diff options
author | Priyanshu <pagarwal@amdocs.com> | 2019-02-27 08:36:28 +0530 |
---|---|---|
committer | priyanshu <pagarwal@amdocs.com> | 2019-02-27 08:36:28 +0530 |
commit | ee0b26c61e4eb9251fb3a2fcc31fb276dcae7865 (patch) | |
tree | c2ba0fbf48559c7316e1e4482895232e9915bda0 | |
parent | a51021d6021ca2168c4a4ac7b8959dea52fc8b51 (diff) |
HTTPS support for workflow
1. Added support for both http and https on BE.
2. By default the HTTPS is not enabled.
3. Added some logging properties.
4. updated ReadMe.
Change-Id: I5337b19d6fe5eeaf7ded47019dc6bd3fbdcca309
Issue-ID: SDC-2136
Signed-off-by: priyanshu <pagarwal@amdocs.com>
4 files changed, 86 insertions, 6 deletions
@@ -98,7 +98,8 @@ messages. You can also see the logs of the initialization container using `docke `docker run -d -e SDC_PROTOCL=http/https -e SDC_ENDPOINT=<sdc-host>:<sdc-port> -e SDC_USER=<sdc-username> -e SDC_PASSWORD=<sdc-password> -e CS_HOSTS=<cassandra-hosts> -e CS_PORT=<cassandra-port> -e CS_AUTHENTICATE=true/false -e CS_USER=<cassandra-user> -e CS_PASSWORD=<cassandra-password> --e JAVA_OPTIONS=<jvm-options> nexus3.onap.org:10001/onap/workflow-backend:latest` +-e SSL_ENABLED=true/false -e SSL_KEY_PASSWORD=<ssl_key_password> -e SSL_KEYSTORE_PATH=<ssl_keystore_path> +-e SSL_KEYSTORE_TYPE=<ssl_keystore_type> -e JAVA_OPTIONS=<jvm-options> nexus3.onap.org:10001/onap/workflow-backend:latest` ### Environment Variables @@ -122,12 +123,21 @@ assumed if this variable is not specified. - CS_PASSWORD — Cassandra password if CS_AUTHENTICATE is *true*. +- SSL_ENABLED — whether ssl authentication must be used to connect to application. A *false* will be +assumed if this variable is not specified. + +- SSL_KEY_PASSWORD — SSL key password if SSL_ENABLED is *true*. + +- SSL_KEYSTORE_PATH — SSL Keystore path if SSL_ENABLED is *true*. + +- SSL_KEYSTORE_TYPE — SSL Keystore type if SSL_ENABLED is *true*. + - JAVA_OPTIONS — optionally, JVM (Java Virtual Machine) arguments. ### Example Assuming you have a dedicated Cassandra container as described in Database section, and the access to it is not -protected with a password. The following command will start a backend container: +protected with a password. The following command will start a backend container without SSL support: `docker run -d --name workflow-backend -e SDC_PROTOCOL=http -e SDC_ENDPOINT=$(docker inspect sdc-BE --format={{.NetworkSettings.IPAddress}}):8080 diff --git a/workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/WebServerConfig.java b/workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/WebServerConfig.java new file mode 100644 index 00000000..3ba3f810 --- /dev/null +++ b/workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/WebServerConfig.java @@ -0,0 +1,28 @@ +package org.onap.sdc.workflow.server.config; + +import org.eclipse.jetty.server.ServerConnector; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.web.embedded.jetty.JettyServerCustomizer; +import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory; +import org.springframework.boot.web.server.WebServerFactoryCustomizer; +import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory; +import org.springframework.context.annotation.Configuration; + +@Configuration +public class WebServerConfig implements WebServerFactoryCustomizer<ConfigurableServletWebServerFactory> { + + @Value("${http.port}") + private int httpPort; + + @Override + public void customize(ConfigurableServletWebServerFactory container) { + if (container instanceof JettyServletWebServerFactory) { + JettyServletWebServerFactory containerFactory = (JettyServletWebServerFactory) container; + containerFactory.addServerCustomizers((JettyServerCustomizer) server -> { + ServerConnector connector = new ServerConnector(server); + connector.setPort(httpPort); + server.addConnector(connector); + }); + } + } +} diff --git a/workflow-designer-be/src/main/resources/application-dev.properties b/workflow-designer-be/src/main/resources/application-dev.properties index 12a99021..97d81ac3 100644 --- a/workflow-designer-be/src/main/resources/application-dev.properties +++ b/workflow-designer-be/src/main/resources/application-dev.properties @@ -14,7 +14,18 @@ # limitations under the License. #/ server.servlet.context-path=/ -server.port=${SERVER_PORT:8080} +http.port=${HTTP_PORT:8080} + +server.port=${SERVER_PORT:8443} +server.ssl.enabled=${SSL_ENABLED:false} +server.ssl.key-password=${SSL_KEY_PASSWORD:} +server.ssl.key-store=${SSL_KEYSTORE_PATH:} +server.ssl.key-store-type=${SSL_KEYSTORE_TYPE:} + +sdc.be.protocol=${SDC_PROTOCOL:} +sdc.be.endpoint=${SDC_ENDPOINT:} +sdc.be.external.user=${SDC_USER:} +sdc.be.external.password=${SDC_PASSWORD:} #CASSANDRA spring.data.cassandra.contact-points=${CS_HOSTS:localhost} @@ -29,4 +40,16 @@ management.endpoint.health.show-details=always #Headers are comma separated list onap.logging.requestIdHeader=X-ECOMP-RequestID,X-ONAP-RequestID -onap.logging.partnerNameHeader=USER_ID
\ No newline at end of file +onap.logging.partnerNameHeader=USER_ID + +logging.level.org.springframework=INFO +logging.level.org.onap.sdc.workflow=INFO + +#output to a temp_folder/file +logging.file=${java.io.tmpdir}/application.log + +# Logging pattern for the console +logging.pattern.console= %d{yyyy-MM-dd HH:mm:ss} - %msg%n + +# Logging pattern for file +logging.pattern.file= %d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%
\ No newline at end of file diff --git a/workflow-designer-be/src/main/resources/application.properties b/workflow-designer-be/src/main/resources/application.properties index 5fa56d82..1ff8311a 100644 --- a/workflow-designer-be/src/main/resources/application.properties +++ b/workflow-designer-be/src/main/resources/application.properties @@ -14,7 +14,14 @@ # limitations under the License. #/ server.servlet.context-path=/ -server.port=${SERVER_PORT:8080} +http.port=${HTTP_PORT:8080} + +server.port=${SERVER_PORT:8443} +server.ssl.enabled=${SSL_ENABLED:false} +server.ssl.key-password=${SSL_KEY_PASSWORD:} +server.ssl.key-store=${SSL_KEYSTORE_PATH:} +server.ssl.key-store-type=${SSL_KEYSTORE_TYPE:} + sdc.be.protocol=${SDC_PROTOCOL:} sdc.be.endpoint=${SDC_ENDPOINT:} sdc.be.external.user=${SDC_USER:} @@ -33,4 +40,16 @@ management.endpoint.health.show-details=always #Headers are comma separated list onap.logging.requestIdHeader=X-ECOMP-RequestID,X-ONAP-RequestID -onap.logging.partnerNameHeader=USER_ID
\ No newline at end of file +onap.logging.partnerNameHeader=USER_ID + +logging.level.org.springframework=INFO +logging.level.org.onap.sdc.workflow=INFO + +#output to a temp_folder/file +logging.file=${java.io.tmpdir}/application.log + +# Logging pattern for the console +logging.pattern.console= %d{yyyy-MM-dd HH:mm:ss} - %msg%n + +# Logging pattern for file +logging.pattern.file= %d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%
\ No newline at end of file |