Re: [PR] feat(access-control-service): add `access-control-service` to authorize the requests to `/wsapi` [texera]

Tue, 26 Aug 2025 08:02:24 -0700 


aicam commented on code in PR #3598:
URL: https://github.com/apache/texera/pull/3598#discussion_r2301292807


##########
core/amber/src/main/scala/edu/uci/ics/texera/web/ServletAwareConfigurator.scala:
##########
@@ -29,46 +30,76 @@ import java.nio.charset.Charset
 import javax.websocket.HandshakeResponse
 import javax.websocket.server.{HandshakeRequest, ServerEndpointConfig}
 import scala.jdk.CollectionConverters.ListHasAsScala
+import scala.jdk.CollectionConverters._
 
 /**
-  * This configurator extracts HTTPSession and associates it to 
ServerEndpointConfig,
-  * allow it to be accessed by Websocket connections.
-  * <pre>
-  * See <a 
href="https://stackoverflow.com/questions/17936440/accessing-httpsession-
-  * from-httpservletrequest-in-a-web-socket-serverendpoint"></a>
-  * </pre>
-  */
+ * This configurator extracts HTTPSession and associates it to 
ServerEndpointConfig,
+ * allow it to be accessed by Websocket connections.
+ * <pre>
+ * See <a 
href="https://stackoverflow.com/questions/17936440/accessing-httpsession-
+ * from-httpservletrequest-in-a-web-socket-serverendpoint"></a>
+ * </pre>
+ */
 class ServletAwareConfigurator extends ServerEndpointConfig.Configurator with 
LazyLogging {
 
   override def modifyHandshake(
-      config: ServerEndpointConfig,
-      request: HandshakeRequest,
-      response: HandshakeResponse
-  ): Unit = {
+                                config: ServerEndpointConfig,
+                                request: HandshakeRequest,
+                                response: HandshakeResponse
+                              ): Unit = {
     try {
-      val params =
-        URLEncodedUtils.parse(new URI("?" + request.getQueryString), 
Charset.defaultCharset())
-      params.asScala
-        .map(pair => pair.getName -> pair.getValue)
-        .toMap
-        .get("access-token")
-        .map(token => {
-          val claims = jwtConsumer.process(token).getJwtClaims
-          config.getUserProperties.put(
-            classOf[User].getName,
-            new User(
-              claims.getClaimValue("userId").asInstanceOf[Long].toInt,
-              claims.getSubject,
-              
String.valueOf(claims.getClaimValue("email").asInstanceOf[String]),
-              null,
-              null,
-              null,
-              null,
-              null
-            )
+      if (KubernetesConfig.kubernetesComputingUnitEnabled) {
+        // KUBERNETES MODE: Construct the User object from trusted headers
+        // coming from envoy and generated by permission service.
+        val headers = 
request.getHeaders.asScala.view.mapValues(_.asScala.headOption).toMap
+
+        val userId = headers.get("x-user-id").flatten.map(_.toInt).get

Review Comment:
   Where do you check the changes? I also attached a picture to show the 
changes are applied
   <img width="735" height="368" alt="Screenshot from 2025-08-26 08-00-53" 
src="https://github.com/user-attachments/assets/2536541d-3bb0-4bd4-a660-cd1d1b1db858";
 />
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to