You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by GitBox <gi...@apache.org> on 2020/02/21 22:14:26 UTC

[GitHub] [knox] moresandeep opened a new pull request #269: KNOX-2239 - Websocket use the configured truststore in gateway-site config file

moresandeep opened a new pull request #269: KNOX-2239 - Websocket use the configured truststore in gateway-site config file
URL: https://github.com/apache/knox/pull/269
 
 
   
   ## What changes were proposed in this pull request?
   
   In Knox wss support was broken, the jetty implementation was picking up system keystore and not the keystore configured in gateway-site.xml file. This PR fixes it.
   
   ## How was this patch tested?
   This was tested locally with ws and wss protocols.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [knox] moresandeep merged pull request #269: KNOX-2239 - Websocket use the configured truststore in gateway-site config file

Posted by GitBox <gi...@apache.org>.

moresandeep merged pull request #269: KNOX-2239 - Websocket use the configured truststore in gateway-site config file
URL: https://github.com/apache/knox/pull/269
 
 
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [knox] moresandeep commented on a change in pull request #269: KNOX-2239 - Websocket use the configured truststore in gateway-site config file

Posted by GitBox <gi...@apache.org>.

moresandeep commented on a change in pull request #269: KNOX-2239 - Websocket use the configured truststore in gateway-site config file
URL: https://github.com/apache/knox/pull/269#discussion_r383013666
 
 

 ##########
 File path: gateway-server/src/main/java/org/apache/knox/gateway/websockets/GatewayWebsocketHandler.java
 ##########
 @@ -118,14 +120,28 @@ public Object createWebSocket(ServletUpgradeRequest req,
       LOG.debugLog("Generated backend URL for websocket connection: " + backendURL);
 
       /* Upgrade happens here */
-      return new ProxyWebSocketAdapter
-              (URI.create(backendURL), pool, getClientEndpointConfig(req), config);
+      final ClientEndpointConfig clientConfig = getClientEndpointConfig(req);
+      clientConfig.getUserProperties().put("org.apache.knox.gateway.websockets.truststore", getTruststore());
 
 Review comment:
   Yup, I'll try to update it.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [knox] moresandeep commented on issue #269: KNOX-2239 - Websocket use the configured truststore in gateway-site config file

Posted by GitBox <gi...@apache.org>.

moresandeep commented on issue #269: KNOX-2239 - Websocket use the configured truststore in gateway-site config file
URL: https://github.com/apache/knox/pull/269#issuecomment-590518340
 
 
   > So we have to get and set the truststore on every single connection? We can't setup the HTTP client or websocket client once and reuse it? Seems a bit weird to me.
   
   The issue is the `javax.net` api does not support adding custom truststore as a result jetty does not support it either. New instance of WebSocketContainer is created on every connection (along with the underlying httpclient) this is the only entry point i could find where we could update truststore. 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [knox] risdenk commented on issue #269: KNOX-2239 - Websocket use the configured truststore in gateway-site config file

Posted by GitBox <gi...@apache.org>.

risdenk commented on issue #269: KNOX-2239 - Websocket use the configured truststore in gateway-site config file
URL: https://github.com/apache/knox/pull/269#issuecomment-590457543
 
 
   So we have to get and set the truststore on every single connection? We can't setup the HTTP client or websocket client once and reuse it? Seems a bit weird to me.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [knox] smolnar82 commented on a change in pull request #269: KNOX-2239 - Websocket use the configured truststore in gateway-site config file

Posted by GitBox <gi...@apache.org>.

smolnar82 commented on a change in pull request #269: KNOX-2239 - Websocket use the configured truststore in gateway-site config file
URL: https://github.com/apache/knox/pull/269#discussion_r382935274
 
 

 ##########
 File path: gateway-server/src/main/java/org/apache/knox/gateway/websockets/GatewayWebsocketHandler.java
 ##########
 @@ -118,14 +120,28 @@ public Object createWebSocket(ServletUpgradeRequest req,
       LOG.debugLog("Generated backend URL for websocket connection: " + backendURL);
 
       /* Upgrade happens here */
-      return new ProxyWebSocketAdapter
-              (URI.create(backendURL), pool, getClientEndpointConfig(req), config);
+      final ClientEndpointConfig clientConfig = getClientEndpointConfig(req);
+      clientConfig.getUserProperties().put("org.apache.knox.gateway.websockets.truststore", getTruststore());
 
 Review comment:
   nit: You may have wanted to introduce a constant for the new property name

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services