Re: [Dev] Enable JWT in gateway node

Sun, 19 Nov 2017 20:23:28 -0800 

Hi Rukshan,

My concern is why we need to enable JWT in gateway? The jwt is getting
generated in KM/IS and gateway only passes the JWT to the backend. I do not
see a valid reason to enable JWT in gateway node if there isn't any usage.

Thank you!

On Mon, Nov 20, 2017 at 12:09 PM, Rukshan Premathunga <[email protected]>
wrote:

> Hi pubudu,
>
> This depends on the backend right? if it need such a authorization,
> cluster or Single AM setup we need to generate the JWT and pass to the
> backend. So it is upto the backend implementation i think.
>
> Thanks and Regards
>
> On Mon, Nov 20, 2017 at 8:16 AM, Pubudu Gunatilaka <[email protected]>
> wrote:
>
>> Hi,
>>
>> Do we need to enable JWT in gateway node [1] in a fully distributed
>> deployment where KM/IS is hosted separately?
>>
>> I can see the JWT is passed to the backend.
>>
>> *TID: [-1] [] [2017-11-20 10:37:31,347] DEBUG
>>> {org.apache.synapse.transport.http.headers} -  http-outgoing-1 >>
>>> X-JWT-Assertion: *eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz
>>> I1NiIsIng1dCI6ImFfamhOdXMyMUtWdW9GeDY1TG1rVzJPX2wxMCJ9.eyJod
>>> HRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC9yb2xlIjpbIkludGVybmFsXC9zd
>>> WJzY3JpYmVyIiwiSW50ZXJuYWxcL2NyZWF0b3IiLCJBcHBsaWNhdGlvblwvY
>>> WRtaW5fRGVmYXVsdEFwcGxpY2F0aW9uX1BST0RVQ1RJT04iLCJJbnRlcm5hb
>>> FwvcHVibGlzaGVyIiwiSW50ZXJuYWxcL2V2ZXJ5b25lIiwiYWRtaW4iXSwia
>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb250aWVyIjoiV
>>> W5saW1pdGVkIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wva2V5dHlwZ
>>> SI6IlBST0RVQ1RJT04iLCJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC92Z
>>> XJzaW9uIjoidjEiLCJpc3MiOiJ3c28yLm9yZ1wvcHJvZHVjdHNcL2FtIiwia
>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb25uYW1lIjoiR
>>> GVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc
>>> 1wvZW5kdXNlciI6ImFkbWluQGNhcmJvbi5zdXBlciIsImh0dHA6XC9cL3dzb
>>> zIub3JnXC9jbGFpbXNcL2VuZHVzZXJUZW5hbnRJZCI6Ii0xMjM0IiwiaHR0c
>>> DpcL1wvd3NvMi5vcmdcL2NsYWltc1wvc3Vic2NyaWJlciI6ImFkbWluIiwia
>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdGllciI6IlVubGltaXRlZCIsI
>>> mh0dHA6XC9cL3dzbzIub3JnXC9jbGFpbXNcL2FwcGxpY2F0aW9uaWQiOiIxI
>>> iwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdXNlcnR5cGUiOiJBUFBMS
>>> UNBVElPTiIsImV4cCI6MTUxMTE0NTQ0OSwiaHR0cDpcL1wvd3NvMi5vcmdcL
>>> 2NsYWltc1wvYXBpY29udGV4dCI6IlwvZmRzYVwvdjEifQ==.ADG30dcwlxBa
>>> N7Wxtixc5Wq/gZRj7nZrGHExn0E+7O4pZ6xTSjeVx7UrWSwj31vm7DjL+CvK
>>> 07popxJqchT8+ACt303BkRxOKgfW66h/XmOxleUlXohQByUe6/7FTpnFRfyZ
>>> 7jzttjZct39sBzHcNcyUAEqcl/HEt+eR62/dksM= {org.apache.synapse.transport.
>>> http.headers}
>>> *TID: [-1] [] [2017-11-20 10:37:31,348] DEBUG
>>> {org.apache.synapse.transport.http.wire} -  HTTP-Sender I/O dispatcher-1 <<
>>> "X-JWT-Assertion: *eyJ0eXAiOiJKV1QiLCJhbGciOiJSUz
>>> I1NiIsIng1dCI6ImFfamhOdXMyMUtWdW9GeDY1TG1rVzJPX2wxMCJ9.eyJod
>>> HRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC9yb2xlIjpbIkludGVybmFsXC9zd
>>> WJzY3JpYmVyIiwiSW50ZXJuYWxcL2NyZWF0b3IiLCJBcHBsaWNhdGlvblwvY
>>> WRtaW5fRGVmYXVsdEFwcGxpY2F0aW9uX1BST0RVQ1RJT04iLCJJbnRlcm5hb
>>> FwvcHVibGlzaGVyIiwiSW50ZXJuYWxcL2V2ZXJ5b25lIiwiYWRtaW4iXSwia
>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb250aWVyIjoiV
>>> W5saW1pdGVkIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wva2V5dHlwZ
>>> SI6IlBST0RVQ1RJT04iLCJodHRwOlwvXC93c28yLm9yZ1wvY2xhaW1zXC92Z
>>> XJzaW9uIjoidjEiLCJpc3MiOiJ3c28yLm9yZ1wvcHJvZHVjdHNcL2FtIiwia
>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvYXBwbGljYXRpb25uYW1lIjoiR
>>> GVmYXVsdEFwcGxpY2F0aW9uIiwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc
>>> 1wvZW5kdXNlciI6ImFkbWluQGNhcmJvbi5zdXBlciIsImh0dHA6XC9cL3dzb
>>> zIub3JnXC9jbGFpbXNcL2VuZHVzZXJUZW5hbnRJZCI6Ii0xMjM0IiwiaHR0c
>>> DpcL1wvd3NvMi5vcmdcL2NsYWltc1wvc3Vic2NyaWJlciI6ImFkbWluIiwia
>>> HR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdGllciI6IlVubGltaXRlZCIsI
>>> mh0dHA6XC9cL3dzbzIub3JnXC9jbGFpbXNcL2FwcGxpY2F0aW9uaWQiOiIxI
>>> iwiaHR0cDpcL1wvd3NvMi5vcmdcL2NsYWltc1wvdXNlcnR5cGUiOiJBUFBMS
>>> UNBVElPTiIsImV4cCI6MTUxMTE0NTQ0OSwiaHR0cDpcL1wvd3NvMi5vcmdcL
>>> 2NsYWltc1wvYXBpY29udGV4dCI6IlwvZmRzYVwvdjEifQ==.ADG30dcwlxBa
>>> N7Wxtixc5Wq/gZRj7nZrGHExn0E+7O4pZ6xTSjeVx7UrWSwj31vm7DjL+CvK
>>> 07popxJqchT8+ACt303BkRxOKgfW66h/XmOxleUlXohQByUe6/7FTpnFRfyZ
>>> 7jzttjZct39sBzHcNcyUAEqcl/HEt+eR62/dksM=[\r][\n]"
>>> {org.apache.synapse.transport.http.wire}
>>
>>
>>
>> What is the need to enable JWT in gateway node?
>>
>> [1] - https://docs.wso2.com/display/AM210/Distributed+Deployment
>> +of+API+Manager#DistributedDeploymentofAPIManager-Step3.5-Co
>> nfiguretheGateway
>>
>> Thank you!
>> --
>> *Pubudu Gunatilaka*
>> Committer and PMC Member - Apache Stratos
>> Senior Software Engineer
>> WSO2, Inc.: http://wso2.com
>> mobile : +94774078049 <%2B94772207163>
>>
>>
>> _______________________________________________
>> Dev mailing list
>> [email protected]
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
>
> --
> Rukshan Chathuranga.
> Software Engineer.
> WSO2, Inc.
> +94711822074 <+94%2071%20182%202074>
>



-- 
*Pubudu Gunatilaka*
Committer and PMC Member - Apache Stratos
Senior Software Engineer
WSO2, Inc.: http://wso2.com
mobile : +94774078049 <%2B94772207163>

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to