--
You received this message because you are subscribed to the Google Groups "narayana-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to narayana-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/narayana-users/634c3876-1338-48ee-88fa-6bb7d5b2156c%40googlegroups.com.
I’m sorry if I have misunderstood something but I’m a bit confused.
I understand that the co-ordinator is using its containers’s settings to listen on a secure port but how would you setup the participant to use an outbound SSL connection?
Are you saying that by setting
•-Dlra.http.port=...
•-Dlra.http.host=...
•-Dlra.coordinator.path=...
to a https port it would somehow setup a secure connection? Or is it up to the developer to setup something like a forward proxy?
Thanks
Jason
The Narayana implementation of the LRA spec should use whatever the container uses. So if the container is configured to use HTTPS then the comms will be secured. I guess we should write some tests that verify my statement.
On Wed, Apr 29, 2020 at 12:11 PM Jason Yong <jason...@gmail.com> wrote:
Hi,--The communication between the LRA co-ordinator and its participants appears to be over http by default. Is it possible to configure it to use https or any other authentication methods?I assume that from the co-ordinator point of view its all based on the container you are running it in, but for the participant is it possible to configure it to use https?Thanks for you timeJason
You received this message because you are subscribed to the Google Groups "narayana-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to narayan...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/narayana-users/634c3876-1338-48ee-88fa-6bb7d5b2156c%40googlegroups.com.
The Narayana implementation of the MicroProfile LRA specification uses a JAX-RS filter to communicate with a remote coordinator. The interaction is currently insecure. This issue is to investigate the best way of securing this channel. Since the JAX-RS filter is applied to the MicroProfile service we should initially investigate the MicroProfile security solution (MicroProfile JSON Web Token).
To unsubscribe from this group and stop receiving emails from it, send an email to narayana-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/narayana-users/09cff4a8-4ce8-4399-a456-ae9392cb751f%40googlegroups.com.
That is a good point Jason. I have raised an issue to look into this requirement. Since LRA is aimed at MicroProfile based services I have recommended that the project initially focus on JWT in the issue description:The Narayana implementation of the MicroProfile LRA specification uses a JAX-RS filter to communicate with a remote coordinator. The interaction is currently insecure. This issue is to investigate the best way of securing this channel. Since the JAX-RS filter is applied to the MicroProfile service we should initially investigate the MicroProfile security solution (MicroProfile JSON Web Token).You can track its progress by watching the issue. If you have any particular requirements please can you let the project know here so that whoever implements it can take them into consideration when resolving the issue.I have marked the issue as "Major". If you think it should be "Critical" or a "Blocker" then we will review the priority.
To view this discussion on the web, visit https://groups.google.com/d/msgid/narayana-users/09cff4a8-4ce8-4399-a456-ae9392cb751f%40googlegroups.com.
To unsubscribe from this group and stop receiving emails from it, send an email to narayana-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/narayana-users/878fe546-9eb3-4bbf-8e5a-a193e26635e9%40googlegroups.com.