aicam commented on code in PR #3598:
URL: https://github.com/apache/texera/pull/3598#discussion_r2283135362
##########
core/amber/src/main/scala/edu/uci/ics/texera/web/ServletAwareConfigurator.scala:
##########
@@ -29,46 +30,76 @@ import java.nio.charset.Charset
import javax.websocket.HandshakeResponse
import javax.websocket.server.{HandshakeRequest, ServerEndpointConfig}
import scala.jdk.CollectionConverters.ListHasAsScala
+import scala.jdk.CollectionConverters._
/**
- * This configurator extracts HTTPSession and associates it to
ServerEndpointConfig,
- * allow it to be accessed by Websocket connections.
- * <pre>
- * See <a
href="https://stackoverflow.com/questions/17936440/accessing-httpsession-
- * from-httpservletrequest-in-a-web-socket-serverendpoint"></a>
- * </pre>
- */
+ * This configurator extracts HTTPSession and associates it to
ServerEndpointConfig,
+ * allow it to be accessed by Websocket connections.
+ * <pre>
+ * See <a
href="https://stackoverflow.com/questions/17936440/accessing-httpsession-
+ * from-httpservletrequest-in-a-web-socket-serverendpoint"></a>
+ * </pre>
+ */
class ServletAwareConfigurator extends ServerEndpointConfig.Configurator with
LazyLogging {
override def modifyHandshake(
- config: ServerEndpointConfig,
- request: HandshakeRequest,
- response: HandshakeResponse
- ): Unit = {
+ config: ServerEndpointConfig,
+ request: HandshakeRequest,
+ response: HandshakeResponse
+ ): Unit = {
try {
- val params =
- URLEncodedUtils.parse(new URI("?" + request.getQueryString),
Charset.defaultCharset())
- params.asScala
- .map(pair => pair.getName -> pair.getValue)
- .toMap
- .get("access-token")
- .map(token => {
- val claims = jwtConsumer.process(token).getJwtClaims
- config.getUserProperties.put(
- classOf[User].getName,
- new User(
- claims.getClaimValue("userId").asInstanceOf[Long].toInt,
- claims.getSubject,
-
String.valueOf(claims.getClaimValue("email").asInstanceOf[String]),
- null,
- null,
- null,
- null,
- null
- )
+ if (KubernetesConfig.kubernetesComputingUnitEnabled) {
+ // KUBERNETES MODE: Construct the User object from trusted headers
+ // coming from envoy and generated by permission service.
+ val headers =
request.getHeaders.asScala.view.mapValues(_.asScala.headOption).toMap
+
+ val userId = headers.get("x-user-id").flatten.map(_.toInt).get
Review Comment:
I searched and couldn't find equivalent of `envoy.filters.http.ext_authz` in
Angular native proxifier, so I need to use `HttpInterceptor` and introduce a
middleware in frontend. I believe it is redundant since in single node and
local deployment, everyone has one shared computing unit so checking access is
not necessary.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
