[pulsar] branch master updated: [WebSocket Client] Make the browser client support the token authentication (#9886)

Sat, 13 Mar 2021 18:41:21 -0800 

This is an automated email from the ASF dual-hosted git repository.

penghui pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/master by this push:
     new f1f272e  [WebSocket Client] Make the browser client support the token 
authentication (#9886)
f1f272e is described below

commit f1f272ea5e1946b430636f1e6d54eba02e78969e
Author: ran <[email protected]>
AuthorDate: Sun Mar 14 10:40:33 2021 +0800

    [WebSocket Client] Make the browser client support the token authentication 
(#9886)
    
    Fixes issue #9854
    
    ### Motivation
    
    Currently, the WebSocket client uses the HTTP request header to transport 
the authentication params, but the browser javascript WebSocket client couldn't 
add new headers.
    
    ### Modifications
    
    Use the query param `token` to transport the authentication token for the 
browser javascript WebSocket client.
---
 .../pulsar/websocket/AbstractWebSocketHandler.java |  2 +-
 .../WebSocketHttpServletRequestWrapper.java        | 48 ++++++++++++++++++++++
 site2/docs/client-libraries-websocket.md           | 13 ++++++
 3 files changed, 62 insertions(+), 1 deletion(-)

diff --git 
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/AbstractWebSocketHandler.java
 
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/AbstractWebSocketHandler.java
index e28d753..2082973 100644
--- 
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/AbstractWebSocketHandler.java
+++ 
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/AbstractWebSocketHandler.java
@@ -65,7 +65,7 @@ public abstract class AbstractWebSocketHandler extends 
WebSocketAdapter implemen
 
     public AbstractWebSocketHandler(WebSocketService service, 
HttpServletRequest request, ServletUpgradeResponse response) {
         this.service = service;
-        this.request = request;
+        this.request = new WebSocketHttpServletRequestWrapper(request);
         this.topic = extractTopicName(request);
 
         this.queryParams = new TreeMap<>();
diff --git 
a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketHttpServletRequestWrapper.java
 
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketHttpServletRequestWrapper.java
new file mode 100644
index 0000000..29602a8
--- /dev/null
+++ 
b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketHttpServletRequestWrapper.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.pulsar.websocket;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+import org.eclipse.jetty.websocket.servlet.UpgradeHttpServletRequest;
+
+
+/**
+ * WebSocket HttpServletRequest wrapper.
+ */
+public class WebSocketHttpServletRequestWrapper extends 
HttpServletRequestWrapper {
+
+    final static String HTTP_HEADER_NAME = "Authorization";
+    final static String TOKEN = "token";
+
+    public WebSocketHttpServletRequestWrapper(HttpServletRequest request) {
+        super(request);
+    }
+
+    @Override
+    public String getHeader(String name) {
+        // The browser javascript WebSocket client couldn't add the auth param 
to the request header, use the
+        // query param `token` to transport the auth token for the browser 
javascript WebSocket client.
+        if (name.equals(HTTP_HEADER_NAME)
+                && !((UpgradeHttpServletRequest) 
this.getRequest()).getHeaders().containsKey(HTTP_HEADER_NAME)) {
+            return getRequest().getParameter(TOKEN);
+        }
+        return super.getHeader(name);
+    }
+}
diff --git a/site2/docs/client-libraries-websocket.md 
b/site2/docs/client-libraries-websocket.md
index fac8c8d..efb3e15 100644
--- a/site2/docs/client-libraries-websocket.md
+++ b/site2/docs/client-libraries-websocket.md
@@ -67,6 +67,16 @@ Pulsar's WebSocket API offers three endpoints for 
[producing](#producer-endpoint
 
 All exchanges via the WebSocket API use JSON.
 
+### Authentication
+
+#### Broswer javascript WebSocket client
+
+Use the query param `token` transport the authentication token.
+
+```http
+ws://broker-service-url:8080/path?token=token
+```
+
 ### Producer endpoint
 
 The producer endpoint requires you to specify a tenant, namespace, and topic 
in the URL:
@@ -89,6 +99,7 @@ Key | Type | Required? | Explanation
 `producerName` | string | no | Specify the name for the producer. Pulsar will 
enforce only one producer with same name can be publishing on a topic
 `initialSequenceId` | long | no | Set the baseline for the sequence ids for 
messages published by the producer.
 `hashingScheme` | string | no | [Hashing 
function](http://pulsar.apache.org/api/client/org/apache/pulsar/client/api/ProducerConfiguration.HashingScheme.html)
 to use when publishing on a partitioned topic: `JavaStringHash`, 
`Murmur3_32Hash`
+`token` | string | no | Authentication token, this is used for the browser 
javascript client
 
 
 #### Publishing a message
@@ -156,6 +167,7 @@ Key | Type | Required? | Explanation
 `maxRedeliverCount` | int | no | Define a 
[maxRedeliverCount](http://pulsar.apache.org/api/client/org/apache/pulsar/client/api/ConsumerBuilder.html#deadLetterPolicy-org.apache.pulsar.client.api.DeadLetterPolicy-)
 for the consumer (default: 0). Activates [Dead Letter 
Topic](https://github.com/apache/pulsar/wiki/PIP-22%3A-Pulsar-Dead-Letter-Topic)
 feature.
 `deadLetterTopic` | string | no | Define a 
[deadLetterTopic](http://pulsar.apache.org/api/client/org/apache/pulsar/client/api/ConsumerBuilder.html#deadLetterPolicy-org.apache.pulsar.client.api.DeadLetterPolicy-)
 for the consumer (default: {topic}-{subscription}-DLQ). Activates [Dead Letter 
Topic](https://github.com/apache/pulsar/wiki/PIP-22%3A-Pulsar-Dead-Letter-Topic)
 feature.
 `pullMode` | boolean | no | Enable pull mode (default: false). See "Flow 
Control" below.
+`token` | string | no | Authentication token, this is used for the browser 
javascript client
 
 NB: these parameter (except `pullMode`) apply to the internal consumer of the 
WebSocket service.
 So messages will be subject to the redelivery settings as soon as the get into 
the receive queue,
@@ -264,6 +276,7 @@ Key | Type | Required? | Explanation
 `readerName` | string | no | Reader name
 `receiverQueueSize` | int | no | Size of the consumer receive queue (default: 
1000)
 `messageId` | int or enum | no | Message ID to start from, `earliest` or 
`latest` (default: `latest`)
+`token` | string | no | Authentication token, this is used for the browser 
javascript client
 
 ##### Receiving messages

Reply via email to