You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nutch.apache.org by le...@apache.org on 2016/07/14 22:56:33 UTC
nutch git commit: NUTCH-2289 SSL support for Nutch 2.X REST API.
Repository: nutch
Updated Branches:
refs/heads/2.x 04eb5707e -> c210b9f2c
NUTCH-2289 SSL support for Nutch 2.X REST API.
Project: http://git-wip-us.apache.org/repos/asf/nutch/repo
Commit: http://git-wip-us.apache.org/repos/asf/nutch/commit/c210b9f2
Tree: http://git-wip-us.apache.org/repos/asf/nutch/tree/c210b9f2
Diff: http://git-wip-us.apache.org/repos/asf/nutch/diff/c210b9f2
Branch: refs/heads/2.x
Commit: c210b9f2cbcd22c5aa7458f85052262bdaa6df83
Parents: 04eb570
Author: Furkan KAMACI <fu...@gmail.com>
Authored: Thu Jul 14 01:20:34 2016 +0300
Committer: Furkan KAMACI <fu...@gmail.com>
Committed: Thu Jul 14 23:03:39 2016 +0300
----------------------------------------------------------------------
conf/nutch-default.xml | 31 +++++++++++-
src/java/org/apache/nutch/api/NutchServer.java | 50 +++++++++++++++-----
.../api/security/AuthenticationTypeEnum.java | 1 +
3 files changed, 67 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nutch/blob/c210b9f2/conf/nutch-default.xml
----------------------------------------------------------------------
diff --git a/conf/nutch-default.xml b/conf/nutch-default.xml
index a4fede2..10904a2 100644
--- a/conf/nutch-default.xml
+++ b/conf/nutch-default.xml
@@ -1439,7 +1439,7 @@
<name>restapi.auth</name>
<value>NONE</value>
<description>
- Configures authentication type for communicating with RESTAPI. Valid values are BASIC, DIGEST and NONE.
+ Configures authentication type for communicating with RESTAPI. Valid values are BASIC, DIGEST, SSL and NONE.
When no authentication type is defined NONE will be used as default which does not provide security.
Use the restapi.auth.username and restapi.auth.password properties to configure
your credentials if security is used.
@@ -1451,7 +1451,7 @@
<value>admin</value>
<description>
Username for REST API authentication. restapi.auth property should be set to either BASIC or DIGEST to use this property.
- "nutch" is used for username as default.
+ "admin" is used for username as default.
</description>
</property>
@@ -1464,4 +1464,31 @@
</description>
</property>
+<property>
+ <name>restapi.auth.ssl.storepath</name>
+ <value>etc/nutch-ssl.keystore.jks</value>
+ <description>
+ Key store path for jks file. restapi.auth property should be set to SSL to use this property.
+ etc/nutch-ssl.keystore.jks is used for restapi.auth.ssl.storepath as default.
+ </description>
+</property>
+
+<property>
+ <name>restapi.auth.ssl.storepass</name>
+ <value>password</value>
+ <description>
+ Key store path for jks file. restapi.auth property should be set to SSL to use this property.
+ "password" is used for restapi.auth.ssl.storepass as default.
+ </description>
+</property>
+
+<property>
+ <name>restapi.auth.ssl.keypass</name>
+ <value>password</value>
+ <description>
+ Key store path for jks file. restapi.auth property should be set to SSL to use this property.
+ "password" is used for restapi.auth.ssl.keypass as default.
+ </description>
+</property>
+
</configuration>
http://git-wip-us.apache.org/repos/asf/nutch/blob/c210b9f2/src/java/org/apache/nutch/api/NutchServer.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/nutch/api/NutchServer.java b/src/java/org/apache/nutch/api/NutchServer.java
index af948cd..b5ca6e8 100644
--- a/src/java/org/apache/nutch/api/NutchServer.java
+++ b/src/java/org/apache/nutch/api/NutchServer.java
@@ -46,6 +46,7 @@ import org.apache.nutch.api.resources.SeedResource;
import org.apache.nutch.api.security.AuthenticationTypeEnum;
import org.restlet.Component;
import org.restlet.Context;
+import org.restlet.Server;
import org.restlet.data.ChallengeScheme;
import org.restlet.data.Protocol;
import org.restlet.data.Reference;
@@ -54,6 +55,7 @@ import org.restlet.resource.ClientResource;
import org.restlet.security.ChallengeAuthenticator;
import org.restlet.ext.crypto.DigestAuthenticator;
import org.restlet.security.MapVerifier;
+import org.restlet.util.Series;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -92,14 +94,13 @@ public class NutchServer extends Application {
* 'INFO' however best attempts should always be made to specify a logging
* level.<br>
* {@link org.apache.nutch.api.NutchServer} can be run as secure. restapi.auth property
- * should be set to BASIC or DIGEST at <code>nutch-site.xml</code> to enable HTTP basic authentication
- * or digest authentication when communicating with RESTAPI.
- * Use restapi.auth.username and restapi.auth.auth.password properties at <code>nutch-site.xml</code> to configure
- * credentials when security is enabled with restapi.auth property.
- * should be set to true at <code>nutch-site.xml</code> to enable HTTP basic authentication
- * for communicating with RESTAPI.
- * Use the restapi.auth.username and restapi.auth.auth.password properties to configure
- * your credentials.
+ * should be set to BASIC, DIGEST or SSL at <code>nutch-site.xml</code> to enable HTTP basic authentication,
+ * digest authentication or SSL when communicating with RESTAPI.
+ * Set restapi.auth.username and restapi.auth.password properties at <code>nutch-site.xml</code> to configure
+ * credentials when BASIC or DIGEST authentication is used.
+ * Set restapi.auth.ssl.storepath, restapi.auth.ssl.storepass and restapi.auth.ssl.keypass when SSL is used.
+ *
+ * @see org.apache.nutch.api.security.AuthenticationTypeEnum
*/
public NutchServer() {
configManager = new RAMConfManager();
@@ -113,8 +114,33 @@ public class NutchServer extends Application {
component = new Component();
component.getLogger().setLevel(Level.parse(logLevel));
- // Add a new HTTP server listening on defined port.
- component.getServers().add(Protocol.HTTP, port);
+ AuthenticationTypeEnum authenticationType = configManager.get(ConfigResource.DEFAULT).getEnum("restapi.auth", AuthenticationTypeEnum.NONE);
+
+ if (authenticationType == AuthenticationTypeEnum.SSL) {
+ // Add a new HTTPS server listening on defined port.
+ Server server = component.getServers().add(Protocol.HTTPS, port);
+
+ Series parameters = server.getContext().getParameters();
+ parameters.add("sslContextFactory", "org.restlet.engine.ssl.DefaultSslContextFactory");
+
+ String keyStorePath = configManager.get(ConfigResource.DEFAULT)
+ .get("restapi.auth.ssl.storepath", "etc/nutch-ssl.keystore.jks");
+ parameters.add("keyStorePath", keyStorePath);
+
+ String keyStorePassword = configManager.get(ConfigResource.DEFAULT)
+ .get("restapi.auth.ssl.storepass", "password");
+ parameters.add("keyStorePassword", keyStorePassword);
+
+ String keyPassword = configManager.get(ConfigResource.DEFAULT)
+ .get("restapi.auth.ssl.keypass", "password");
+ parameters.add("keyPassword", keyPassword);
+
+ parameters.add("keyStoreType", "JKS");
+ LOG.info("SSL Authentication is set for NutchServer");
+ } else {
+ // Add a new HTTP server listening on defined port.
+ component.getServers().add(Protocol.HTTP, port);
+ }
Context childContext = component.getContext().createChildContext();
JaxRsApplication application = new JaxRsApplication(childContext);
@@ -122,11 +148,9 @@ public class NutchServer extends Application {
application.setStatusService(new ErrorStatusService());
childContext.getAttributes().put(NUTCH_SERVER, this);
- AuthenticationTypeEnum authenticationType = configManager.get(ConfigResource.DEFAULT).getEnum("restapi.auth", AuthenticationTypeEnum.NONE);
-
switch (authenticationType) {
case NONE:
- // Attach the application without security
+ case SSL:
component.getDefaultHost().attach(application);
break;
case BASIC:
http://git-wip-us.apache.org/repos/asf/nutch/blob/c210b9f2/src/java/org/apache/nutch/api/security/AuthenticationTypeEnum.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/nutch/api/security/AuthenticationTypeEnum.java b/src/java/org/apache/nutch/api/security/AuthenticationTypeEnum.java
index cfbffea..f156745 100644
--- a/src/java/org/apache/nutch/api/security/AuthenticationTypeEnum.java
+++ b/src/java/org/apache/nutch/api/security/AuthenticationTypeEnum.java
@@ -22,5 +22,6 @@ package org.apache.nutch.api.security;
public enum AuthenticationTypeEnum {
BASIC,
DIGEST,
+ SSL,
NONE
}