mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Schlicht <...@mesosphere.io>
Subject Re: Review Request 56753: Implemented the JWT authenticator.
Date Tue, 07 Mar 2017 15:10:06 GMT


> On March 7, 2017, 1:02 a.m., Greg Mann wrote:
> > 3rdparty/libprocess/src/tests/http_tests.cpp
> > Lines 2033 (patched)
> > <https://reviews.apache.org/r/56753/diff/4/?file=1656693#file1656693line2033>
> >
> >     Should we do something similar here to what you're doing below, and stringify
an invalid JWT (invalid 'exp' or something else) to generate this?
> >     
> >     I quite liked the "forged token" test we encountered recently (where a correct
token was altered to have a slightly different payload, i.e. a different 'sub'), perhaps you
could use that case here, or add another case for it?

I'll just use a different secret for that. Header, payload will be the same, only the signature
will differ. That's equivalent to altering a correct token.


- Jan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56753/#review168065
-----------------------------------------------------------


On March 6, 2017, 3:55 p.m., Jan Schlicht wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56753/
> -----------------------------------------------------------
> 
> (Updated March 6, 2017, 3:55 p.m.)
> 
> 
> Review request for mesos, Alexander Rojas and Greg Mann.
> 
> 
> Bugs: MESOS-7001
>     https://issues.apache.org/jira/browse/MESOS-7001
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This HTTP authenticator extracts a JWT from the requests' authorization
> header using the 'Bearer' schema and validates it against a secret using
> HMAC SHA256. The 'sub' claim of the JWT is the extracted principal, all
> other claims will be additional labels of the 'Principal'.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/Makefile.am 75386184108214e67a58c328258ec204099d638c 
>   3rdparty/libprocess/include/process/authenticator.hpp e5489c6cb4adc8a822e7dd4515542618c36136f9

>   3rdparty/libprocess/src/authenticator.cpp cfedb6f7674e0f6690e77a633cdd1bd494c7d2c7

>   3rdparty/libprocess/src/jwt_authenticator.cpp PRE-CREATION 
>   3rdparty/libprocess/src/tests/http_tests.cpp fb4da9aecff0370d97a15269c5d8fffb30e0478f

> 
> 
> Diff: https://reviews.apache.org/r/56753/diff/4/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Jan Schlicht
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message