Re: [PR] NIFI-14147 add support for JWT token to JettyWebSocketClient controller [nifi]

Fri, 10 Jan 2025 07:01:54 -0800 


exceptionfactory commented on code in PR #9623:
URL: https://github.com/apache/nifi/pull/9623#discussion_r1910487362


##########
nifi-extension-bundles/nifi-websocket-bundle/nifi-websocket-services-jetty/pom.xml:
##########
@@ -54,6 +54,21 @@
             <groupId>org.eclipse.jetty.ee10</groupId>
             <artifactId>jetty-ee10-servlet</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>0.12.6</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>

Review Comment:
   The JJWT library should not be used. The Nimbus JOSE JWT library should be 
used where JWT handling is required.



##########
nifi-extension-bundles/nifi-websocket-bundle/nifi-websocket-services-jetty/src/main/java/org/apache/nifi/websocket/jetty/JettyWebSocketClient.java:
##########
@@ -191,6 +197,62 @@ public class JettyWebSocketClient extends 
AbstractJettyWebSocketService implemen
             .addValidator(StandardValidators.PORT_VALIDATOR)
             .build();
 
+    public static final AllowableValue NO_AUTH = new AllowableValue("NOAUTH", 
"None", "No Authorization");
+    public static final AllowableValue JWT_AUTH = new AllowableValue("JWT", 
"JWT", "JWT Token");
+
+    public static final PropertyDescriptor AUTHORIZATION_TYPE = new 
PropertyDescriptor.Builder()
+            .name("auth-type")
+            .displayName("Authorization")
+            .description("Authorization Type.")
+            .required(false)
+            .allowableValues(JWT_AUTH)
+            .defaultValue((String) null)
+            .build();
+
+    public static final PropertyDescriptor JWT_JSON_FILE = new 
PropertyDescriptor.Builder()
+            .name("json-file")
+            .displayName("JWT Payload File Path")

Review Comment:
   Reading the JWT from a file path is not a solution that will work with 
multiple cluster nodes, so a different approach is required.



##########
nifi-extension-bundles/nifi-websocket-bundle/nifi-websocket-services-jetty/pom.xml:
##########
@@ -54,6 +54,21 @@
             <groupId>org.eclipse.jetty.ee10</groupId>
             <artifactId>jetty-ee10-servlet</artifactId>
         </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>0.12.6</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>0.12.6</version>
+        </dependency>         
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>

Review Comment:
   The Gson library should not be used. For consistency, the Jackson JSON 
library should be used where JSON parsing is required.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to