Re: [PR] CASSSIDECAR-334: Add support for stateless JWT authentication using public keys [cassandra-sidecar]

Thu, 18 Sep 2025 08:59:57 -0700 


isaacreath commented on code in PR #247:
URL: https://github.com/apache/cassandra-sidecar/pull/247#discussion_r2360054249


##########
server/src/main/java/org/apache/cassandra/sidecar/acl/authentication/ReloadingJwtAuthenticationHandler.java:
##########
@@ -205,4 +229,55 @@ public void execute(Promise<Void> promise)
                              });
         }
     }
+
+    private class PeriodicStatelessJwtRefreshTask implements PeriodicTask
+    {
+        private final String taskName = 
String.format("PeriodicStatelessJwtRefreshTask_%s", jwtParameters.site());
+        @Override
+        public DurationSpec delay()
+        {
+            return jwtParameters.configDiscoverInterval();
+        }
+
+        @Override
+        public DurationSpec initialDelay()
+        {
+            return SecondBoundConfiguration.ZERO;
+        }
+
+
+        @Override
+        public void execute(Promise<Void> promise)
+        {
+            WebClient webClient = WebClient.create(vertx, new 
WebClientOptions().setSsl(true));
+            if (!jwtParameters.enabled())
+            {
+                delegateHandler.set(null);
+                promise.complete();
+                return;
+            }
+            String jwtPemUri = jwtParameters.site();
+            webClient.getAbs(jwtPemUri).send()
+                     .onSuccess(ar -> {
+                        String pem = ar.bodyAsString();
+                        JWTAuthOptions jwtAuthOptions = new JWTAuthOptions()
+                                                        .addPubSecKey(new 
PubSecKeyOptions()
+                                                                      
.setAlgorithm("RS256")
+                                                                      
.setBuffer(pem));
+                        JWTAuth auth = JWTAuth.create(vertx, jwtAuthOptions);
+                        AuthenticationHandlerInternal jwtAuthHandlerDelegate = 
new JWTAuthHandlerImpl(auth, null);
+                        delegateHandler.set(jwtAuthHandlerDelegate);
+                        promise.complete();
+                    }).onFailure(cause -> {
+                        LOGGER.error("Error encountered when refreshing 
stateless JWT PEM material.", cause);

Review Comment:
   Addressed in 
https://github.com/apache/cassandra-sidecar/pull/247/commits/1daa155e82b85576cd55cc06a87858cda06b9b69
 and 
https://github.com/apache/cassandra-sidecar/pull/247/commits/b6eab5b42f15b338ca29599a57ec5960f67702d1



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to