Hi, On Fri, Jun 29, 2018 at 11:25 AM, Menaka Jayawardena <[email protected]> wrote:
> Hi, > > > *With reference to [RRT][APIM] Code Review - Sending Enduser information > to WS Backends and based on the offline discussion with Kevin.* > > *Initial Requirement:* When the JWT token generation is enabled in API > Manager, the jwt token should be sent to the Web socket backend. > > *Current Approach:* As the websocket communication happens as frames, we > could not add the jwt token into the frames. And also it is not a best > practice as it is a overhead for the message that is being sent. > So, the token will be attached as a header to the initial web socket > handshake. > > In the current implementation, we generate the jwt token and set as an > intermediate header from the api gateway. This header is then picked up > from the axis2 message context in the WebSocketTransportSender and attach > to the Gateway - WS-BackEnd handshake requst. > > But, as per this implementation, if the user needs to send another header, > the WebSocketTransportSender implementation should be changed to support > the new header. To avoid this, the implementation will be done in a generic > manner. > > *Solution:* > The headers that should be sent to the websocket backends, have to be sent > with a prefix. The format of would be <prefix>.<header> > So this means we are having two ways of handling JWT (normal method and WS specific method) scenarios? If so, we will need additional methods to cover this flow. Will there be a code/logic duplication due to this? > Ex: If we need to send the header X-JWT-Assertion to the backend, it > should be sent as *websocket.header.**X-JWT-Assertion*. > > In WebSocketTransportSender, it will get only the properties with the > *websocket.header.* prefix, extract the header string and attach them as > new headers to the Handshake request. > > Any comments, suggestions are highly appreciated. > > Thanks and Regards, > Menaka > > -- > > *Menaka Jayawardena* > Senior Software Engineer > WSO2 Inc. > > Phone : +94 71 350 5470 > LinkedIn : https://lk.linkedin.com/in/menakajayawardena > Blog : https://menakamadushanka.wordpress.com/ > > -- Chamin Dias Mobile : 0716097455 Email : [email protected] LinkedIn : https://www.linkedin.com/in/chamindias
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
