On Fri, Jun 29, 2018 at 11:25 AM Menaka Jayawardena <[email protected]> wrote:
> Hi, > > > *With reference to [RRT][APIM] Code Review - Sending Enduser information > to WS Backends and based on the offline discussion with Kevin.* > > *Initial Requirement:* When the JWT token generation is enabled in API > Manager, the jwt token should be sent to the Web socket backend. > > *Current Approach:* As the websocket communication happens as frames, we > could not add the jwt token into the frames. And also it is not a best > practice as it is a overhead for the message that is being sent. > So, the token will be attached as a header to the initial web socket > handshake. > > In the current implementation, we generate the jwt token and set as an > intermediate header from the api gateway. This header is then picked up > from the axis2 message context in the WebSocketTransportSender and attach > to the Gateway - WS-BackEnd handshake requst. > > But, as per this implementation, if the user needs to send another header, > the WebSocketTransportSender implementation should be changed to support > the new header. To avoid this, the implementation will be done in a generic > manner. > > *Solution:* > The headers that should be sent to the websocket backends, have to be sent > with a prefix. The format of would be <prefix>.<header> > > Ex: If we need to send the header X-JWT-Assertion to the backend, it > should be sent as *websocket.header.**X-JWT-Assertion*. > > In WebSocketTransportSender, it will get only the properties with the > *websocket.header.* prefix, extract the header string and attach them as > new headers to the Handshake request. > In WS APIs, when user send a Header, isn't it going to back-end by default? Why we need special prefix as we removed it in the outflow? > > Any comments, suggestions are highly appreciated. > > Thanks and Regards, > Menaka > > -- > > *Menaka Jayawardena* > Senior Software Engineer > WSO2 Inc. > > Phone : +94 71 350 5470 > LinkedIn : https://lk.linkedin.com/in/menakajayawardena > Blog : https://menakamadushanka.wordpress.com/ > > -- Harsha Kumara Associate Technical Lead, WSO2 Inc. Mobile: +94775505618 Blog:harshcreationz.blogspot.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
