mesos-reviews mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Schlicht <...@mesosphere.io>
Subject Re: Review Request 56753: Implemented the JWT authenticator.
Date Thu, 09 Mar 2017 09:02:19 GMT


> On March 8, 2017, 11:15 p.m., Greg Mann wrote:
> > 3rdparty/libprocess/src/jwt_authenticator.cpp
> > Lines 75-97 (patched)
> > <https://reviews.apache.org/r/56753/diff/6/?file=1659233#file1659233line75>
> >
> >     Strictly speaking, each element of the vector passed to the `Unauthorized()`
constructor should be a separate challenge; in this case, each element is an attribute of
a single challenge. We should pass these as a single string, in case the constructor of `Unauthorized`
changes in the future to set multiple 'WWW-Authenticate' headers when there are multiple challenges.
I would recommend:
> >     ```
> >     result.unauthorized = Unauthorized({
> >         "Bearer realm=\"" + realm_ + "\", "
> >         "error=\"invalid_token\", "
> >         "error_description=\"Malformed 'Authorization' header\""});
> >     ```

That was my intend, because the elements in the vector will be joined to a single `WWW-Authenticate`
challenge. But it looks like (MESOS-3306) that this is only temporary. Will change it to a
single string.


- Jan


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56753/#review168352
-----------------------------------------------------------


On March 8, 2017, 3:24 p.m., Jan Schlicht wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/56753/
> -----------------------------------------------------------
> 
> (Updated March 8, 2017, 3:24 p.m.)
> 
> 
> Review request for mesos, Alexander Rojas and Greg Mann.
> 
> 
> Bugs: MESOS-7001
>     https://issues.apache.org/jira/browse/MESOS-7001
> 
> 
> Repository: mesos
> 
> 
> Description
> -------
> 
> This HTTP authenticator extracts a JWT from the requests' authorization
> header using the 'Bearer' schema and validates it against a secret using
> HMAC SHA256. The 'sub' claim of the JWT is the extracted principal, all
> other claims will be additional labels of the 'Principal'.
> 
> 
> Diffs
> -----
> 
>   3rdparty/libprocess/Makefile.am 75386184108214e67a58c328258ec204099d638c 
>   3rdparty/libprocess/include/process/authenticator.hpp 00660f42cd4b707d955745bbfea5ffec73f690d6

>   3rdparty/libprocess/src/jwt_authenticator.cpp PRE-CREATION 
>   3rdparty/libprocess/src/tests/http_tests.cpp a0e23c2300f9f6b9d1143ee1eb115bbf24adf92e

> 
> 
> Diff: https://reviews.apache.org/r/56753/diff/6/
> 
> 
> Testing
> -------
> 
> make check
> 
> 
> Thanks,
> 
> Jan Schlicht
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message