aicam commented on code in PR #3598:
URL: https://github.com/apache/texera/pull/3598#discussion_r2301434531
##########
core/amber/src/main/scala/edu/uci/ics/texera/web/ServletAwareConfigurator.scala:
##########
@@ -29,46 +30,78 @@ import java.nio.charset.Charset
import javax.websocket.HandshakeResponse
import javax.websocket.server.{HandshakeRequest, ServerEndpointConfig}
import scala.jdk.CollectionConverters.ListHasAsScala
+import scala.jdk.CollectionConverters._
/**
- * This configurator extracts HTTPSession and associates it to
ServerEndpointConfig,
- * allow it to be accessed by Websocket connections.
- * <pre>
- * See <a
href="https://stackoverflow.com/questions/17936440/accessing-httpsession-
- * from-httpservletrequest-in-a-web-socket-serverendpoint"></a>
- * </pre>
- */
+ * This configurator extracts HTTPSession and associates it to
ServerEndpointConfig,
+ * allow it to be accessed by Websocket connections.
+ * <pre>
+ * See <a
href="https://stackoverflow.com/questions/17936440/accessing-httpsession-
+ * from-httpservletrequest-in-a-web-socket-serverendpoint"></a>
+ * </pre>
+ */
class ServletAwareConfigurator extends ServerEndpointConfig.Configurator with
LazyLogging {
override def modifyHandshake(
- config: ServerEndpointConfig,
- request: HandshakeRequest,
- response: HandshakeResponse
- ): Unit = {
+ config: ServerEndpointConfig,
+ request: HandshakeRequest,
+ response: HandshakeResponse
+ ): Unit = {
try {
- val params =
- URLEncodedUtils.parse(new URI("?" + request.getQueryString),
Charset.defaultCharset())
- params.asScala
- .map(pair => pair.getName -> pair.getValue)
- .toMap
- .get("access-token")
- .map(token => {
- val claims = jwtConsumer.process(token).getJwtClaims
- config.getUserProperties.put(
- classOf[User].getName,
- new User(
- claims.getClaimValue("userId").asInstanceOf[Long].toInt,
- claims.getSubject,
-
String.valueOf(claims.getClaimValue("email").asInstanceOf[String]),
- null,
- null,
- null,
- null,
- null
- )
+ val headers =
request.getHeaders.asScala.view.mapValues(_.asScala.headOption).toMap
+ if (headers.contains("x-user-cu-access")) {
+ // KUBERNETES MODE: Construct the User object from trusted headers
+ // coming from envoy and generated by access control service.
+
+ val userId = headers.get("x-user-id").flatten.map(_.toInt).get
+ val userName = headers.get("x-user-name").flatten.get
+ val userEmail = headers.get("x-user-email").flatten.get
+ val cuAccess = headers.get("x-user-cu-access").flatten.getOrElse("")
Review Comment:
Done
##########
core/amber/src/main/scala/edu/uci/ics/texera/web/ServletAwareConfigurator.scala:
##########
@@ -29,46 +30,78 @@ import java.nio.charset.Charset
import javax.websocket.HandshakeResponse
import javax.websocket.server.{HandshakeRequest, ServerEndpointConfig}
import scala.jdk.CollectionConverters.ListHasAsScala
+import scala.jdk.CollectionConverters._
/**
- * This configurator extracts HTTPSession and associates it to
ServerEndpointConfig,
- * allow it to be accessed by Websocket connections.
- * <pre>
- * See <a
href="https://stackoverflow.com/questions/17936440/accessing-httpsession-
- * from-httpservletrequest-in-a-web-socket-serverendpoint"></a>
- * </pre>
- */
+ * This configurator extracts HTTPSession and associates it to
ServerEndpointConfig,
+ * allow it to be accessed by Websocket connections.
+ * <pre>
+ * See <a
href="https://stackoverflow.com/questions/17936440/accessing-httpsession-
+ * from-httpservletrequest-in-a-web-socket-serverendpoint"></a>
+ * </pre>
+ */
class ServletAwareConfigurator extends ServerEndpointConfig.Configurator with
LazyLogging {
override def modifyHandshake(
- config: ServerEndpointConfig,
- request: HandshakeRequest,
- response: HandshakeResponse
- ): Unit = {
+ config: ServerEndpointConfig,
+ request: HandshakeRequest,
+ response: HandshakeResponse
+ ): Unit = {
try {
- val params =
- URLEncodedUtils.parse(new URI("?" + request.getQueryString),
Charset.defaultCharset())
- params.asScala
- .map(pair => pair.getName -> pair.getValue)
- .toMap
- .get("access-token")
- .map(token => {
- val claims = jwtConsumer.process(token).getJwtClaims
- config.getUserProperties.put(
- classOf[User].getName,
- new User(
- claims.getClaimValue("userId").asInstanceOf[Long].toInt,
- claims.getSubject,
-
String.valueOf(claims.getClaimValue("email").asInstanceOf[String]),
- null,
- null,
- null,
- null,
- null
- )
+ val headers =
request.getHeaders.asScala.view.mapValues(_.asScala.headOption).toMap
+ if (headers.contains("x-user-cu-access")) {
+ // KUBERNETES MODE: Construct the User object from trusted headers
+ // coming from envoy and generated by access control service.
+
+ val userId = headers.get("x-user-id").flatten.map(_.toInt).get
+ val userName = headers.get("x-user-name").flatten.get
+ val userEmail = headers.get("x-user-email").flatten.get
+ val cuAccess = headers.get("x-user-cu-access").flatten.getOrElse("")
+ config.getUserProperties.put("cuAccess", cuAccess)
Review Comment:
Done
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
