-
Notifications
You must be signed in to change notification settings - Fork 152
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JwtUtils: support subs, data, payload & default to no limit / -1 #909
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
It's look fine now, but we need to add JavaDoc and more unit tests to cover all scenarios. |
It would be better to avoid displaying "-1" in the JSON when the LIMIT value for subscriptions, data, and payload is not explicitly set. This can cause confusion as "-1" may be interpreted as indicating no subscription. Therefore, it is recommended to omit the "-1" value in the JSON if the user has not set the limit explicitly.
|
@netesh3 the -1 is needed in this case and can't be omitted. -1 means infinite, while 0 would mean no subs allowed for example, in that case it could be omitted since it'd be defaulted to 0 anyhow. If you'd omit the -1 value it will be defaulted by the server to 0, which is not what you'd want. The -1 is required to be explicitly set to have this fixed. |
My intention was to conceal the "subs," "data," and "payload" fields from the JWT. If the user does not explicitly set these fields, they should not be included in the JWT. However, internally, we will still set these fields behind the scenes. ignore it, just document it out the reason why -1. |
The
JwtUtils
didn't include thesubs
,data
andpayload
. This made the server default those limits to 0, not allowing for any subs to be created, etc.Looking at the NATS JWT Go implementation:
These fields are defaulted to
NoLimit
, so -1, in theNatsLimits
(which contains thesubs
,data
,payload
).To support the Java client I've added support for overwriting these fields in the
UserClaim
, as well as defaulting them toNO_LIMIT = -1
to ensure these are set explicitly in the created JWT, instead of defaulted by the server to 0.This fixes an issue when creating a JWT without these fields explicitly defined, and the server logging about it when trying to create subs and publishing data: