On Fri, Jun 29, 2018 at 8:10 PM Menaka Jayawardena <[email protected]> wrote:
> Hi Harsha, Chamin, > > Please find my answers inline. > > So this means we are having two ways of handling JWT (normal method and >> WS specific method) scenarios? If so, we will need additional methods to >> cover this flow. Will there be a code/logic duplication due to this? >> > > No. In this implementation, the same JWT token generation method is used. > The default ws token validation method is modified to generate the jwt > token. > > > https://github.com/wso2/carbon-apimgt/pull/5519/commits/decc193eddecbaccc8eccc22075d2d9876821480 > > In WS APIs, when user send a Header, isn't it going to back-end by >> default? Why we need special prefix as we removed it in the outflow? >> > > In Web Socket apis, the headers that we send in the client - gateway > handshake are not being sent in the gateway - backend handshake. Only the > default headers were set[1] and the incoming headers are set as the > properties in axis2 message context. In order to send the header to the > backend, we need to get the specific property and attach it as a header to > the gateway - backend handshake. > > As the transport sender implementation should be generic, we send the > headers that should be sent to the backend with a prefix and in the > WebSocketTransportSender, we get those properties, extract the actual > header and set them as handshake headers.[2] So we do not need to alter the > transport implementation if we need to send any headers as required. > Ok. Is there any reason not to send incoming header to the backend? If not we ideally should send the headers to the backend. Can't we give a option to client to configure the headers that should forward to the backend? > > [1] > https://github.com/wso2/carbon-mediation/blob/master/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConnectionFactory.java#L170 > [2] > https://github.com/wso2/carbon-mediation/pull/1068/commits/a3d204dfc53138aab7097d6e168d1c0df7382c01 > > On Fri, Jun 29, 2018 at 7:55 PM, Harsha Kumara <[email protected]> wrote: > >> >> >> On Fri, Jun 29, 2018 at 11:25 AM Menaka Jayawardena <[email protected]> >> wrote: >> >>> Hi, >>> >>> >>> *With reference to [RRT][APIM] Code Review - Sending Enduser information >>> to WS Backends and based on the offline discussion with Kevin.* >>> >>> *Initial Requirement:* When the JWT token generation is enabled in API >>> Manager, the jwt token should be sent to the Web socket backend. >>> >>> *Current Approach:* As the websocket communication happens as frames, >>> we could not add the jwt token into the frames. And also it is not a best >>> practice as it is a overhead for the message that is being sent. >>> So, the token will be attached as a header to the initial web socket >>> handshake. >>> >>> In the current implementation, we generate the jwt token and set as an >>> intermediate header from the api gateway. This header is then picked up >>> from the axis2 message context in the WebSocketTransportSender and attach >>> to the Gateway - WS-BackEnd handshake requst. >>> >>> But, as per this implementation, if the user needs to send another >>> header, the WebSocketTransportSender implementation should be changed to >>> support the new header. To avoid this, the implementation will be done in a >>> generic manner. >>> >>> *Solution:* >>> The headers that should be sent to the websocket backends, have to be >>> sent with a prefix. The format of would be <prefix>.<header> >>> >>> Ex: If we need to send the header X-JWT-Assertion to the backend, it >>> should be sent as *websocket.header.**X-JWT-Assertion*. >>> >>> In WebSocketTransportSender, it will get only the properties with the >>> *websocket.header.* prefix, extract the header string and attach them >>> as new headers to the Handshake request. >>> >> In WS APIs, when user send a Header, isn't it going to back-end by >> default? Why we need special prefix as we removed it in the outflow? >> >>> >>> Any comments, suggestions are highly appreciated. >>> >>> Thanks and Regards, >>> Menaka >>> >>> -- >>> >>> *Menaka Jayawardena* >>> Senior Software Engineer >>> WSO2 Inc. >>> >>> Phone : +94 71 350 5470 >>> LinkedIn : https://lk.linkedin.com/in/menakajayawardena >>> Blog : https://menakamadushanka.wordpress.com/ >>> >>> >> >> -- >> Harsha Kumara >> Associate Technical Lead, WSO2 Inc. >> Mobile: +94775505618 >> Blog:harshcreationz.blogspot.com >> > > > > -- > > *Menaka Jayawardena* > Senior Software Engineer > WSO2 Inc. > > Phone : +94 71 350 5470 > LinkedIn : https://lk.linkedin.com/in/menakajayawardena > Blog : https://menakamadushanka.wordpress.com/ > > -- Harsha Kumara Associate Technical Lead, WSO2 Inc. Mobile: +94775505618 Blog:harshcreationz.blogspot.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
