waxzce opened a new issue #5598: Proxy Websocket authentication using websocket 
in browser
URL: https://github.com/apache/pulsar/issues/5598
 
 
   Websocket API in a browser does not allow to manage header 
https://developer.mozilla.org/en-US/docs/Web/API/WebSocket/WebSocket
   
   The authentication using plain HTTP is not possible on this case, and it 
seems that is what the pulsar implement at the moment 
https://github.com/apache/pulsar/blob/master/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/AbstractWebSocketHandler.java#L70
   
   There are mainly 4 solutions used out there to authenticate WS:
   
   1. All in the query string (do not want to argue here, seems to be a bad bad 
idea)
   2. Send a first message after connection containing the auth and close the 
WebSocket if there is no auth message for X seconds (I'm also not very fan of 
this)
   3. In the URL, you can add `wss://user:password@pulsarhost/` and it will be 
treated as HTTP basic auth, a `wss://my_token@pulsarhost/` will be seen as the 
user ill be the token and the password empty. Can work despite the ugly 
semantic.
   4. At the opening of browser WebSocket, we can pass on arguments a string 
array which will be sent as `Sec-WebSocket-Protocol` header and is available 
downstream to the authImpl, so each auth plugin can manage it. (there is some 
limitation so using base64 will be mandatory, but easy wrapping)
   
   So, how do you want to manage this? Manage it explicitly on the WebSocket 
proxy or let people manage? 
   
   My personal opinion is option 4, but if we do that, best will be to make it 
work on default auth plugin, and add it to the documentation.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to