Yes. But beware: the proxy, as it is now, it has no one-to-one method replication of any sorts, it’s only a passthrough to the REST API application.
Evertthing he receives in the api/* path, it strips down the api/ part and composes the real URL using the configured value as a base. It only knows about the base location and nothing more. (Actually it also validates the JWT but this is probably something
that dates back to when we still didn’t have JWT validation on backend, and it could be removed).
Claudio Mezzasalma | Eurotech
Da:
<kapua-dev-bounces@xxxxxxxxxxx> per conto di Jens Reimann <jreimann@xxxxxxxxxx>
Risposta: kapua developer discussions <kapua-dev@xxxxxxxxxxx>
Data: martedì 9 maggio 2017 15:10
A: kapua developer discussions <kapua-dev@xxxxxxxxxxx>
Oggetto: Re: [kapua-dev] Refactoring SSO
In general yes, since all of those methods should be available over the REST API anyway, right?
On Tue, May 9, 2017 at 3:03 PM, Mezzasalma, Claudio <Claudio.Mezzasalma@xxxxxxxxxxxx> wrote:
Of course we can. But did I understand wrong, or you wanted to get rid of the proxy?
Claudio Mezzasalma | Eurotech
We can do the same with Jetty? I don't see a real difference, that I why I am asking.
On Tue, May 9, 2017 at 2:59 PM, Mezzasalma, Claudio <Claudio.Mezzasalma@xxxxxxxxxxxx> wrote:
In an external JSON file who is read by NodeJS at startup, namely console-v2/server/conf/kapua-server.config.json.
But with this approach it’s not available to the browser at all, unless we set up static files preprocessing. That’s why it’s the NodeJS server who is performing the redirection.
Claudio Mezzasalma | Eurotech
But where would you store such configuration stuff in the NodeJS scenario?
On Tue, May 9, 2017 at 2:54 PM, Mezzasalma, Claudio <Claudio.Mezzasalma@xxxxxxxxxxxx> wrote:
Of course. But we may want to also init some other parameters to the application. Currently there’s no need as far
as I can remember, but the Patternfly console is well far from being feature complete, so we may want to add something else in the future.
Claudio Mezzasalma | Eurotech
Well if the entire file only contains the URL, then that is exposed anyway be following rest calls?!
On Tue, May 9, 2017 at 2:23 PM, Mezzasalma, Claudio <Claudio.Mezzasalma@xxxxxxxxxxxx> wrote:
That would expose the entire configuration file to the browser development tools, by simply inspecting the HTTP call.
It should be fine as long as we don’t put anything sensitive in there.
Claudio Mezzasalma | Eurotech
And what about loading a "config" file from the main application? Which then ins generated by JSP?
On Tue, May 9, 2017 at 1:55 PM, Mezzasalma, Claudio <Claudio.Mezzasalma@xxxxxxxxxxxx> wrote:
I see two drawbacks:
- It would mean mixing HTML with application logic
- We should write that block in pure JS, and not in TypeScript that would be used instead across the rest of the
frontend application
Since it would be only the bootstrap block, that would hopefully be written in only a few lines, it shouldn’t be
a showstopper. But IMHO it’s not the best approach.
Claudio Mezzasalma | Eurotech
Just to understand, what would be the downside of that approach?
On Tue, May 9, 2017 at 1:47 PM, Mezzasalma, Claudio <Claudio.Mezzasalma@xxxxxxxxxxxx> wrote:
When using an JS framework like AngularJS, like the current implementation, or Angular, that I hope to use in the
future for the console, you want to separate HTML and JS as much as you possibly can. We could however bootstrap the JS application inline in the index.jsp, thus injecting the URI. I admit I don’t like it that much, but it should work.
As I said, we have a number of options available. I think we can defer the implementation details a little bit and
focus on the whole decision right now.
Claudio Mezzasalma | Eurotech
Well as we do have JSP on the server side we can easily inject to correct URL, right?
On Tue, May 9, 2017 at 12:54 PM, Mezzasalma, Claudio <Claudio.Mezzasalma@xxxxxxxxxxxx> wrote:
However, whatever the solution -- we will find one, it's just a matter of which one.
Let's see if someone else has some other insights on switching from NodeJS to Jetty.
The URL injection in JS is what still puzzles me, since we’re not doing any HTML/JS preprocessing.
Claudio Mezzasalma | Eurotech
So in this case the WAR file already knows the URI to use?! It can either assemble it or get configured to point the JS code to a different URI.
On Tue, May 9, 2017 at 11:34 AM, Mezzasalma, Claudio <Claudio.Mezzasalma@xxxxxxxxxxxx> wrote:
Yes.
Are you suggesting to serve the REST APIs and the console from the same instance? I’m clearly missing something,
but I can’t figure out what...
Claudio Mezzasalma | Eurotech
The frontend is served from the WAR file right?
On Tue, May 9, 2017 at 11:30 AM, Mezzasalma, Claudio <Claudio.Mezzasalma@xxxxxxxxxxxx> wrote:
Of course, but how to actually tell the frontend the correct URI to reach them?
Claudio Mezzasalma | Eurotech
Well the REST API can be accessible in any way, that is the purpose of it, right?
So what configuration file are you referring to?
On Tue, May 9, 2017 at 11:20 AM, Mezzasalma, Claudio <Claudio.Mezzasalma@xxxxxxxxxxxx> wrote:
Since there is no server side rendered HTML I thought that using such a router was the easiest way to provide configurability
of the REST APIs URL, since to the frontend would only need to know that they reside under /api while the NodeJS server would route it to the correct server reading its address from a configuration file. Reading the configuration file in the frontend to obtain
such and address would have exposed all the configuration to the browser, so I discarded that approach.
Claudio Mezzasalma | Eurotech
The static files could all be served by a simple WAR file, the SSO stuff is subject to change and we could re-use the code there. And the REST API could be accessed directly?!
So let's switch to Jetty (plain WAR-file).
On Tue, May 9, 2017 at 10:54 AM, Mezzasalma, Claudio <Claudio.Mezzasalma@xxxxxxxxxxxx> wrote:
It uses ExpressJS to provide three features:
- Host an HTTP server that serves all the static files
- Redirects every call to /api/* to the Kapua REST API, acting as a proxy
- Acts as an entry point for SSO towards the configured identity provider
You can look at the console-v2/server folder in the impl-consoleV2 branch
Claudio Mezzasalma | Eurotech
Sounds reasonable. But maybe you can give a bit more input on what the NodeJS part actually does.
On Tue, May 9, 2017 at 10:34 AM, Mezzasalma, Claudio <Claudio.Mezzasalma@xxxxxxxxxxxx> wrote:
Ok, now I understand. I was looking at the SSO implementation as something strictly related to the “host implementation”,
given the diversity of our web applications nature.
It makes sense of course, but I think we should clarify something about the Patternfly console first.
As of now, the Patternfly console is built upon a small HTTP server built on NodeJS, that serves as a REST API router
as well. When we started its implementation I thought it made sense given the abstraction given by the REST APIs, together with the development speed of a simple NodeJS application. However, gathering experience month after month on the project, I’m starting
to think that having the Patternfly console server written in such a different technology stack than the rest of the project isn’t a good thing, and your idea just confirms this: if we move everything SSO related to a separate project we couldn’t use it from
a NodeJS app, leading us to duplicate some code only for the console, and of course I strongly want to avoid something like that.
So probably the Patternfly console project should be migrated to something like a lean Jetty server based implementation.
It’s my time to ask: what do you all think about this? :)
Claudio Mezzasalma | Eurotech
Currently the SSO stuff is distributed all over the code, in at least two projects.
I would like to extract this in a set of modules, which are specific to SSO and allow using different implementations, if provided.
This should isolate the different areas where SSO is used and provide a common function block which can then be re-used for REST, GWT and Patternfly.
On Mon, May 8, 2017 at 6:03 PM, Mezzasalma, Claudio <Claudio.Mezzasalma@xxxxxxxxxxxx> wrote:
Hi Jens,
I’m not sure I understand why you need such a refactoring. Could you please be a bit more specific on what you’re
thinking about?
Thanks!
Claudio Mezzasalma | Eurotech
I would like to start re-factoring the SSO implementation a little bit. Not changing anything from a logic/behavior point of view, but bringing together common SSO logic (as it exists
now) into a kapua-sso project for simplifying development.
Any objections?
Cheers
Jens
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
_______________________________________________
kapua-dev mailing list
kapua-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kapua-dev
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
_______________________________________________
kapua-dev mailing list
kapua-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kapua-dev
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
_______________________________________________
kapua-dev mailing list
kapua-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kapua-dev
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
_______________________________________________
kapua-dev mailing list
kapua-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kapua-dev
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
_______________________________________________
kapua-dev mailing list
kapua-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kapua-dev
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
_______________________________________________
kapua-dev mailing list
kapua-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kapua-dev
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
_______________________________________________
kapua-dev mailing list
kapua-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kapua-dev
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
_______________________________________________
kapua-dev mailing list
kapua-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kapua-dev
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
_______________________________________________
kapua-dev mailing list
kapua-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kapua-dev
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
_______________________________________________
kapua-dev mailing list
kapua-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kapua-dev
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
_______________________________________________
kapua-dev mailing list
kapua-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kapua-dev
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
_______________________________________________
kapua-dev mailing list
kapua-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kapua-dev
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
_______________________________________________
kapua-dev mailing list
kapua-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/kapua-dev
--
Jens Reimann
Senior Software Engineer / EMEA ENG Middleware
Werner-von-Siemens-Ring 14
85630 Grasbrunn
Germany
phone: +49 89 2050 71286
_____________________________________________________________________________
Red Hat GmbH, www.de.redhat.com,
Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Paul Argiry, Charles Cachera, Michael Cunningham, Michael O'Neill
|