT_IDENTITY_KEY_ALIAS

See Also:

Constant Field Values

DEFAULT_IDENTITY_KEY_PASSPHRASE_ALIAS

static final String DEFAULT_IDENTITY_KEY_PASSPHRASE_ALIAS

See Also:

Constant Field Values

DEFAULT_GATEWAY_KEYSTORE_NAME

static final String DEFAULT_GATEWAY_KEYSTORE_NAME

See Also:

Constant Field Values

SIGNING_KEYSTORE_NAME

static final String SIGNING_KEYSTORE_NAME

See Also:

Constant Field Values

SIGNING_KEYSTORE_PASSWORD_ALIAS

static final String SIGNING_KEYSTORE_PASSWORD_ALIAS

See Also:

Constant Field Values

SIGNING_KEYSTORE_TYPE

static final String SIGNING_KEYSTORE_TYPE

See Also:

Constant Field Values

SIGNING_KEY_ALIAS

static final String SIGNING_KEY_ALIAS

See Also:

Constant Field Values

SIGNING_KEY_PASSPHRASE_ALIAS

static final String SIGNING_KEY_PASSPHRASE_ALIAS

See Also:

Constant Field Values

DEFAULT_SIGNING_KEYSTORE_PASSWORD_ALIAS

static final String DEFAULT_SIGNING_KEYSTORE_PASSWORD_ALIAS

See Also:

Constant Field Values

DEFAULT_SIGNING_KEYSTORE_TYPE

static final String DEFAULT_SIGNING_KEYSTORE_TYPE

DEFAULT_SIGNING_KEY_ALIAS

static final String DEFAULT_SIGNING_KEY_ALIAS

See Also:

Constant Field Values

DEFAULT_SIGNING_KEY_PASSPHRASE_ALIAS

static final String DEFAULT_SIGNING_KEY_PASSPHRASE_ALIAS

See Also:

Constant Field Values

GATEWAY_TRUSTSTORE_PASSWORD_ALIAS

static final String GATEWAY_TRUSTSTORE_PASSWORD_ALIAS

See Also:

Constant Field Values

GATEWAY_TRUSTSTORE_PATH

static final String GATEWAY_TRUSTSTORE_PATH

See Also:

Constant Field Values

GATEWAY_TRUSTSTORE_TYPE

static final String GATEWAY_TRUSTSTORE_TYPE

See Also:

Constant Field Values

DEFAULT_GATEWAY_TRUSTSTORE_TYPE

static final String DEFAULT_GATEWAY_TRUSTSTORE_TYPE

DEFAULT_GATEWAY_TRUSTSTORE_PASSWORD_ALIAS

static final String DEFAULT_GATEWAY_TRUSTSTORE_PASSWORD_ALIAS

See Also:

Constant Field Values

HTTP_CLIENT_TRUSTSTORE_PASSWORD_ALIAS

static final String HTTP_CLIENT_TRUSTSTORE_PASSWORD_ALIAS

See Also:

Constant Field Values

HTTP_CLIENT_TRUSTSTORE_PATH

static final String HTTP_CLIENT_TRUSTSTORE_PATH

See Also:

Constant Field Values

HTTP_CLIENT_TRUSTSTORE_TYPE

static final String HTTP_CLIENT_TRUSTSTORE_TYPE

See Also:

Constant Field Values

DEFAULT_HTTP_CLIENT_TRUSTSTORE_TYPE

static final String DEFAULT_HTTP_CLIENT_TRUSTSTORE_TYPE

DEFAULT_HTTP_CLIENT_TRUSTSTORE_PASSWORD_ALIAS

static final String DEFAULT_HTTP_CLIENT_TRUSTSTORE_PASSWORD_ALIAS

See Also:

Constant Field Values

CREDENTIAL_STORE_ALG

static final String CREDENTIAL_STORE_ALG

See Also:

Constant Field Values

DEFAULT_CREDENTIAL_STORE_ALG

static final String DEFAULT_CREDENTIAL_STORE_ALG

See Also:

Constant Field Values

CREDENTIAL_STORE_TYPE

static final String CREDENTIAL_STORE_TYPE

See Also:

Constant Field Values

DEFAULT_CREDENTIAL_STORE_TYPE

static final String DEFAULT_CREDENTIAL_STORE_TYPE

See Also:

Constant Field Values

REMOTE_CONFIG_REGISTRY_TYPE

static final String REMOTE_CONFIG_REGISTRY_TYPE

See Also:

Constant Field Values

REMOTE_CONFIG_REGISTRY_ADDRESS

static final String REMOTE_CONFIG_REGISTRY_ADDRESS

See Also:

Constant Field Values

REMOTE_CONFIG_REGISTRY_NAMESPACE

static final String REMOTE_CONFIG_REGISTRY_NAMESPACE

See Also:

Constant Field Values

REMOTE_CONFIG_REGISTRY_AUTH_TYPE

static final String REMOTE_CONFIG_REGISTRY_AUTH_TYPE

See Also:

Constant Field Values

REMOTE_CONFIG_REGISTRY_PRINCIPAL

static final String REMOTE_CONFIG_REGISTRY_PRINCIPAL

See Also:

Constant Field Values

REMOTE_CONFIG_REGISTRY_CREDENTIAL_ALIAS

static final String REMOTE_CONFIG_REGISTRY_CREDENTIAL_ALIAS

See Also:

Constant Field Values

REMOTE_CONFIG_REGISTRY_KEYTAB

static final String REMOTE_CONFIG_REGISTRY_KEYTAB

See Also:

Constant Field Values

REMOTE_CONFIG_REGISTRY_USE_KEYTAB

static final String REMOTE_CONFIG_REGISTRY_USE_KEYTAB

See Also:

Constant Field Values

REMOTE_CONFIG_REGISTRY_USE_TICKET_CACHE

static final String REMOTE_CONFIG_REGISTRY_USE_TICKET_CACHE

See Also:

Constant Field Values

ZOOKEEPER_REMOTE_CONFIG_REGISTRY_BACKWARDS_COMPATIBLE

static final String ZOOKEEPER_REMOTE_CONFIG_REGISTRY_BACKWARDS_COMPATIBLE

See Also:

Constant Field Values

PROXYUSER_SERVICES_IGNORE_DOAS

static final String PROXYUSER_SERVICES_IGNORE_DOAS

See Also:

Constant Field Values

Method Detail

getGatewayConfDir

String getGatewayConfDir()

The location of the gateway configuration. Subdirectories will be: topologies

Returns:

The location of the gateway configuration.

getGatewayDataDir

String getGatewayDataDir()

The location of the gateway runtime generated data. Subdirectories will be security, deployments

Returns:

The location of the gateway runtime generated data.

getGatewayServicesDir

String getGatewayServicesDir()

The location of the gateway services definition's root directory

Returns:

The location of the gateway services top level directory.

getGatewayApplicationsDir

String getGatewayApplicationsDir()

The location of the gateway applications's root directory

Returns:

The location of the gateway applications top level directory.

getHadoopConfDir

String getHadoopConfDir()

getGatewayHost

String getGatewayHost()

getGatewayPort

int getGatewayPort()

getGatewayPath

String getGatewayPath()

getGatewayProvidersConfigDir

String getGatewayProvidersConfigDir()

getGatewayDescriptorsDir

String getGatewayDescriptorsDir()

getGatewayTopologyDir

String getGatewayTopologyDir()

getGatewaySecurityDir

String getGatewaySecurityDir()

getGatewayKeystoreDir

String getGatewayKeystoreDir()

Returns the path to the Gateway's keystore directory

This path is generally calculated to be a subdirectory named "keystores" under the configured "security" directory. However, it may be possible for it to be configured as something else.

Returns:

the path to the Gateway's keystore directory

getGatewayDeploymentDir

String getGatewayDeploymentDir()

getGatewayAddress

InetSocketAddress getGatewayAddress()
                             throws UnknownHostException

Throws:

UnknownHostException

isSSLEnabled

boolean isSSLEnabled()

getExcludedSSLProtocols

List<String> getExcludedSSLProtocols()

getIncludedSSLCiphers

List<String> getIncludedSSLCiphers()

getExcludedSSLCiphers

List<String> getExcludedSSLCiphers()

isHadoopKerberosSecured

boolean isHadoopKerberosSecured()

getKerberosConfig

String getKerberosConfig()

isKerberosDebugEnabled

boolean isKerberosDebugEnabled()

getKerberosLoginConfig

String getKerberosLoginConfig()

getDefaultTopologyName

String getDefaultTopologyName()

getDefaultAppRedirectPath

String getDefaultAppRedirectPath()

getFrontendUrl

String getFrontendUrl()

isClientAuthNeeded

boolean isClientAuthNeeded()

isClientAuthWanted

boolean isClientAuthWanted()

getTruststorePath

String getTruststorePath()

getTrustAllCerts

boolean getTrustAllCerts()

getKeystoreType

String getKeystoreType()

getTruststoreType

String getTruststoreType()

getTruststorePasswordAlias

String getTruststorePasswordAlias()

Returns the configured value for the alias name to use when to looking up the Gateway's truststore password.

Returns:

an alias name

isXForwardedEnabled

boolean isXForwardedEnabled()

getEphemeralDHKeySize

String getEphemeralDHKeySize()

getHttpClientMaxConnections

int getHttpClientMaxConnections()

getHttpClientConnectionTimeout

int getHttpClientConnectionTimeout()

getHttpClientSocketTimeout

int getHttpClientSocketTimeout()

getHttpClientTruststorePath

String getHttpClientTruststorePath()

Returns the configured value for the path to the truststore to be used by the HTTP client instance connecting to a service from the Gateway.

Returns:

a path to the trust file; or null if not set

getHttpClientTruststoreType

String getHttpClientTruststoreType()

Returns the configured value for the type of the truststore specified by getHttpClientTruststorePath().

Returns:

a truststore type

getHttpClientTruststorePasswordAlias

String getHttpClientTruststorePasswordAlias()

Returns the configured value for the alias name to use when to looking up the HTTP client's truststore password.

Returns:

an alias name

getCredentialStoreAlgorithm

String getCredentialStoreAlgorithm()

Returns:

the algorithm that is used when creating a SecretKey when adding an alias into a credential store

getCredentialStoreType

String getCredentialStoreType()

Returns:

the type of the credential store used by AliasService

getThreadPoolMax

int getThreadPoolMax()

getHttpServerRequestBuffer

int getHttpServerRequestBuffer()

getHttpServerRequestHeaderBuffer

int getHttpServerRequestHeaderBuffer()

getHttpServerResponseBuffer

int getHttpServerResponseBuffer()

getHttpServerResponseHeaderBuffer

int getHttpServerResponseHeaderBuffer()

getGatewayDeploymentsBackupVersionLimit

int getGatewayDeploymentsBackupVersionLimit()

getGatewayDeploymentsBackupAgeLimit

long getGatewayDeploymentsBackupAgeLimit()

getGatewayIdleTimeout

long getGatewayIdleTimeout()

getIdentityKeystorePath

String getIdentityKeystorePath()

Returns the configured value for the path to the keystore holding the key and certificate for the Gateway's TLS identity.

Returns:

a path to the keystore file; or null if not set

getIdentityKeystoreType

String getIdentityKeystoreType()

Returns the configured value for the type of the keystore holding the Gateway's identity.

Returns:

a keystore type

getIdentityKeystorePasswordAlias

String getIdentityKeystorePasswordAlias()

Returns the configured value for the alias name to use when to looking up the Gateway's identity keystore's password.

Returns:

an alias name

getIdentityKeyAlias

String getIdentityKeyAlias()

Returns the configured value for the alias name to use when to looking up the Gateway's identity from the Gateway's identity keystore.

Returns:

an alias name

getIdentityKeyPassphraseAlias

String getIdentityKeyPassphraseAlias()

Returns the configured value for the alias name to use when to looking up the Gateway's identity key's password.

Returns:

an alias name

getSigningKeystoreName

String getSigningKeystoreName()

getSigningKeystorePath

String getSigningKeystorePath()

Returns the calculated value for the path to the keystore holding the key and certificate for the Gateway's signing key.

Returns:

a path to the keystore file; or null if not set

getSigningKeystoreType

String getSigningKeystoreType()

Returns the configured value for the type of the keystore holding the Gateway's signing key.

Returns:

a keystore type

getSigningKeyAlias

String getSigningKeyAlias()

getSigningKeystorePasswordAlias

String getSigningKeystorePasswordAlias()

Returns the configured value for the alias name to use when to looking up the Gateway's signing keystore's password.

Returns:

an alias name

getSigningKeyPassphraseAlias

String getSigningKeyPassphraseAlias()

Returns the configured value for the alias name to use when to looking up the signing key's password.

Returns:

an alias name

getGlobalRulesServices

List<String> getGlobalRulesServices()

isWebsocketEnabled

boolean isWebsocketEnabled()

Returns true if websocket feature enabled else false. Default is false.

Returns:

true if websocket feature is enabled

Since:

0.10

getWebsocketMaxTextMessageSize

int getWebsocketMaxTextMessageSize()

Websocket connection max text message size.

Returns:

max text message size

Since:

0.10

getWebsocketMaxBinaryMessageSize

int getWebsocketMaxBinaryMessageSize()

Websocket connection max binary message size.

Returns:

max binary message size

Since:

0.10

getWebsocketMaxTextMessageBufferSize

int getWebsocketMaxTextMessageBufferSize()

Websocket connection max text message buffer size.

Returns:

buffer size

Since:

0.10

getWebsocketMaxBinaryMessageBufferSize

int getWebsocketMaxBinaryMessageBufferSize()

Websocket connection max binary message buffer size.

Returns:

buffer size

Since:

0.10

getWebsocketInputBufferSize

int getWebsocketInputBufferSize()

Websocket connection input buffer size.

Returns:

buffer size

Since:

0.10

getWebsocketAsyncWriteTimeout

int getWebsocketAsyncWriteTimeout()

Websocket connection async write timeout.

Returns:

timeout

Since:

0.10

getWebsocketIdleTimeout

int getWebsocketIdleTimeout()

Websocket connection idle timeout.

Returns:

timeout

Since:

0.10

getWebsocketMaxWaitBufferCount

int getWebsocketMaxWaitBufferCount()

Max count of messages that can be temporarily buffered in memory before a connection is properly setup.

Returns:

buffer size

Since:

0.10

isMetricsEnabled

boolean isMetricsEnabled()

isJmxMetricsReportingEnabled

boolean isJmxMetricsReportingEnabled()

isGraphiteMetricsReportingEnabled

boolean isGraphiteMetricsReportingEnabled()

getGraphiteHost

String getGraphiteHost()

getGraphitePort

int getGraphitePort()

getGraphiteReportingFrequency

int getGraphiteReportingFrequency()

isCookieScopingToPathEnabled

boolean isCookieScopingToPathEnabled()

Enable cookie scoping to gateway path

Returns:

true if cookie scoping to path is enabled

Since:

0.13

getHeaderNameForRemoteAddress

String getHeaderNameForRemoteAddress()

Configured name of the HTTP Header that is expected to be set by a proxy in front of the gateway.

Returns:

header name

getAlgorithm

String getAlgorithm()

Configured Algorithm name to be used by the CryptoService and MasterService implementations

Returns:

algorithm

getPBEAlgorithm

String getPBEAlgorithm()

Configured Algorithm name to be used by the CryptoService for password based encryption

Returns:

algorithm

getTransformation

String getTransformation()

Configured Transformation name to be used by the CryptoService and MasterService implementations

Returns:

transformation name

getSaltSize

String getSaltSize()

Configured SaltSize to be used by the CryptoService and MasterService implementations

Returns:

salt size

getIterationCount

String getIterationCount()

Configured IterationCount to be used by the CryptoService and MasterService implementations

Returns:

iteration count

getKeyLength

String getKeyLength()

Configured KeyLength to be used by the CryptoService and MasterService implementations

Returns:

key length

getGatewayPortMappings

Map<String,Integer> getGatewayPortMappings()

Map of Topology names and their ports.

Returns:

Map of Topology names and their ports.

isGatewayPortMappingEnabled

boolean isGatewayPortMappingEnabled()

Is the Port Mapping feature on

Returns:

true if port mapping enabled

isGatewayServerHeaderEnabled

boolean isGatewayServerHeaderEnabled()

Is the Server header suppressed

Returns:

turn if server header enabled

getDefaultDiscoveryAddress

String getDefaultDiscoveryAddress()

Determine the default address for discovering service endpoint details.

Returns:

A valid discovery source address, or null (because this property is optional).

getDefaultDiscoveryCluster

String getDefaultDiscoveryCluster()

Determine the default target cluster for discovering service endpoint details.

Returns:

A valid cluster name, or null (because this property is optional).

getClusterMonitorPollingInterval

int getClusterMonitorPollingInterval(String type)

Parameters:

type - The type of cluster configuration monitor for which the interval should be returned.

Returns:

The polling interval configuration value, or -1 if it has not been configured.

isClusterMonitorEnabled

boolean isClusterMonitorEnabled(String type)

Parameters:

type - The type of cluster configuration monitor for which the interval should be returned.

Returns:

The enabled status of the specified type of cluster configuration monitor.

getRemoteRegistryConfigurationNames

List<String> getRemoteRegistryConfigurationNames()

Returns:

The list of the names of any remote registry configurations defined herein.

getRemoteRegistryConfiguration

String getRemoteRegistryConfiguration(String name)

Parameters:

name - The name of the remote registry configuration

Returns:

The configuration associated with the specified name.

getRemoteConfigurationMonitorClientName

String getRemoteConfigurationMonitorClientName()

Returns:

The name of a remote configuration registry client

allowUnauthenticatedRemoteRegistryReadAccess

boolean allowUnauthenticatedRemoteRegistryReadAccess()

When new remote registry entries must be created, or new ACLs applied to existing entries, this method indicates whether unauthenticated connections should be given read access to those entries.

Returns:

true, if unauthenticated clients should be allowed to access remote registry entries.

isRemoteAliasServiceEnabled

boolean isRemoteAliasServiceEnabled()

Returns whether the Remote Alias Service is enabled or not. This value also depends on whether the remote configuration registry is enabled or not. If it is enabled, then this option takes effect, else this option has no effect.

Returns:

true, if the remote alias service is enabled; otherwise, false;

getRemoteAliasServiceConfigurationPrefix

String getRemoteAliasServiceConfigurationPrefix()

Returns prefix for the remote alias service configuration

Returns:

the prefix for the remote alias service configuration

getRemoteAliasServiceConfiguration

Map<String,String> getRemoteAliasServiceConfiguration()

Uses result of getRemoteAliasServiceConfigurationPrefix to return configurations

Returns:

Map of configurations that apply to the remote alias service

getReadOnlyOverrideTopologyNames

List<String> getReadOnlyOverrideTopologyNames()

Get the list of those topology names which should be treated as read-only, regardless of their actual read-write status.

Returns:

A list of the names of those topologies which should be treated as read-only.

getKnoxAdminGroups

String getKnoxAdminGroups()

Get the comma separated list of group names that represent Knox Admin users

Returns:

comma separate list of admin group names

getKnoxAdminUsers

String getKnoxAdminUsers()

Get the comma separated list of user names that represent Knox Admin users

Returns:

comma separated list of admin user names

getFederationHeaderName

String getFederationHeaderName()

Custom header name to be used to pass the authenticated principal via dispatch

Returns:

federation header

Since:

1.1.0

getAutoDeployTopologyNames

List<String> getAutoDeployTopologyNames()

Get the list of topology names that should be redeployed on restart. manager and admin are default topologies as they may depend on gateway-site.xml configuration for deployment time config.

Returns:

list of topology names

getDispatchWhitelist

String getDispatchWhitelist()

getDispatchWhitelistServices

List<String> getDispatchWhitelistServices()

Get the set of service roles to which the dispatch whitelist will be applied.

Returns:

The service roles, or an empty list if none are configured.

isTopologyValidationEnabled

boolean isTopologyValidationEnabled()

Returns true when strict topology validation is enabled, in which case if topology validation fails Knox will throw a runtime exception. If false and topology validation fails Knox will log an ERROR and move on.

Returns:

true if topology validation enabled

Since:

1.1.0

getXForwardContextAppendServices

List<String> getXForwardContextAppendServices()

Returns a list of services that need service name appended to X-Forward-Context header as a result of which the new header would look /{gateway}/{sandbox}/{serviceName}

Returns:

List of service names for which service name needs to be appended to X-Forward-Context header, can be empty list.

Since:

1.3.0

getServicesToIgnoreDoAs

Set<String> getServicesToIgnoreDoAs()

Returns a set of service principal names that indicate which services to ignore doAs requests.

If a service in the returned set sends a Kerberos-authenticated request to the Gateway, the doAs query parameter is to be ignored; thus leaving the authenticated user details intact.

If the (authenticated) service is not authorized to set the specified proxy user (see information related to hadoop.proxyuser.... properties) an error will not be returned since the request to impersonate users is to be ignored.

Returns:

a set of service principal names that indicate which services to ignore doAs request

getClouderaManagerDescriptorsMonitoringInterval

long getClouderaManagerDescriptorsMonitoringInterval()

Returns:

the monitoring interval (in milliseconds) of Cloudera Manager descriptors

getClouderaManagerAdvancedServiceDiscoveryConfigurationMonitoringInterval

long getClouderaManagerAdvancedServiceDiscoveryConfigurationMonitoringInterval()

Returns:

the monitoring interval (in milliseconds) of Cloudera Manager advanced service discovery configuration

isServerManagedTokenStateEnabled

boolean isServerManagedTokenStateEnabled()

Returns:

true, if state for tokens issued by the Knox Token service should be managed by Knox.

getKnoxTokenEvictionInterval

long getKnoxTokenEvictionInterval()

Return the configured interval (in seconds) at which token eviction job should run

Returns:

eviction job run interval in seconds

getKnoxTokenEvictionGracePeriod

long getKnoxTokenEvictionGracePeriod()

Return the configured grace period (in seconds) after which an expired token should be evicted

Returns:

eviction grace period in seconds

getKnoxTokenStateAliasPersistenceInterval

long getKnoxTokenStateAliasPersistenceInterval()

Return the configured token state alias persistence interval (in seconds).

Returns:

Token state alias persistence interval in seconds.

getKnoxTokenHashAlgorithm

String getKnoxTokenHashAlgorithm()

Returns:

the HMAC algorithm name to be used to sign generated Knox Token content (e.g. the token.id claim)

getMaximumNumberOfTokensPerUser

int getMaximumNumberOfTokensPerUser()

Returns:

the maximum number of tokens a user can manage at the same time. -1 means that users are allowed to create/manage as many tokens as they want. This configuration only applies when server-managed token state is enabled either in gateway-site or at the topology level.

getHiddenTopologiesOnHomepage

Set<String> getHiddenTopologiesOnHomepage()

Returns:

the list of topologies that should be hidden on Knox homepage

getPinnedTopologiesOnHomepage

Set<String> getPinnedTopologiesOnHomepage()

Returns:

the list of pinned topologies on Knox homepage

isKnoxTokenPermissiveValidationEnabled

boolean isKnoxTokenPermissiveValidationEnabled()

Returns:

returns whether know token permissive validation is enabled

getServiceParameter

String getServiceParameter(String service,
                           String parameter)

Parameters:

service - Service to get the parameter for.

parameter - Parameter key to get the value for.

Returns:

the value of the given parameter for the given service if declared; an empty String otherwise

homePageLogoutEnabled

boolean homePageLogoutEnabled()

Returns:

the whether logout from the knox home page is enabled or not

getGlobalLogoutPageUrl

String getGlobalLogoutPageUrl()

Returns:

the Global Logout Page for Federated IDPs

getKeystoreCacheSizeLimit

long getKeystoreCacheSizeLimit()

Returns:

the maximum number of cache entries where keystore entries are stored

getKeystoreCacheEntryTimeToLiveInMinutes

long getKeystoreCacheEntryTimeToLiveInMinutes()

Returns:

the time - in minutes - an entry should be live (i.e. must not expire) in keystore cache

isGatewayServerIncomingXForwardedSupportEnabled

boolean isGatewayServerIncomingXForwardedSupportEnabled()

Indicates whether the embedded Jetty Server support for X-Forwarded Headers should be enabled.

Returns:

true if incoming X-Forwarded headers are enabled

getHomePageProfiles

Map<String,Collection<String>> getHomePageProfiles()

Gets the home page profiles (pre-configured and user-defined profiles too). It's important that keys in the returned map are converted to lowercase strings.

getDatabaseType

String getDatabaseType()

getDatabaseConnectionUrl

String getDatabaseConnectionUrl()

getDatabaseHost

String getDatabaseHost()

getDatabasePort

int getDatabasePort()

getDatabaseName

String getDatabaseName()

isDatabaseSslEnabled

boolean isDatabaseSslEnabled()

verifyDatabaseSslServerCertificate

boolean verifyDatabaseSslServerCertificate()

getDatabaseSslTruststoreFileName

String getDatabaseSslTruststoreFileName()