[feat] Pulsar authentication for Client authentication using private_key_jwt method#24631
[feat] Pulsar authentication for Client authentication using private_key_jwt method#24631dlg99 wants to merge 1 commit intoapache:masterfrom
Conversation
…ivate_key_jwt method
github-actions
bot
added
the
doc-required
lhotari
left a comment
lhotari
left a comment
There was a problem hiding this comment.
Please check the review comments.
| <groupId>io.jsonwebtoken</groupId> | ||
| <artifactId>jjwt-impl</artifactId> | ||
| <version>${jsonwebtoken.version}</version> | ||
| <scope>runtime</scope> |
There was a problem hiding this comment.
scope shouldn't be added to dependencyManagement dependencies since dependencyManagement's purpose is to pin the version of a dependency, regardless of the scope of the actual dependency.
| <groupId>io.jsonwebtoken</groupId> | ||
| <artifactId>jjwt-jackson</artifactId> <!-- or jjwt-gson if Gson is preferred --> | ||
| <version>${jsonwebtoken.version}</version> | ||
| <scope>runtime</scope> |
| /** | ||
| * Class for reading RSA private key from PEM file. It uses | ||
| * the JMeter FileServer to find the file. So the file should | ||
| * be located in the same directory as the test plan if the | ||
| * path is relative. | ||
| * <p> | ||
| * <p/>There is a cache so each file is only read once. If file | ||
| * is changed, it will not take effect until the program | ||
| * restarts. | ||
| * <p> | ||
| * <p/>It can read PEM files with PKCS#8 or PKCS#1 encodings. | ||
| * It doesn't support encrypted PEM files. | ||
| * <p> | ||
| * "borrowed" from https://github.com/groovenauts/jmeter_oauth_plugin/blob/master/jmeter/ | ||
| * src/main/java/org/apache/jmeter/protocol/oauth/sampler/PrivateKeyReader.java | ||
| * with some modifications: | ||
| * - not tied to key specified as a file path | ||
| * - minus extra dependencies from jmeter | ||
| * - minus key caching |
There was a problem hiding this comment.
There's a copyright issue in "borrowing", although it's ASL 2.0 licensed. I think it would be better to use a similar approach as is used in Zookeeper, https://github.com/apache/zookeeper/blob/master/zookeeper-server/src/main/java/org/apache/zookeeper/util/PemReader.java . That is from another ASF project, https://github.com/airlift/airlift/blob/master/security/src/main/java/io/airlift/security/pem/PemReader.java .
The benefit would also be that it would support also EC keys which are commonly preferred over RSA keys.
There was a problem hiding this comment.
Another approach would be to use Pulsar's existing PEM key support classes and improve them if there's a gap.
2 participants
Fixes #22371
Motivation
support private_key_jwt client authentication
Modifications
Implemented authentication, added tests
Verifying this change
This change added unit tests
Does this pull request potentially affect one of the following parts:
If the box was checked, please highlight the changes
Documentation
docdoc-requireddoc-not-neededdoc-completeMatching PR in forked repository
PR in forked repository: dlg99#24