qpid-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tim Taylor (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (PROTON-1718) (Proton-J) Custom Sasl
Date Tue, 19 Dec 2017 18:12:00 GMT

    [ https://issues.apache.org/jira/browse/PROTON-1718?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16297167#comment-16297167
] 

Tim Taylor edited comment on PROTON-1718 at 12/19/17 6:11 PM:
--------------------------------------------------------------

Thanks for the response!

Okay, if this kind of change is unacceptable, maybe you can help me find a different way to
resolve a problem I'm facing. Essentially, the service I need to do Sasl auth against only
allows a custom Sasl mechanism. The flow works as follows:

1) Service advertises this custom Sasl mechanism as the only option
2) Client sends init message with a payload containing application code data to the service
(sending multiple init messages if the payload is too large for one frame)
3) Service responds with a challenge asking to send some specific data
4) Client writes a frame with that data in Sasl Response
5) Service responds with another challenge, this time with a payload that +needs+ to be exposed
to our application code for processing.
6) Client sends some challenge response using the processed data from the previous challenge.
7) Sasl authentication has succeeded

There doesn't seem to be a way for me to implement this custom sasl flow using the current
proton-j library. I can't choose what payload to include in the init, I can't expose the sasl
challenge data exposed to my application for processing, and I can't tell the library how
to handle each iteration of the challenge-response flow. Am I just missing how to implement
a custom sasl mechanism, or is this a limitation of proton-j?

Of the two commits made in the pull request for this fix, only the first is necessary for
me to implement this. The second commit is simply to allow me to subclass SaslImpl so that
I don't need to re-write and maintain all the logic that isn't tied to Init/Challenge/Response.
Is it possible for this PR to be approved if I limit it to just the first commit?


was (Author: timtay):
Thanks for the response!

Okay, if this kind of change is unacceptable, maybe you can help me find a different way to
resolve a problem I'm facing. Essentially, the service I need to do Sasl auth against only
allows a custom Sasl mechanism. The flow works as follows:

1) Service advertises this custom Sasl mechanism as the only option
2) Client sends init message with a payload containing application code data to the service
(sending multiple init messages if the payload is too large for one frame)
3) Service responds with a challenge asking to send some specific data
4) Client writes a frame with that data in Sasl Response
5) Service responds with another challenge, this time with a payload that +needs+ to be exposed
to our application code for processing.
6) Client sends some challenge response using the processed data from the previous challenge.
7) Sasl authentication has succeeded

There doesn't seem to be a way for me to implement this custom sasl flow using the current
proton-j library. I can't expose the sasl challenge data exposed to my application for processing,
and I can't tell the library how to handle each iteration of the challenge-response flow.
Am I just missing how to implement a custom sasl mechanism, or is this a limitation of proton-j?

Of the two commits made in the pull request for this fix, only the first is necessary for
me to implement this. The second commit is simply to allow me to subclass SaslImpl so that
I don't need to re-write and maintain all the logic that isn't tied to Init/Challenge/Response.
Is it possible for this PR to be approved if I limit it to just the first commit?

> (Proton-J) Custom Sasl
> ----------------------
>
>                 Key: PROTON-1718
>                 URL: https://issues.apache.org/jira/browse/PROTON-1718
>             Project: Qpid Proton
>          Issue Type: Improvement
>          Components: proton-j
>    Affects Versions: proton-j-0.24.0
>            Reporter: Tim Taylor
>              Labels: features
>
> I would like to be able to provide a custom SASL implementation for Proton-j to use instead
of being forced to use the default SaslImpl.java implementation.
> Ideally, code like below would be possible
> private class CustomSasl implements org.apache.qpid.proton.engine.Sasl
> {
> ...
> }
> ...
> ...
> //transport.sasl(...) saves the provided sasl implementation and uses it internally
> Sasl sasl = transport.sasl(new CustomSasl());
> Do you currently have a workaround that would allow me to use Proton-J this way?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org


Mime
View raw message