Hi Harsha, We discussed this in the code review as well. But, the issue is, the only way to pass any additional information in websocket handshake is as headers. When the request is forwarded to the websocket transport layer, all these headers are added to the axis2 message context as properties. So we cannot distinguish the incomming headers with other properties.
As a solution for this, users can send an additional header which contains the list of headers that should be preserved or we define a prefix which users should add to the header where we can filter them from the properties. A per our initial requirement, adding jwt header, I have followed the second option because it can be used for other headers as well. So that the websocket transport implementation can be done in a generic way. Thanks and Regards, Menaka On Fri, Jun 29, 2018 at 9:32 PM Harsha Kumara <hars...@wso2.com> wrote: > On Fri, Jun 29, 2018 at 8:10 PM Menaka Jayawardena <men...@wso2.com> > wrote: > >> Hi Harsha, Chamin, >> >> Please find my answers inline. >> >> So this means we are having two ways of handling JWT (normal method and >>> WS specific method) scenarios? If so, we will need additional methods to >>> cover this flow. Will there be a code/logic duplication due to this? >>> >> >> No. In this implementation, the same JWT token generation method is used. >> The default ws token validation method is modified to generate the jwt >> token. >> >> >> https://github.com/wso2/carbon-apimgt/pull/5519/commits/decc193eddecbaccc8eccc22075d2d9876821480 >> >> In WS APIs, when user send a Header, isn't it going to back-end by >>> default? Why we need special prefix as we removed it in the outflow? >>> >> >> In Web Socket apis, the headers that we send in the client - gateway >> handshake are not being sent in the gateway - backend handshake. Only the >> default headers were set[1] and the incoming headers are set as the >> properties in axis2 message context. In order to send the header to the >> backend, we need to get the specific property and attach it as a header to >> the gateway - backend handshake. >> >> As the transport sender implementation should be generic, we send the >> headers that should be sent to the backend with a prefix and in the >> WebSocketTransportSender, we get those properties, extract the actual >> header and set them as handshake headers.[2] So we do not need to alter the >> transport implementation if we need to send any headers as required. >> > Ok. Is there any reason not to send incoming header to the backend? If not > we ideally should send the headers to the backend. Can't we give a option > to client to configure the headers that should forward to the backend? > >> >> [1] >> https://github.com/wso2/carbon-mediation/blob/master/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConnectionFactory.java#L170 >> [2] >> https://github.com/wso2/carbon-mediation/pull/1068/commits/a3d204dfc53138aab7097d6e168d1c0df7382c01 >> >> On Fri, Jun 29, 2018 at 7:55 PM, Harsha Kumara <hars...@wso2.com> wrote: >> >>> >>> >>> On Fri, Jun 29, 2018 at 11:25 AM Menaka Jayawardena <men...@wso2.com> >>> wrote: >>> >>>> Hi, >>>> >>>> >>>> *With reference to [RRT][APIM] Code Review - Sending Enduser >>>> information to WS Backends and based on the offline discussion with Kevin.* >>>> >>>> *Initial Requirement:* When the JWT token generation is enabled in API >>>> Manager, the jwt token should be sent to the Web socket backend. >>>> >>>> *Current Approach:* As the websocket communication happens as frames, >>>> we could not add the jwt token into the frames. And also it is not a best >>>> practice as it is a overhead for the message that is being sent. >>>> So, the token will be attached as a header to the initial web socket >>>> handshake. >>>> >>>> In the current implementation, we generate the jwt token and set as an >>>> intermediate header from the api gateway. This header is then picked up >>>> from the axis2 message context in the WebSocketTransportSender and attach >>>> to the Gateway - WS-BackEnd handshake requst. >>>> >>>> But, as per this implementation, if the user needs to send another >>>> header, the WebSocketTransportSender implementation should be changed to >>>> support the new header. To avoid this, the implementation will be done in a >>>> generic manner. >>>> >>>> *Solution:* >>>> The headers that should be sent to the websocket backends, have to be >>>> sent with a prefix. The format of would be <prefix>.<header> >>>> >>>> Ex: If we need to send the header X-JWT-Assertion to the backend, it >>>> should be sent as *websocket.header.**X-JWT-Assertion*. >>>> >>>> In WebSocketTransportSender, it will get only the properties with the >>>> *websocket.header.* prefix, extract the header string and attach them >>>> as new headers to the Handshake request. >>>> >>> In WS APIs, when user send a Header, isn't it going to back-end by >>> default? Why we need special prefix as we removed it in the outflow? >>> >>>> >>>> Any comments, suggestions are highly appreciated. >>>> >>>> Thanks and Regards, >>>> Menaka >>>> >>>> -- >>>> >>>> *Menaka Jayawardena* >>>> Senior Software Engineer >>>> WSO2 Inc. >>>> >>>> Phone : +94 71 350 5470 >>>> LinkedIn : https://lk.linkedin.com/in/menakajayawardena >>>> Blog : https://menakamadushanka.wordpress.com/ >>>> >>>> >>> >>> -- >>> Harsha Kumara >>> Associate Technical Lead, WSO2 Inc. >>> Mobile: +94775505618 >>> Blog:harshcreationz.blogspot.com >>> >> >> >> >> -- >> >> *Menaka Jayawardena* >> Senior Software Engineer >> WSO2 Inc. >> >> Phone : +94 71 350 5470 >> LinkedIn : https://lk.linkedin.com/in/menakajayawardena >> Blog : https://menakamadushanka.wordpress.com/ >> >> > > -- > Harsha Kumara > Associate Technical Lead, WSO2 Inc. > Mobile: +94775505618 > Blog:harshcreationz.blogspot.com > -- *Menaka Jayawardena* Senior Software Engineer WSO2 Inc. Phone : +94 71 350 5470 LinkedIn : https://lk.linkedin.com/in/menakajayawardena Blog : https://menakamadushanka.wordpress.com/
_______________________________________________ Architecture mailing list Architecture@wso2.org https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
