You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by GitBox <gi...@apache.org> on 2020/07/03 19:13:10 UTC
[GitHub] [jackrabbit] kwin opened a new pull request #92: JCR-4536 optionally allow insecure TLS connections (self-signed cert,
kwin opened a new pull request #92:
URL: https://github.com/apache/jackrabbit/pull/92
invalid common name)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit] kwin commented on pull request #92: JCR-4536 optionally allow insecure TLS connections (self-signed cert,
Posted by GitBox <gi...@apache.org>.
kwin commented on pull request #92:
URL: https://github.com/apache/jackrabbit/pull/92#issuecomment-659954410
Merged in https://github.com/apache/jackrabbit/commit/d545fa178cccf42f60cbc9d28121c7f0a99db3b1.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit] reschke commented on a change in pull request #92: JCR-4536 optionally allow insecure TLS connections (self-signed cert,
Posted by GitBox <gi...@apache.org>.
reschke commented on a change in pull request #92:
URL: https://github.com/apache/jackrabbit/pull/92#discussion_r456245116
##########
File path: jackrabbit-spi2dav/pom.xml
##########
@@ -1,189 +1,264 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
+ http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- -->
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
-<!-- ====================================================================== -->
-<!-- P R O J E C T D E S C R I P T I O N -->
-<!-- ====================================================================== -->
- <parent>
- <groupId>org.apache.jackrabbit</groupId>
- <artifactId>jackrabbit-parent</artifactId>
- <version>2.21.3-SNAPSHOT</version>
- <relativePath>../jackrabbit-parent/pom.xml</relativePath>
- </parent>
- <artifactId>jackrabbit-spi2dav</artifactId>
- <name>Jackrabbit SPI to WebDAV</name>
+ <!-- ====================================================================== -->
+ <!-- P R O J E C T D E S C R I P T I O N -->
+ <!-- ====================================================================== -->
+ <parent>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-parent</artifactId>
+ <version>2.21.3-SNAPSHOT</version>
+ <relativePath>../jackrabbit-parent/pom.xml</relativePath>
+ </parent>
+ <artifactId>jackrabbit-spi2dav</artifactId>
+ <name>Jackrabbit SPI to WebDAV</name>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <configuration>
- <skip>true</skip>
- <includes>
- <include>**/TestAll.java</include>
- </includes>
- <forkMode>once</forkMode>
- <argLine>${test.opts}</argLine>
- <systemProperties>
- <property>
- <name>known.issues</name>
- <value>
- <!--
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <includes>
+ <include>**/ConnectionOptionsTest.java</include>
+ <include>**/spi2dav/ConnectionTest.java</include>
+ <!-- https://issues.apache.org/jira/browse/JCR-4610 -->
+ <!-- <include>**/TestAll.java</include> -->
+ </includes>
+ <trimStackTrace>false</trimStackTrace>
+ <forkMode>once</forkMode>
+ <argLine>${test.opts}</argLine>
+ <systemProperties>
+ <property>
+ <name>known.issues</name>
+ <value>
+ <!--
- This is the list of failing TCK and jcr2spi tests in a jcr2spi - spi2davex setup.
+ This is the list of failing TCK and jcr2spi tests in a jcr2spi - spi2davex setup.
- A comprehensive list of missing JCR 2.0 features can be found at
- https://issues.apache.org/jira/browse/JCR-2003
+ A comprehensive list of missing JCR 2.0 features can be found at
+ https://issues.apache.org/jira/browse/JCR-2003
- Known issues of jcr2spi and spi2dav(ex) are listed at
- https://issues.apache.org/jira/secure/IssueNavigator.jspa?reset=true&jqlQuery=project+%3D+JCR+AND+component+%3D+jackrabbit-jcr2spi+AND+status+%3D+Open+ORDER+BY+priority+DESC&mode=hide
- https://issues.apache.org/jira/secure/IssueNavigator.jspa?reset=true&jqlQuery=project+%3D+JCR+AND+component+%3D+jackrabbit-spi2dav+AND+status+%3D+Open+ORDER+BY+priority+DESC&mode=hide
+ Known issues of jcr2spi and spi2dav(ex) are listed at
+ https://issues.apache.org/jira/secure/IssueNavigator.jspa?reset=true&jqlQuery=project+%3D+JCR+AND+component+%3D+jackrabbit-jcr2spi+AND+status+%3D+Open+ORDER+BY+priority+DESC&mode=hide
+ https://issues.apache.org/jira/secure/IssueNavigator.jspa?reset=true&jqlQuery=project+%3D+JCR+AND+component+%3D+jackrabbit-spi2dav+AND+status+%3D+Open+ORDER+BY+priority+DESC&mode=hide
- -->
- <!-- ***** PLEASE update jcr2dav/pom.xml as well ********* -->
- <!-- wrong exception: ConstraintViolationEx. instead SAXException/InvalidSerializedDataEx.-->
- org.apache.jackrabbit.test.api.SerializationTest#testNodeTypeConstraintViolationWorkspace
- <!-- JCR-2538 : impersonation not implemented -->
- org.apache.jackrabbit.test.api.ImpersonateTest
- <!-- JCR-2099 : shareable nodes -->
- org.apache.jackrabbit.test.api.ShareableNodeTest
- <!-- JCR-2228 : life cycle management -->
- org.apache.jackrabbit.test.api.LifecycleTest
- <!-- lock token transfer -->
- org.apache.jackrabbit.test.api.lock.LockManagerTest#testAddInvalidLockToken
- org.apache.jackrabbit.test.api.lock.LockManagerTest#testAddLockTokenToAnotherSession
- org.apache.jackrabbit.test.api.lock.LockManagerTest#testLockTransfer2
- <!-- JCR-2533 : missing impl of checkQueryStatement -->
- org.apache.jackrabbit.test.api.query.CreateQueryTest#testUnknownQueryLanguage
- <!-- JCR-2533 : missing impl of checkQueryStatement -->
- org.apache.jackrabbit.test.api.query.qom.BindVariableValueTest
- <!-- JCR-2112 : simple versioning not implemented -->
- org.apache.jackrabbit.test.api.version.simple
- <!-- JCR-2104 : activities and configuration -->
- org.apache.jackrabbit.test.api.version.ActivitiesTest
- org.apache.jackrabbit.test.api.version.MergeActivityTest#testMergeActivity
- org.apache.jackrabbit.test.api.version.ConfigurationsTest
- <!-- JCR-2560 -->
- org.apache.jackrabbit.jcr2spi.IsSameTest#testIsSameProperty3
- org.apache.jackrabbit.jcr2spi.IsSameTest#testIsSameProperty4
- org.apache.jackrabbit.jcr2spi.IsSameTest#testIsSameNode7
- <!-- Known, general issue of the Jcr2Spi - SPI setup.
- No notification about changes to registered namespace(s) -->
- org.apache.jackrabbit.jcr2spi.name.NamespaceRegistryTest#testReRegisteredNamespace
- org.apache.jackrabbit.jcr2spi.name.NamespaceRegistryTest#testReRegisteredNamespaceVisibility
- </value>
- </property>
- </systemProperties>
- </configuration>
- </plugin>
- <plugin>
- <artifactId>maven-assembly-plugin</artifactId>
- <executions>
- <execution>
- <phase>package</phase>
- <goals>
- <goal>single</goal>
- </goals>
- <configuration>
- <descriptors>
- <descriptor>assembly.xml</descriptor>
- </descriptors>
- </configuration>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.apache.jackrabbit</groupId>
- <artifactId>jackrabbit-spi</artifactId>
- <version>${project.version}</version>
- <classifier />
- </dependency>
- <dependency>
- <groupId>org.apache.jackrabbit</groupId>
- <artifactId>jackrabbit-spi-commons</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.jackrabbit</groupId>
- <artifactId>jackrabbit-jcr-commons</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>org.apache.jackrabbit</groupId>
- <artifactId>jackrabbit-webdav</artifactId>
- <version>${project.version}</version>
- </dependency>
- <dependency>
- <groupId>javax.jcr</groupId>
- <artifactId>jcr</artifactId>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- </dependency>
- <dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpmime</artifactId>
- <version>4.5.12</version>
- </dependency>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.jackrabbit</groupId>
- <artifactId>jackrabbit-jcr-tests</artifactId>
- <version>${project.version}</version>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.jackrabbit</groupId>
- <artifactId>jackrabbit-jcr2spi</artifactId>
- <version>${project.version}</version>
- <classifier />
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.jackrabbit</groupId>
- <artifactId>jackrabbit-jcr2spi</artifactId>
- <version>${project.version}</version>
- <classifier>tests</classifier>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.apache.jackrabbit</groupId>
- <artifactId>jackrabbit-spi</artifactId>
- <classifier>tests</classifier>
- <version>${project.version}</version>
- <scope>test</scope>
- </dependency>
- </dependencies>
+ -->
+ <!-- ***** PLEASE update jcr2dav/pom.xml as well ********* -->
+ <!-- wrong exception: ConstraintViolationEx. instead SAXException/InvalidSerializedDataEx. -->
+ org.apache.jackrabbit.test.api.SerializationTest#testNodeTypeConstraintViolationWorkspace
+ <!-- JCR-2538 : impersonation not implemented -->
+ org.apache.jackrabbit.test.api.ImpersonateTest
+ <!-- JCR-2099 : shareable nodes -->
+ org.apache.jackrabbit.test.api.ShareableNodeTest
+ <!-- JCR-2228 : life cycle management -->
+ org.apache.jackrabbit.test.api.LifecycleTest
+ <!-- lock token transfer -->
+ org.apache.jackrabbit.test.api.lock.LockManagerTest#testAddInvalidLockToken
+ org.apache.jackrabbit.test.api.lock.LockManagerTest#testAddLockTokenToAnotherSession
+ org.apache.jackrabbit.test.api.lock.LockManagerTest#testLockTransfer2
+ <!-- JCR-2533 : missing impl of checkQueryStatement -->
+ org.apache.jackrabbit.test.api.query.CreateQueryTest#testUnknownQueryLanguage
+ <!-- JCR-2533 : missing impl of checkQueryStatement -->
+ org.apache.jackrabbit.test.api.query.qom.BindVariableValueTest
+ <!-- JCR-2112 : simple versioning not implemented -->
+ org.apache.jackrabbit.test.api.version.simple
+ <!-- JCR-2104 : activities and configuration -->
+ org.apache.jackrabbit.test.api.version.ActivitiesTest
+ org.apache.jackrabbit.test.api.version.MergeActivityTest#testMergeActivity
+ org.apache.jackrabbit.test.api.version.ConfigurationsTest
+ <!-- JCR-2560 -->
+ org.apache.jackrabbit.jcr2spi.IsSameTest#testIsSameProperty3
+ org.apache.jackrabbit.jcr2spi.IsSameTest#testIsSameProperty4
+ org.apache.jackrabbit.jcr2spi.IsSameTest#testIsSameNode7
+ <!-- Known, general issue of the Jcr2Spi - SPI setup.
+ No notification about changes to registered namespace(s) -->
+ org.apache.jackrabbit.jcr2spi.name.NamespaceRegistryTest#testReRegisteredNamespace
+ org.apache.jackrabbit.jcr2spi.name.NamespaceRegistryTest#testReRegisteredNamespaceVisibility
+ </value>
+ </property>
+ </systemProperties>
+ </configuration>
+ </plugin>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>single</goal>
+ </goals>
+ <configuration>
+ <descriptors>
+ <descriptor>assembly.xml</descriptor>
+ </descriptors>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+ <profiles>
+ <profile>
+ <id>integrationTesting</id>
+ <properties>
+ <litmus>litmus</litmus>
+ </properties>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-surefire-plugin</artifactId>
+ <configuration>
+ <systemProperties>
+ <property>
+ <name>jackrabbit.test.integration</name>
+ <value>true</value>
+ </property>
+ </systemProperties>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-spi</artifactId>
+ <version>${project.version}</version>
+ <classifier/>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-spi-commons</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-jcr-commons</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-webdav</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.jcr</groupId>
+ <artifactId>jcr</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>javax.servlet-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.httpcomponents</groupId>
+ <artifactId>httpmime</artifactId>
+ <version>4.5.12</version>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-jcr-tests</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-jcr2spi</artifactId>
+ <version>${project.version}</version>
+ <classifier/>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-jcr2spi</artifactId>
+ <version>${project.version}</version>
+ <classifier>tests</classifier>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-spi</artifactId>
+ <classifier>tests</classifier>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <!-- testing classes provided by jcr-server -->
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-jcr-server</artifactId>
+ <classifier>tests</classifier>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-jcr-server</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <!-- transitive dependencies of jackrabbit-jcr-server -->
+ <dependency>
+ <groupId>org.apache.jackrabbit</groupId>
+ <artifactId>jackrabbit-core</artifactId>
+ <version>${project.version}</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-server</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-servlet</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.derby</groupId>
+ <artifactId>derby</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <!-- for testing connection via a proxy -->
+ <dependency>
+ <groupId>org.littleshoot</groupId>
+ <artifactId>littleproxy</artifactId>
+ <version>1.1.2</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
Review comment:
Could you please backout the whitespace changes?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit] kwin edited a comment on pull request #92: JCR-4536 optionally allow insecure TLS connections (self-signed cert,
Posted by GitBox <gi...@apache.org>.
kwin edited a comment on pull request #92:
URL: https://github.com/apache/jackrabbit/pull/92#issuecomment-653654470
This replaces #88. @reschke Please tell me what you think!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit] kwin commented on a change in pull request #92: JCR-4536 optionally allow insecure TLS connections (self-signed cert,
Posted by GitBox <gi...@apache.org>.
kwin commented on a change in pull request #92:
URL: https://github.com/apache/jackrabbit/pull/92#discussion_r450154670
##########
File path: jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/RepositoryServiceImpl.java
##########
@@ -341,15 +353,41 @@ public RepositoryServiceImpl(String uri, IdFactory idFactory,
throw new RepositoryException(e);
}
+ // TODO: move to ConnectionOptions as well
Review comment:
Done in https://github.com/apache/jackrabbit/pull/92/commits/9ef98400bcf513aa3ce1fedabad95a032a3d543e
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit] kwin commented on pull request #92: JCR-4536 optionally allow insecure TLS connections (self-signed cert,
Posted by GitBox <gi...@apache.org>.
kwin commented on pull request #92:
URL: https://github.com/apache/jackrabbit/pull/92#issuecomment-655961332
I tested the changes with https://github.com/apache/jackrabbit-filevault/pull/92/files and it works fine there.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit] reschke commented on a change in pull request #92: JCR-4536 optionally allow insecure TLS connections (self-signed cert,
Posted by GitBox <gi...@apache.org>.
reschke commented on a change in pull request #92:
URL: https://github.com/apache/jackrabbit/pull/92#discussion_r455772487
##########
File path: jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/ConnectionOptions.java
##########
@@ -0,0 +1,447 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.spi2dav;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+
+/**
+ * Advanced connection options to use for connections to a remote repository.
+ *
+ */
+public final class ConnectionOptions {
+
+ private final boolean isUseSystemPropertes;
+ private final int maxConnections;
+ private final boolean isAllowSelfSignedCertificates;
+ private final boolean isDisableHostnameVerification;
+ private final String proxyHost;
+ private final int proxyPort;
+ private final String proxyProtocol;
+ private final String proxyUsername;
+ private final String proxyPassword;
+ private final int connectionTimeoutMs;
+ private final int requestTimeoutMs;
+ private final int socketTimeoutMs;
+
+ /**
+ * Boolean flag whether to use the default Java system properties for setting proxy, TLS and further options.
+ * Default = {@code false}.
+ *
+ * @see <a href="https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/client/HttpClientBuilder.html">HttpClientBuilder</a>
+ */
Review comment:
we should be able to use {@link ...} here
##########
File path: jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/ConnectionOptions.java
##########
@@ -0,0 +1,447 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.spi2dav;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+
+/**
+ * Advanced connection options to use for connections to a remote repository.
+ *
+ */
+public final class ConnectionOptions {
+
+ private final boolean isUseSystemPropertes;
+ private final int maxConnections;
+ private final boolean isAllowSelfSignedCertificates;
+ private final boolean isDisableHostnameVerification;
+ private final String proxyHost;
+ private final int proxyPort;
+ private final String proxyProtocol;
+ private final String proxyUsername;
+ private final String proxyPassword;
+ private final int connectionTimeoutMs;
+ private final int requestTimeoutMs;
+ private final int socketTimeoutMs;
+
+ /**
+ * Boolean flag whether to use the default Java system properties for setting proxy, TLS and further options.
+ * Default = {@code false}.
+ *
+ * @see <a href="https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/client/HttpClientBuilder.html">HttpClientBuilder</a>
+ */
+ public static final String PARAM_USE_SYSTEM_PROPERTIES = "connection.useSystemProperties";
+
+ /**
+ * Boolean flag whether to allow self-signed certificates of remote repositories.
+ * Default = {@code false}.
+ */
+ public static final String PARAM_ALLOW_SELF_SIGNED_CERTIFICATES = "connection.allowSelfSignedCertificates";
+
+ /**
+ * Boolean flag whether to disable the host name verification against the common name of the server's certificate.
+ * Default = {@code false}.
+ */
+ public static final String PARAM_DISABLE_HOSTNAME_VERIFICATION = "connection.disableHostnameVerification";
+
+ /**
+ * The host of a proxy server.
+ */
+ public static final String PARAM_PROXY_HOST = "connection.proxyHost";
+
+ /**
+ * Integer value for the proxy's port. Only effective if {@link #PARAM_PROXY_HOST} is used as well. If -1 or not set the default for the scheme will be used.
+ */
+ public static final String PARAM_PROXY_PORT = "connection.proxyPort";
+
+ /**
+ * The protocol for which to use the proxy. Only effective if {@link #PARAM_PROXY_HOST} is used as well.
+ */
+ public static final String PARAM_PROXY_PROTOCOL = "connection.proxyProtocol";
+
+ /**
+ * The user name to authenticate at the proxy. Only effective if {@link #PARAM_PROXY_HOST} is used as well.
+ */
+ public static final String PARAM_PROXY_USERNAME = "connection.proxyUsername";
+
+ /**
+ * The password to authenticate at the proxy. Only effective if {@link #PARAM_PROXY_HOST} and {@link #PARAM_PROXY_USERNAME} are used as well.
+ */
+ public static final String PARAM_PROXY_PASSWORD = "connection.proxyPassword";
+
+ /**
+ * The connection timeout in milliseconds as Integer. -1 for default, 0 for infinite.
+ */
+ public static final String PARAM_CONNECTION_TIMEOUT_MS = "connection.connectionTimeoutMs";
+
+ /**
+ * The request timeout in milliseconds as Integer. -1 for default, 0 for infinite.
+ */
+ public static final String PARAM_REQUEST_TIMEOUT_MS = "connection.requestTimeoutMs";
+
+ /**
+ * The request timeout in milliseconds as Integer. -1 for default, 0 for infinite.
+ */
+ public static final String PARAM_SOCKET_TIMEOUT_MS = "connection.socketTimeoutMs";
+
+ /**
+ * Optional configuration parameter: Its value defines the
+ * maximumConnectionsPerHost value on the HttpClient configuration and
+ * must be an int greater than zero.
+ * @deprecated Use {@link #PARAM_MAX_CONNECTIONS} instead.
+ */
+ @Deprecated
+ private static final String PARAM_MAX_CONNECTIONS_LEGACY = "MaxConnections";
+
+ /**
+ * Optional configuration parameter: Its value defines the
+ * maximumConnectionsPerHost value on the HttpClient configuration and
+ * must be an int greater than zero.
+ */
+ public static final String PARAM_MAX_CONNECTIONS = "connection.maxConnections";
+
+
+ /**
+ * Default value for the maximum number of connections per host such as
+ * configured with {@link PoolingHttpClientConnectionManager#setDefaultMaxPerRoute(int)}.
+ */
+ public static final int MAX_CONNECTIONS_DEFAULT = 20;
+
+ /**
+ * The default connection options with regular TLS settings, without proxy and not leveraging system properties
+ */
+ public static final ConnectionOptions DEFAULT = new ConnectionOptions.Builder().build();
+
+ private ConnectionOptions(boolean isUseSystemPropertes, int maxConnections, boolean isAllowSelfSignedCertificates, boolean isDisableHostnameVerification, int connectionTimeoutMs, int requestTimeoutMs, int socketTimeoutMs, String proxyHost, int proxyPort, String proxyProtocol, String proxyUsername, String proxyPassword) {
+ super();
+ this.isUseSystemPropertes = isUseSystemPropertes;
+ this.maxConnections = maxConnections;
+ this.isAllowSelfSignedCertificates = isAllowSelfSignedCertificates;
+ this.isDisableHostnameVerification = isDisableHostnameVerification;
+ this.connectionTimeoutMs = connectionTimeoutMs;
+ this.requestTimeoutMs = requestTimeoutMs;
+ this.socketTimeoutMs = socketTimeoutMs;
+ this.proxyHost = proxyHost;
+ this.proxyPort = proxyPort;
+ this.proxyProtocol = proxyProtocol;
+ this.proxyUsername = proxyUsername;
+ this.proxyPassword = proxyPassword;
+ }
+
+ public boolean isUseSystemPropertes() {
+ return isUseSystemPropertes;
+ }
+
+ public boolean isAllowSelfSignedCertificates() {
+ return isAllowSelfSignedCertificates;
+ }
+
+ public boolean isDisableHostnameVerification() {
+ return isDisableHostnameVerification;
+ }
+
+ public int getMaxConnections() {
+ return maxConnections;
+ }
+
+ public int getConnectionTimeoutMs() {
+ return connectionTimeoutMs;
+ }
+
+ public int getRequestTimeoutMs() {
+ return requestTimeoutMs;
+ }
+
+ public int getSocketTimeoutMs() {
+ return socketTimeoutMs;
+ }
+
+ public String getProxyHost() {
+ return proxyHost;
+ }
+
+ public int getProxyPort() {
+ return proxyPort;
+ }
+
+ public String getProxyProtocol() {
+ return proxyProtocol;
+ }
+
+ public String getProxyUsername() {
+ return proxyUsername;
+ }
+
+ public String getProxyPassword() {
+ return proxyPassword;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + connectionTimeoutMs;
+ result = prime * result + (isAllowSelfSignedCertificates ? 1231 : 1237);
+ result = prime * result + (isDisableHostnameVerification ? 1231 : 1237);
+ result = prime * result + (isUseSystemPropertes ? 1231 : 1237);
+ result = prime * result + maxConnections;
+ result = prime * result + ((proxyHost == null) ? 0 : proxyHost.hashCode());
+ result = prime * result + ((proxyPassword == null) ? 0 : proxyPassword.hashCode());
+ result = prime * result + proxyPort;
+ result = prime * result + ((proxyProtocol == null) ? 0 : proxyProtocol.hashCode());
+ result = prime * result + ((proxyUsername == null) ? 0 : proxyUsername.hashCode());
+ result = prime * result + requestTimeoutMs;
+ result = prime * result + socketTimeoutMs;
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ ConnectionOptions other = (ConnectionOptions) obj;
+ if (connectionTimeoutMs != other.connectionTimeoutMs)
+ return false;
+ if (isAllowSelfSignedCertificates != other.isAllowSelfSignedCertificates)
+ return false;
+ if (isDisableHostnameVerification != other.isDisableHostnameVerification)
+ return false;
+ if (isUseSystemPropertes != other.isUseSystemPropertes)
+ return false;
+ if (maxConnections != other.maxConnections)
+ return false;
+ if (proxyHost == null) {
+ if (other.proxyHost != null)
+ return false;
+ } else if (!proxyHost.equals(other.proxyHost))
+ return false;
+ if (proxyPassword == null) {
+ if (other.proxyPassword != null)
+ return false;
+ } else if (!proxyPassword.equals(other.proxyPassword))
+ return false;
+ if (proxyPort != other.proxyPort)
+ return false;
+ if (proxyProtocol == null) {
+ if (other.proxyProtocol != null)
+ return false;
+ } else if (!proxyProtocol.equals(other.proxyProtocol))
+ return false;
+ if (proxyUsername == null) {
+ if (other.proxyUsername != null)
+ return false;
+ } else if (!proxyUsername.equals(other.proxyUsername))
+ return false;
+ if (requestTimeoutMs != other.requestTimeoutMs)
+ return false;
+ if (socketTimeoutMs != other.socketTimeoutMs)
+ return false;
+ return true;
+ }
+
+ @Override
+ public String toString() {
+ return "ConnectionOptions [isUseSystemPropertes=" + isUseSystemPropertes + ", maxConnections=" + maxConnections
+ + ", isAllowSelfSignedCertificates=" + isAllowSelfSignedCertificates + ", isDisableHostnameVerification="
+ + isDisableHostnameVerification + ", proxyHost=" + proxyHost + ", proxyPort=" + proxyPort + ", proxyProtocol="
+ + proxyProtocol + ", proxyUsername=" + proxyUsername + ", proxyPassword=" + proxyPassword + ", connectionTimeoutMs="
+ + connectionTimeoutMs + ", requestTimeoutMs=" + requestTimeoutMs + ", socketTimeoutMs=" + socketTimeoutMs + "]";
+ }
+
+ public Map<String, String> toServiceFactoryParameters(String parameterPrefix) {
+ Map<String, String> parameters = new HashMap<>();
+ if (isUseSystemPropertes) {
+ parameters.put(parameterPrefix + PARAM_USE_SYSTEM_PROPERTIES, Boolean.toString(isUseSystemPropertes));
+ }
+ if (maxConnections != MAX_CONNECTIONS_DEFAULT) {
+ parameters.put(parameterPrefix + PARAM_MAX_CONNECTIONS, Integer.toString(maxConnections));
+ }
+ if (isAllowSelfSignedCertificates) {
+ parameters.put(parameterPrefix + PARAM_ALLOW_SELF_SIGNED_CERTIFICATES, Boolean.toString(isAllowSelfSignedCertificates));
+ }
+ if (isDisableHostnameVerification) {
+ parameters.put(parameterPrefix + PARAM_DISABLE_HOSTNAME_VERIFICATION, Boolean.toString(isDisableHostnameVerification));
+ }
+ if (connectionTimeoutMs != -1) {
+ parameters.put(parameterPrefix + PARAM_CONNECTION_TIMEOUT_MS, Integer.toString(connectionTimeoutMs));
+ }
+ if (requestTimeoutMs != -1) {
+ parameters.put(parameterPrefix + PARAM_REQUEST_TIMEOUT_MS, Integer.toString(requestTimeoutMs));
+ }
+ if (socketTimeoutMs != -1) {
+ parameters.put(parameterPrefix + PARAM_SOCKET_TIMEOUT_MS, Integer.toString(socketTimeoutMs));
+ }
+ if (proxyHost != null) {
+ parameters.put(parameterPrefix + PARAM_PROXY_HOST, proxyHost);
+ }
+ if (proxyPort != -1) {
+ parameters.put(parameterPrefix + PARAM_PROXY_PORT, Integer.toString(proxyPort));
+ }
+ if (proxyProtocol != null) {
+ parameters.put(parameterPrefix + PARAM_PROXY_PROTOCOL, proxyProtocol);
+ }
+ if (proxyUsername != null) {
+ parameters.put(parameterPrefix + PARAM_PROXY_USERNAME, proxyUsername);
+ }
+ if (proxyPassword != null) {
+ parameters.put(parameterPrefix + PARAM_PROXY_PASSWORD, proxyPassword);
+ }
+ return parameters;
+ }
+
+ public static ConnectionOptions fromServiceFactoryParameters(String parameterPrefix, Map<?, ?> parameters) {
+ return new ConnectionOptions(
+ getBooleanValueFromParameter(parameterPrefix, parameters, false, PARAM_USE_SYSTEM_PROPERTIES),
+ getIntegerValueFromParameter(parameterPrefix, parameters, MAX_CONNECTIONS_DEFAULT, PARAM_MAX_CONNECTIONS, PARAM_MAX_CONNECTIONS_LEGACY),
+ getBooleanValueFromParameter(parameterPrefix, parameters, false, PARAM_ALLOW_SELF_SIGNED_CERTIFICATES),
+ getBooleanValueFromParameter(parameterPrefix, parameters, false, PARAM_DISABLE_HOSTNAME_VERIFICATION),
+ getIntegerValueFromParameter(parameterPrefix, parameters, -1, PARAM_CONNECTION_TIMEOUT_MS),
+ getIntegerValueFromParameter(parameterPrefix, parameters, -1, PARAM_REQUEST_TIMEOUT_MS),
+ getIntegerValueFromParameter(parameterPrefix, parameters, -1, PARAM_SOCKET_TIMEOUT_MS),
+ getStringValueFromParameter(parameterPrefix, parameters, null, PARAM_PROXY_HOST),
+ getIntegerValueFromParameter(parameterPrefix, parameters, -1, PARAM_PROXY_PORT),
+ getStringValueFromParameter(parameterPrefix, parameters, null, PARAM_PROXY_PROTOCOL),
+ getStringValueFromParameter(parameterPrefix, parameters, null, PARAM_PROXY_USERNAME),
+ getStringValueFromParameter(parameterPrefix, parameters, null, PARAM_PROXY_PASSWORD));
+ }
+
+ private static int getIntegerValueFromParameter(String parameterPrefix, Map<?, ?> parameters, int defaultValue, String... parameterKeys) {
+ for (String key : parameterKeys) {
+ Object value = parameters.get(parameterPrefix+key);
+ if (value != null) {
+ try {
+ return Integer.parseInt(value.toString());
+ } catch ( NumberFormatException e ) {
+ // using default
Review comment:
maybe log the exception?
(also whitespace)
##########
File path: jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/RepositoryServiceImpl.java
##########
@@ -226,7 +243,9 @@
/**
* Default value for the maximum number of connections per host such as
* configured with {@link PoolingHttpClientConnectionManager#setDefaultMaxPerRoute(int)}.
+ * @deprecated Use {@link ConnectionOptions#MAX_CONNECTIONS_DEFAULT} instead
*/
+ @Deprecated
Review comment:
I believe we can just remove this.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit] kwin commented on a change in pull request #92: JCR-4536 optionally allow insecure TLS connections (self-signed cert,
Posted by GitBox <gi...@apache.org>.
kwin commented on a change in pull request #92:
URL: https://github.com/apache/jackrabbit/pull/92#discussion_r449689161
##########
File path: jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/RepositoryServiceImpl.java
##########
@@ -341,15 +353,41 @@ public RepositoryServiceImpl(String uri, IdFactory idFactory,
throw new RepositoryException(e);
}
+ // TODO: move to ConnectionOptions as well
Review comment:
I tend to move this option as well!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit] kwin commented on pull request #92: JCR-4536 optionally allow insecure TLS connections (self-signed cert,
Posted by GitBox <gi...@apache.org>.
kwin commented on pull request #92:
URL: https://github.com/apache/jackrabbit/pull/92#issuecomment-653654470
This replaces #88. @reschke Please tell me what you think?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit] kwin commented on a change in pull request #92: JCR-4536 optionally allow insecure TLS connections (self-signed cert,
Posted by GitBox <gi...@apache.org>.
kwin commented on a change in pull request #92:
URL: https://github.com/apache/jackrabbit/pull/92#discussion_r455784043
##########
File path: jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/Spi2davRepositoryServiceFactory.java
##########
@@ -136,22 +140,6 @@ public RepositoryService createRepositoryService(Map<?, ?> parameters) throws Re
// ignore, use default
}
}
-
- // max connections config
- int maximumHttpConnections = 0;
- param = parameters.get(PARAM_MAX_CONNECTIONS);
- if (param != null) {
- try {
- maximumHttpConnections = Integer.parseInt(param.toString());
- } catch ( NumberFormatException e ) {
- // using default
- }
- }
-
- if (maximumHttpConnections > 0) {
- return new RepositoryServiceImpl(uri, idFactory, nameFactory, pathFactory, vFactory, itemInfoCacheSize, maximumHttpConnections);
- } else {
- return new RepositoryServiceImpl(uri, idFactory, nameFactory, pathFactory, vFactory, itemInfoCacheSize);
- }
+ return new RepositoryServiceImpl(uri, idFactory, nameFactory, pathFactory, vFactory, itemInfoCacheSize, ConnectionOptions.fromServiceFactoryParameters("org.apache.jackrabbit.spi2dav", parameters));
Review comment:
no dynamic prefix should be used for connection parameters
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [jackrabbit] kwin closed pull request #92: JCR-4536 optionally allow insecure TLS connections (self-signed cert,
Posted by GitBox <gi...@apache.org>.
kwin closed pull request #92:
URL: https://github.com/apache/jackrabbit/pull/92
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org