This is an automated email from the ASF dual-hosted git repository. penghui pushed a commit to branch branch-2.7 in repository https://gitbox.apache.org/repos/asf/pulsar.git
commit 5055eefa40a76a436cb334ea88a2439ff7fcda74 Author: ran <[email protected]> AuthorDate: Sun Mar 14 10:40:33 2021 +0800 [WebSocket Client] Make the browser client support the token authentication (#9886) Fixes issue #9854 ### Motivation Currently, the WebSocket client uses the HTTP request header to transport the authentication params, but the browser javascript WebSocket client couldn't add new headers. ### Modifications Use the query param `token` to transport the authentication token for the browser javascript WebSocket client. (cherry picked from commit f1f272ea5e1946b430636f1e6d54eba02e78969e) --- .../pulsar/websocket/AbstractWebSocketHandler.java | 2 +- .../WebSocketHttpServletRequestWrapper.java | 48 ++++++++++++++++++++++ site2/docs/client-libraries-websocket.md | 13 ++++++ 3 files changed, 62 insertions(+), 1 deletion(-) diff --git a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/AbstractWebSocketHandler.java b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/AbstractWebSocketHandler.java index 6002f63..516137f 100644 --- a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/AbstractWebSocketHandler.java +++ b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/AbstractWebSocketHandler.java @@ -53,7 +53,7 @@ public abstract class AbstractWebSocketHandler extends WebSocketAdapter implemen public AbstractWebSocketHandler(WebSocketService service, HttpServletRequest request, ServletUpgradeResponse response) { this.service = service; - this.request = request; + this.request = new WebSocketHttpServletRequestWrapper(request); this.topic = extractTopicName(request); this.queryParams = new TreeMap<>(); diff --git a/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketHttpServletRequestWrapper.java b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketHttpServletRequestWrapper.java new file mode 100644 index 0000000..29602a8 --- /dev/null +++ b/pulsar-websocket/src/main/java/org/apache/pulsar/websocket/WebSocketHttpServletRequestWrapper.java @@ -0,0 +1,48 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.pulsar.websocket; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; +import org.eclipse.jetty.websocket.servlet.UpgradeHttpServletRequest; + + +/** + * WebSocket HttpServletRequest wrapper. + */ +public class WebSocketHttpServletRequestWrapper extends HttpServletRequestWrapper { + + final static String HTTP_HEADER_NAME = "Authorization"; + final static String TOKEN = "token"; + + public WebSocketHttpServletRequestWrapper(HttpServletRequest request) { + super(request); + } + + @Override + public String getHeader(String name) { + // The browser javascript WebSocket client couldn't add the auth param to the request header, use the + // query param `token` to transport the auth token for the browser javascript WebSocket client. + if (name.equals(HTTP_HEADER_NAME) + && !((UpgradeHttpServletRequest) this.getRequest()).getHeaders().containsKey(HTTP_HEADER_NAME)) { + return getRequest().getParameter(TOKEN); + } + return super.getHeader(name); + } +} diff --git a/site2/docs/client-libraries-websocket.md b/site2/docs/client-libraries-websocket.md index fd3d9c8..43193e8 100644 --- a/site2/docs/client-libraries-websocket.md +++ b/site2/docs/client-libraries-websocket.md @@ -56,6 +56,16 @@ Pulsar's WebSocket API offers three endpoints for [producing](#producer-endpoint All exchanges via the WebSocket API use JSON. +### Authentication + +#### Broswer javascript WebSocket client + +Use the query param `token` transport the authentication token. + +```http +ws://broker-service-url:8080/path?token=token +``` + ### Producer endpoint The producer endpoint requires you to specify a tenant, namespace, and topic in the URL: @@ -78,6 +88,7 @@ Key | Type | Required? | Explanation `producerName` | string | no | Specify the name for the producer. Pulsar will enforce only one producer with same name can be publishing on a topic `initialSequenceId` | long | no | Set the baseline for the sequence ids for messages published by the producer. `hashingScheme` | string | no | [Hashing function](http://pulsar.apache.org/api/client/org/apache/pulsar/client/api/ProducerConfiguration.HashingScheme.html) to use when publishing on a partitioned topic: `JavaStringHash`, `Murmur3_32Hash` +`token` | string | no | Authentication token, this is used for the browser javascript client #### Publishing a message @@ -145,6 +156,7 @@ Key | Type | Required? | Explanation `maxRedeliverCount` | int | no | Define a [maxRedeliverCount](http://pulsar.apache.org/api/client/org/apache/pulsar/client/api/ConsumerBuilder.html#deadLetterPolicy-org.apache.pulsar.client.api.DeadLetterPolicy-) for the consumer (default: 0). Activates [Dead Letter Topic](https://github.com/apache/pulsar/wiki/PIP-22%3A-Pulsar-Dead-Letter-Topic) feature. `deadLetterTopic` | string | no | Define a [deadLetterTopic](http://pulsar.apache.org/api/client/org/apache/pulsar/client/api/ConsumerBuilder.html#deadLetterPolicy-org.apache.pulsar.client.api.DeadLetterPolicy-) for the consumer (default: {topic}-{subscription}-DLQ). Activates [Dead Letter Topic](https://github.com/apache/pulsar/wiki/PIP-22%3A-Pulsar-Dead-Letter-Topic) feature. `pullMode` | boolean | no | Enable pull mode (default: false). See "Flow Control" below. +`token` | string | no | Authentication token, this is used for the browser javascript client NB: these parameter (except `pullMode`) apply to the internal consumer of the WebSocket service. So messages will be subject to the redelivery settings as soon as the get into the receive queue, @@ -231,6 +243,7 @@ Key | Type | Required? | Explanation `readerName` | string | no | Reader name `receiverQueueSize` | int | no | Size of the consumer receive queue (default: 1000) `messageId` | int or enum | no | Message ID to start from, `earliest` or `latest` (default: `latest`) +`token` | string | no | Authentication token, this is used for the browser javascript client ##### Receiving messages
