Re: [PR] [ZEPPELIN-6366] Separate WebSocket max message size into a dedicated REST API [zeppelin]

Mon, 03 Nov 2025 01:19:00 -0800 


Reamer commented on code in PR #5099:
URL: https://github.com/apache/zeppelin/pull/5099#discussion_r2485794479


##########
zeppelin-server/src/main/java/org/apache/zeppelin/rest/ConfigurationsRestApi.java:
##########
@@ -32,7 +32,7 @@
 import org.apache.zeppelin.service.AuthenticationService;
 
 /** Configurations Rest API Endpoint. */
-@Path("/configurations")

Review Comment:
   Hi @seung-00 ,
   Thank you for bringing this issue to my attention again.
   
   As I see it, we have the following options.
   
   1) We include the path `/api/configurations/wsMaxMessageSize` in `shiro.ini` 
and give unauthenticated users the right to call this endpoint.
   This would be a breaking change.
   2) We add a new path, but it would also have to contain something related to 
configuration in the path, e.g., `/api/configuration/wsMaxMessageSize` (without 
`s`). The entire API endpoint would then also have to be mapped to a new class.
   The `shiro.ini` would also have to be adjusted here, and that would also be 
a breaking change.
   
   What bothers me about 1) is that potentially new frontend configuration 
options would also have to be added to the `shiro.ini`.
   What bothers me about 2) is that it's quite confusing, but you probably only 
need to adjust the `shiro.ini` once.
   
   What do you think about creating a general endpoint for frontend 
configurations? With this pull request, it's `wsMaxMessageSize`, tomorrow it 
might be something else. Then you could build the whole thing in the 
`ConfigurationsRestApi` and use `frontend-config` or something else as the 
endpoint path. You would only have to adjust `shiro.ini` once and extend the 
map that the endpoint returns.
   
   Either way, this change would be a breaking change, since the `shiro.ini`, 
for example, is very variable.
   See: 
https://github.com/apache/zeppelin/blob/master/conf/shiro.ini.template#L129-L130



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to