[
https://issues.apache.org/jira/browse/PROTON-1718?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16297167#comment-16297167
]
Tim Taylor edited comment on PROTON-1718 at 12/19/17 6:11 PM:
--------------------------------------------------------------
Thanks for the response!
Okay, if this kind of change is unacceptable, maybe you can help me find a
different way to resolve a problem I'm facing. Essentially, the service I need
to do Sasl auth against only allows a custom Sasl mechanism. The flow works as
follows:
1) Service advertises this custom Sasl mechanism as the only option
2) Client sends init message with a payload containing application code data to
the service (sending multiple init messages if the payload is too large for one
frame)
3) Service responds with a challenge asking to send some specific data
4) Client writes a frame with that data in Sasl Response
5) Service responds with another challenge, this time with a payload that
+needs+ to be exposed to our application code for processing.
6) Client sends some challenge response using the processed data from the
previous challenge.
7) Sasl authentication has succeeded
There doesn't seem to be a way for me to implement this custom sasl flow using
the current proton-j library. I can't choose what payload to include in the
init, I can't expose the sasl challenge data exposed to my application for
processing, and I can't tell the library how to handle each iteration of the
challenge-response flow. Am I just missing how to implement a custom sasl
mechanism, or is this a limitation of proton-j?
Of the two commits made in the pull request for this fix, only the first is
necessary for me to implement this. The second commit is simply to allow me to
subclass SaslImpl so that I don't need to re-write and maintain all the logic
that isn't tied to Init/Challenge/Response. Is it possible for this PR to be
approved if I limit it to just the first commit?
was (Author: timtay):
Thanks for the response!
Okay, if this kind of change is unacceptable, maybe you can help me find a
different way to resolve a problem I'm facing. Essentially, the service I need
to do Sasl auth against only allows a custom Sasl mechanism. The flow works as
follows:
1) Service advertises this custom Sasl mechanism as the only option
2) Client sends init message with a payload containing application code data to
the service (sending multiple init messages if the payload is too large for one
frame)
3) Service responds with a challenge asking to send some specific data
4) Client writes a frame with that data in Sasl Response
5) Service responds with another challenge, this time with a payload that
+needs+ to be exposed to our application code for processing.
6) Client sends some challenge response using the processed data from the
previous challenge.
7) Sasl authentication has succeeded
There doesn't seem to be a way for me to implement this custom sasl flow using
the current proton-j library. I can't expose the sasl challenge data exposed to
my application for processing, and I can't tell the library how to handle each
iteration of the challenge-response flow. Am I just missing how to implement a
custom sasl mechanism, or is this a limitation of proton-j?
Of the two commits made in the pull request for this fix, only the first is
necessary for me to implement this. The second commit is simply to allow me to
subclass SaslImpl so that I don't need to re-write and maintain all the logic
that isn't tied to Init/Challenge/Response. Is it possible for this PR to be
approved if I limit it to just the first commit?
> (Proton-J) Custom Sasl
> ----------------------
>
> Key: PROTON-1718
> URL: https://issues.apache.org/jira/browse/PROTON-1718
> Project: Qpid Proton
> Issue Type: Improvement
> Components: proton-j
> Affects Versions: proton-j-0.24.0
> Reporter: Tim Taylor
> Labels: features
>
> I would like to be able to provide a custom SASL implementation for Proton-j
> to use instead of being forced to use the default SaslImpl.java
> implementation.
> Ideally, code like below would be possible
> private class CustomSasl implements org.apache.qpid.proton.engine.Sasl
> {
> ...
> }
> ...
> ...
> //transport.sasl(...) saves the provided sasl implementation and uses it
> internally
> Sasl sasl = transport.sasl(new CustomSasl());
> Do you currently have a workaround that would allow me to use Proton-J this
> way?
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org
For additional commands, e-mail: dev-h...@qpid.apache.org
