You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2020/01/17 13:01:55 UTC
[syncope] branch master updated: Temp work around for
https://github.com/spring-cloud/spring-cloud-gateway/issues/1532
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 2b7415f Temp work around for https://github.com/spring-cloud/spring-cloud-gateway/issues/1532
2b7415f is described below
commit 2b7415f19c83b234b3392202e55d3a1dd9bb305e
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Fri Jan 17 14:01:39 2020 +0100
Temp work around for https://github.com/spring-cloud/spring-cloud-gateway/issues/1532
---
.../apache/syncope/sra/SyncopeSRAApplication.java | 95 ++++++++++++++++++++++
1 file changed, 95 insertions(+)
diff --git a/sra/src/main/java/org/apache/syncope/sra/SyncopeSRAApplication.java b/sra/src/main/java/org/apache/syncope/sra/SyncopeSRAApplication.java
index 5a2e05e..d607fcf 100644
--- a/sra/src/main/java/org/apache/syncope/sra/SyncopeSRAApplication.java
+++ b/sra/src/main/java/org/apache/syncope/sra/SyncopeSRAApplication.java
@@ -18,12 +18,19 @@
*/
package org.apache.syncope.sra;
+import io.netty.channel.ChannelOption;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+import java.security.cert.X509Certificate;
import java.util.Objects;
import org.apache.syncope.common.lib.types.IdRepoEntitlement;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest;
import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.gateway.config.HttpClientProperties;
import org.springframework.cloud.gateway.route.Route;
import org.springframework.cloud.gateway.route.RouteLocator;
import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder;
@@ -39,7 +46,12 @@ import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
+import org.springframework.boot.context.properties.PropertyMapper;
+import org.springframework.util.StringUtils;
import reactor.core.publisher.Flux;
+import reactor.netty.http.client.HttpClient;
+import reactor.netty.resources.ConnectionProvider;
+import reactor.netty.tcp.ProxyProvider;
@PropertySource("classpath:sra.properties")
@PropertySource(value = "file:${conf.directory}/sra.properties", ignoreResourceNotFound = true)
@@ -47,6 +59,8 @@ import reactor.core.publisher.Flux;
@SpringBootApplication
public class SyncopeSRAApplication implements EnvironmentAware {
+ private static final Logger LOG = LoggerFactory.getLogger(SyncopeSRAApplication.class);
+
public static void main(final String[] args) {
SpringApplication.run(SyncopeSRAApplication.class, args);
}
@@ -85,4 +99,85 @@ public class SyncopeSRAApplication implements EnvironmentAware {
build();
return new MapReactiveUserDetailsService(user);
}
+
+ /**
+ * Temp work around https://github.com/spring-cloud/spring-cloud-gateway/issues/1532 .
+ *
+ * @param properties Gateway HTTP Client properties
+ * @return Gateway HTTP Client instance
+ */
+ @Bean
+ public HttpClient gatewayHttpClient(final HttpClientProperties properties) {
+ // configure pool resources
+ HttpClientProperties.Pool pool = properties.getPool();
+
+ ConnectionProvider connectionProvider;
+ if (pool.getType() == HttpClientProperties.Pool.PoolType.DISABLED) {
+ connectionProvider = ConnectionProvider.newConnection();
+ } else if (pool.getType() == HttpClientProperties.Pool.PoolType.FIXED) {
+ connectionProvider = ConnectionProvider.fixed(
+ pool.getName(), pool.getMaxConnections(), pool.getAcquireTimeout(), pool.getMaxIdleTime(), null);
+ } else {
+ connectionProvider = ConnectionProvider.elastic(pool.getName(), pool.getMaxIdleTime(), null);
+ }
+
+ HttpClient httpClient = HttpClient.create(connectionProvider).tcpConfiguration(tcpClient -> {
+ if (properties.getConnectTimeout() != null) {
+ tcpClient = tcpClient.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, properties.getConnectTimeout());
+ }
+
+ // configure proxy if proxy host is set.
+ HttpClientProperties.Proxy proxy = properties.getProxy();
+
+ if (StringUtils.hasText(proxy.getHost())) {
+ tcpClient = tcpClient.proxy(proxySpec -> {
+ ProxyProvider.Builder builder = proxySpec.type(ProxyProvider.Proxy.HTTP).host(proxy.getHost());
+
+ PropertyMapper map = PropertyMapper.get();
+
+ map.from(proxy::getPort).whenNonNull().to(builder::port);
+ map.from(proxy::getUsername).whenHasText().to(builder::username);
+ map.from(proxy::getPassword).whenHasText().to(password -> builder.password(s -> password));
+ map.from(proxy::getNonProxyHostsPattern).whenHasText().to(builder::nonProxyHosts);
+ });
+ }
+ return tcpClient;
+ });
+
+ HttpClientProperties.Ssl ssl = properties.getSsl();
+ if ((ssl.getKeyStore() != null && ssl.getKeyStore().length() > 0)
+ || ssl.getTrustedX509CertificatesForTrustManager().length > 0
+ || ssl.isUseInsecureTrustManager()) {
+
+ httpClient = httpClient.secure(sslContextSpec -> {
+ // configure ssl
+ SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
+
+ X509Certificate[] trustedX509Certificates = ssl.getTrustedX509CertificatesForTrustManager();
+ if (trustedX509Certificates.length > 0) {
+ sslContextBuilder = sslContextBuilder.trustManager(trustedX509Certificates);
+ } else if (ssl.isUseInsecureTrustManager()) {
+ sslContextBuilder = sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
+ }
+
+ try {
+ sslContextBuilder = sslContextBuilder.keyManager(ssl.getKeyManagerFactory());
+ } catch (Exception e) {
+ LOG.error("During SSL configuration", e);
+ }
+
+ sslContextSpec.sslContext(sslContextBuilder).
+ defaultConfiguration(ssl.getDefaultConfigurationType()).
+ handshakeTimeout(ssl.getHandshakeTimeout()).
+ closeNotifyFlushTimeout(ssl.getCloseNotifyFlushTimeout()).
+ closeNotifyReadTimeout(ssl.getCloseNotifyReadTimeout());
+ });
+ }
+
+ if (properties.isWiretap()) {
+ httpClient = httpClient.wiretap(true);
+ }
+
+ return httpClient;
+ }
}