You may find Sample 5 in my recent blog here helpful. http://kminder.github.io/knox/2015/11/18/knox-with... The only quick tip I can give you here without more information is that your authorization provider configuration should probably look like this. <provider> <role>authorization</role> <name>AclsAuthz</name> <enabled>true</enabled> <param name="WEBHBASE.acl" value="admin;*;*"/> </provider> For your custom services all you need to do is match the value before the ".acl" with the role of your custom service. This example may help clarify. <provider> <role>authorization</role> <name>AclsAuthz</name> <enabled>true</enabled> <param name="WEBHBASE.acl" value="admin;*;*"/> <param name="CUSTOM.acl" value="guest;*;*"/> </provider> Of course you can also use the Ranger authorization plugin and instead of this "AclsAuthz" plugin and define the policy in the Ranger policy UI. ... View more

Try: "jdbc:hive2://knoxserver.net:443/;ssl=false;transportMode=http;httpPath=knox/sandbox/hive", "username", "pwd" This assumes a few things that you should double check: You actually have SSL disabled in knox. Check ssl.enabled in gateway-site.xml. Otherwise use transportMode=https;sslTrustStore=<trustStoreFileName>;trustStorePassword=<trustStorePassword>. The <trustStoreFileName> and <trustStorePassword> need to be replaced with the real values from your system. This trust store needs to contain the public certificate used by the Knox server. You have gatway.path in gateway.site.xml set to knox. The default is gateway. Otherwise use httpPath=gateway/sandbox/hive Your topology file is named sandbox.xml. If for example you are using Ambari your topology file is probably named default.xml so you would use httpPath=knox/default/hive or gateway/default/hive as per #2. ... View more

This is definitely possible and encouraged. Have you taken a look at the Apache Knox Developer's Guide? I've also created a blog recently called Adding a service to Apache Knox that while not directly applicable to your use case, might answer some questions you didn't know you had. ... View more

These extensions are committed to the Apache Knox repo itself. They all use the config driven extension model so you need to look in the gateway-service-definitions module. In particular look in this directory. Now that you mention the openweathermap example, I need to update that to the new configuration based model at least as a comparison to the code based extension. The developers guide does briefly cover the config based extension. ... View more