You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2020/01/17 13:01:55 UTC

[syncope] branch master updated: Temp work around for https://github.com/spring-cloud/spring-cloud-gateway/issues/1532

This is an automated email from the ASF dual-hosted git repository.

ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
     new 2b7415f  Temp work around for https://github.com/spring-cloud/spring-cloud-gateway/issues/1532
2b7415f is described below

commit 2b7415f19c83b234b3392202e55d3a1dd9bb305e
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Fri Jan 17 14:01:39 2020 +0100

    Temp work around for https://github.com/spring-cloud/spring-cloud-gateway/issues/1532
---
 .../apache/syncope/sra/SyncopeSRAApplication.java  | 95 ++++++++++++++++++++++
 1 file changed, 95 insertions(+)

diff --git a/sra/src/main/java/org/apache/syncope/sra/SyncopeSRAApplication.java b/sra/src/main/java/org/apache/syncope/sra/SyncopeSRAApplication.java
index 5a2e05e..d607fcf 100644
--- a/sra/src/main/java/org/apache/syncope/sra/SyncopeSRAApplication.java
+++ b/sra/src/main/java/org/apache/syncope/sra/SyncopeSRAApplication.java
@@ -18,12 +18,19 @@
  */
 package org.apache.syncope.sra;
 
+import io.netty.channel.ChannelOption;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
+import java.security.cert.X509Certificate;
 import java.util.Objects;
 import org.apache.syncope.common.lib.types.IdRepoEntitlement;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.gateway.config.HttpClientProperties;
 import org.springframework.cloud.gateway.route.Route;
 import org.springframework.cloud.gateway.route.RouteLocator;
 import org.springframework.cloud.gateway.route.builder.RouteLocatorBuilder;
@@ -39,7 +46,12 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.util.matcher.NegatedServerWebExchangeMatcher;
 import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
+import org.springframework.boot.context.properties.PropertyMapper;
+import org.springframework.util.StringUtils;
 import reactor.core.publisher.Flux;
+import reactor.netty.http.client.HttpClient;
+import reactor.netty.resources.ConnectionProvider;
+import reactor.netty.tcp.ProxyProvider;
 
 @PropertySource("classpath:sra.properties")
 @PropertySource(value = "file:${conf.directory}/sra.properties", ignoreResourceNotFound = true)
@@ -47,6 +59,8 @@ import reactor.core.publisher.Flux;
 @SpringBootApplication
 public class SyncopeSRAApplication implements EnvironmentAware {
 
+    private static final Logger LOG = LoggerFactory.getLogger(SyncopeSRAApplication.class);
+
     public static void main(final String[] args) {
         SpringApplication.run(SyncopeSRAApplication.class, args);
     }
@@ -85,4 +99,85 @@ public class SyncopeSRAApplication implements EnvironmentAware {
                 build();
         return new MapReactiveUserDetailsService(user);
     }
+
+    /**
+     * Temp work around https://github.com/spring-cloud/spring-cloud-gateway/issues/1532 .
+     *
+     * @param properties Gateway HTTP Client properties
+     * @return Gateway HTTP Client instance
+     */
+    @Bean
+    public HttpClient gatewayHttpClient(final HttpClientProperties properties) {
+        // configure pool resources
+        HttpClientProperties.Pool pool = properties.getPool();
+
+        ConnectionProvider connectionProvider;
+        if (pool.getType() == HttpClientProperties.Pool.PoolType.DISABLED) {
+            connectionProvider = ConnectionProvider.newConnection();
+        } else if (pool.getType() == HttpClientProperties.Pool.PoolType.FIXED) {
+            connectionProvider = ConnectionProvider.fixed(
+                    pool.getName(), pool.getMaxConnections(), pool.getAcquireTimeout(), pool.getMaxIdleTime(), null);
+        } else {
+            connectionProvider = ConnectionProvider.elastic(pool.getName(), pool.getMaxIdleTime(), null);
+        }
+
+        HttpClient httpClient = HttpClient.create(connectionProvider).tcpConfiguration(tcpClient -> {
+            if (properties.getConnectTimeout() != null) {
+                tcpClient = tcpClient.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, properties.getConnectTimeout());
+            }
+
+            // configure proxy if proxy host is set.
+            HttpClientProperties.Proxy proxy = properties.getProxy();
+
+            if (StringUtils.hasText(proxy.getHost())) {
+                tcpClient = tcpClient.proxy(proxySpec -> {
+                    ProxyProvider.Builder builder = proxySpec.type(ProxyProvider.Proxy.HTTP).host(proxy.getHost());
+
+                    PropertyMapper map = PropertyMapper.get();
+
+                    map.from(proxy::getPort).whenNonNull().to(builder::port);
+                    map.from(proxy::getUsername).whenHasText().to(builder::username);
+                    map.from(proxy::getPassword).whenHasText().to(password -> builder.password(s -> password));
+                    map.from(proxy::getNonProxyHostsPattern).whenHasText().to(builder::nonProxyHosts);
+                });
+            }
+            return tcpClient;
+        });
+
+        HttpClientProperties.Ssl ssl = properties.getSsl();
+        if ((ssl.getKeyStore() != null && ssl.getKeyStore().length() > 0)
+                || ssl.getTrustedX509CertificatesForTrustManager().length > 0
+                || ssl.isUseInsecureTrustManager()) {
+
+            httpClient = httpClient.secure(sslContextSpec -> {
+                // configure ssl
+                SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
+
+                X509Certificate[] trustedX509Certificates = ssl.getTrustedX509CertificatesForTrustManager();
+                if (trustedX509Certificates.length > 0) {
+                    sslContextBuilder = sslContextBuilder.trustManager(trustedX509Certificates);
+                } else if (ssl.isUseInsecureTrustManager()) {
+                    sslContextBuilder = sslContextBuilder.trustManager(InsecureTrustManagerFactory.INSTANCE);
+                }
+
+                try {
+                    sslContextBuilder = sslContextBuilder.keyManager(ssl.getKeyManagerFactory());
+                } catch (Exception e) {
+                    LOG.error("During SSL configuration", e);
+                }
+
+                sslContextSpec.sslContext(sslContextBuilder).
+                        defaultConfiguration(ssl.getDefaultConfigurationType()).
+                        handshakeTimeout(ssl.getHandshakeTimeout()).
+                        closeNotifyFlushTimeout(ssl.getCloseNotifyFlushTimeout()).
+                        closeNotifyReadTimeout(ssl.getCloseNotifyReadTimeout());
+            });
+        }
+
+        if (properties.isWiretap()) {
+            httpClient = httpClient.wiretap(true);
+        }
+
+        return httpClient;
+    }
 }