[
https://issues.apache.org/jira/browse/CAMEL-24061?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
chio chuan ooi updated CAMEL-24061:
-----------------------------------
Description:
camel-zeebe using {{GatewayGrpc.GatewayBlockingStub}} built from a
{{ManagedChannelBuilder.forAddress(...).usePlaintext().build()}} channel, with
no credentials provider.
Even when the clientid is supplier, beside {{startProcess}} method, the rest of
the method that using grpc stub is not sending the authentication header which
lead to all the process was rejected due to missing authentication header.
it should use authenticated channel which wraps {{managedChannel}} with the
OAuth interceptor when credentials are configured; otherwise it's just the
plain channel, unchanged from current behavior.
e.g
{code:java}
authenticatedChannel = credentialsProvider != null
? ClientInterceptors.intercept(managedChannel, new
OAuthClientInterceptor(credentialsProvider))
: managedChannel;
private static class OAuthClientInterceptor implements ClientInterceptor {
private final CredentialsProvider credentialsProvider;
OAuthClientInterceptor(CredentialsProvider credentialsProvider) {
this.credentialsProvider = credentialsProvider;
}
@Override
public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
MethodDescriptor<ReqT, RespT> method, CallOptions callOptions,
Channel next) {
return new
ForwardingClientCall.SimpleForwardingClientCall<>(next.newCall(method,
callOptions)) {
@Override
public void start(Listener<RespT> responseListener, Metadata
headers) {
try {
credentialsProvider.applyCredentials(
CredentialsProvider.CredentialsApplier.ofMetadata(headers));
} catch (IOException e) {
throw new RuntimeException("Failed to apply OAuth
credentials to gRPC call", e);
}
super.start(responseListener, headers);
}
};
}
}
{code}
was:
camel-zeebe using {{GatewayGrpc.GatewayBlockingStub}} built from a
{{ManagedChannelBuilder.forAddress(...).usePlaintext().build()}} channel, with
no credentials provider.
Event when the clientid is supplier, beside {{startProcess}} method, the rest
of the method that using grpc stub is not sending the authentication header
which lead to all the process was rejected due to missing authentication header.
it should use authenticated channel which wraps {{managedChannel}} with the
OAuth interceptor when credentials are configured; otherwise it's just the
plain channel, unchanged from current behavior.
e.g
{code:java}
authenticatedChannel = credentialsProvider != null
? ClientInterceptors.intercept(managedChannel, new
OAuthClientInterceptor(credentialsProvider))
: managedChannel;
private static class OAuthClientInterceptor implements ClientInterceptor {
private final CredentialsProvider credentialsProvider;
OAuthClientInterceptor(CredentialsProvider credentialsProvider) {
this.credentialsProvider = credentialsProvider;
}
@Override
public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
MethodDescriptor<ReqT, RespT> method, CallOptions callOptions,
Channel next) {
return new
ForwardingClientCall.SimpleForwardingClientCall<>(next.newCall(method,
callOptions)) {
@Override
public void start(Listener<RespT> responseListener, Metadata
headers) {
try {
credentialsProvider.applyCredentials(
CredentialsProvider.CredentialsApplier.ofMetadata(headers));
} catch (IOException e) {
throw new RuntimeException("Failed to apply OAuth
credentials to gRPC call", e);
}
super.start(responseListener, headers);
}
};
}
}
{code}
> camel-zeebe: grpc-stub-based operations were never wired for auth
> ------------------------------------------------------------------
>
> Key: CAMEL-24061
> URL: https://issues.apache.org/jira/browse/CAMEL-24061
> Project: Camel
> Issue Type: Bug
> Affects Versions: 4.18.3
> Reporter: chio chuan ooi
> Priority: Minor
>
> camel-zeebe using {{GatewayGrpc.GatewayBlockingStub}} built from a
> {{ManagedChannelBuilder.forAddress(...).usePlaintext().build()}} channel,
> with no credentials provider.
> Even when the clientid is supplier, beside {{startProcess}} method, the rest
> of the method that using grpc stub is not sending the authentication header
> which lead to all the process was rejected due to missing authentication
> header.
> it should use authenticated channel which wraps {{managedChannel}} with the
> OAuth interceptor when credentials are configured; otherwise it's just the
> plain channel, unchanged from current behavior.
> e.g
>
> {code:java}
> authenticatedChannel = credentialsProvider != null
> ? ClientInterceptors.intercept(managedChannel, new
> OAuthClientInterceptor(credentialsProvider))
> : managedChannel;
> private static class OAuthClientInterceptor implements ClientInterceptor {
> private final CredentialsProvider credentialsProvider;
> OAuthClientInterceptor(CredentialsProvider credentialsProvider) {
> this.credentialsProvider = credentialsProvider;
> }
> @Override
> public <ReqT, RespT> ClientCall<ReqT, RespT> interceptCall(
> MethodDescriptor<ReqT, RespT> method, CallOptions callOptions,
> Channel next) {
> return new
> ForwardingClientCall.SimpleForwardingClientCall<>(next.newCall(method,
> callOptions)) {
> @Override
> public void start(Listener<RespT> responseListener, Metadata
> headers) {
> try {
> credentialsProvider.applyCredentials(
>
> CredentialsProvider.CredentialsApplier.ofMetadata(headers));
> } catch (IOException e) {
> throw new RuntimeException("Failed to apply OAuth
> credentials to gRPC call", e);
> }
> super.start(responseListener, headers);
> }
> };
> }
> }
> {code}
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)