From ee0b26c61e4eb9251fb3a2fcc31fb276dcae7865 Mon Sep 17 00:00:00 2001
From: Priyanshu <pagarwal@amdocs.com>
Date: Wed, 27 Feb 2019 08:36:28 +0530
Subject: HTTPS support for workflow

1. Added support for both http and https on BE.
2. By default the HTTPS is not enabled.
3. Added some logging properties.
4. updated ReadMe.

Change-Id: I5337b19d6fe5eeaf7ded47019dc6bd3fbdcca309
Issue-ID: SDC-2136
Signed-off-by: priyanshu <pagarwal@amdocs.com>
---
 README.md                                          | 14 +++++++++--
 .../workflow/server/config/WebServerConfig.java    | 28 ++++++++++++++++++++++
 .../src/main/resources/application-dev.properties  | 27 +++++++++++++++++++--
 .../src/main/resources/application.properties      | 23 ++++++++++++++++--
 4 files changed, 86 insertions(+), 6 deletions(-)
 create mode 100644 workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/WebServerConfig.java

diff --git a/README.md b/README.md
index 4a84a7a3..87b980cb 100644
--- a/README.md
+++ b/README.md
@@ -98,7 +98,8 @@ messages. You can also see the logs of the initialization container using `docke
 `docker run -d -e SDC_PROTOCL=http/https -e SDC_ENDPOINT=<sdc-host>:<sdc-port> -e SDC_USER=<sdc-username>
 -e SDC_PASSWORD=<sdc-password> -e CS_HOSTS=<cassandra-hosts> -e CS_PORT=<cassandra-port>
 -e CS_AUTHENTICATE=true/false -e CS_USER=<cassandra-user> -e CS_PASSWORD=<cassandra-password>
--e JAVA_OPTIONS=<jvm-options> nexus3.onap.org:10001/onap/workflow-backend:latest`
+-e SSL_ENABLED=true/false -e SSL_KEY_PASSWORD=<ssl_key_password> -e SSL_KEYSTORE_PATH=<ssl_keystore_path> 
+-e SSL_KEYSTORE_TYPE=<ssl_keystore_type> -e JAVA_OPTIONS=<jvm-options> nexus3.onap.org:10001/onap/workflow-backend:latest`
 
 ### Environment Variables
 
@@ -122,12 +123,21 @@ assumed if this variable is not specified.
 
 - CS_PASSWORD &mdash; Cassandra password if CS_AUTHENTICATE is *true*.
 
+- SSL_ENABLED &mdash; whether ssl authentication must be used to connect to application. A *false* will be
+assumed if this variable is not specified.
+
+- SSL_KEY_PASSWORD &mdash; SSL key password if SSL_ENABLED is *true*.
+
+- SSL_KEYSTORE_PATH &mdash; SSL Keystore path if SSL_ENABLED is *true*.
+
+- SSL_KEYSTORE_TYPE &mdash; SSL Keystore type if SSL_ENABLED is *true*.
+
 - JAVA_OPTIONS &mdash; optionally, JVM (Java Virtual Machine) arguments.
 
 ### Example
 
 Assuming you have a dedicated Cassandra container as described in Database section, and the access to it is not
-protected with a password. The following command will start a backend container:
+protected with a password. The following command will start a backend container without SSL support:
 
 `docker run -d --name workflow-backend -e SDC_PROTOCOL=http
 -e SDC_ENDPOINT=$(docker inspect sdc-BE --format={{.NetworkSettings.IPAddress}}):8080
diff --git a/workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/WebServerConfig.java b/workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/WebServerConfig.java
new file mode 100644
index 00000000..3ba3f810
--- /dev/null
+++ b/workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/WebServerConfig.java
@@ -0,0 +1,28 @@
+package org.onap.sdc.workflow.server.config;
+
+import org.eclipse.jetty.server.ServerConnector;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.embedded.jetty.JettyServerCustomizer;
+import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory;
+import org.springframework.boot.web.server.WebServerFactoryCustomizer;
+import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class WebServerConfig implements WebServerFactoryCustomizer<ConfigurableServletWebServerFactory> {
+
+    @Value("${http.port}")
+    private int httpPort;
+
+    @Override
+    public void customize(ConfigurableServletWebServerFactory container) {
+        if (container instanceof JettyServletWebServerFactory) {
+            JettyServletWebServerFactory containerFactory = (JettyServletWebServerFactory) container;
+            containerFactory.addServerCustomizers((JettyServerCustomizer) server -> {
+                ServerConnector connector = new ServerConnector(server);
+                connector.setPort(httpPort);
+                server.addConnector(connector);
+            });
+        }
+    }
+}
diff --git a/workflow-designer-be/src/main/resources/application-dev.properties b/workflow-designer-be/src/main/resources/application-dev.properties
index 12a99021..97d81ac3 100644
--- a/workflow-designer-be/src/main/resources/application-dev.properties
+++ b/workflow-designer-be/src/main/resources/application-dev.properties
@@ -14,7 +14,18 @@
 # limitations under the License.
 #/
 server.servlet.context-path=/
-server.port=${SERVER_PORT:8080}
+http.port=${HTTP_PORT:8080}
+
+server.port=${SERVER_PORT:8443}
+server.ssl.enabled=${SSL_ENABLED:false}
+server.ssl.key-password=${SSL_KEY_PASSWORD:}
+server.ssl.key-store=${SSL_KEYSTORE_PATH:}
+server.ssl.key-store-type=${SSL_KEYSTORE_TYPE:}
+
+sdc.be.protocol=${SDC_PROTOCOL:}
+sdc.be.endpoint=${SDC_ENDPOINT:}
+sdc.be.external.user=${SDC_USER:}
+sdc.be.external.password=${SDC_PASSWORD:}
 
 #CASSANDRA
 spring.data.cassandra.contact-points=${CS_HOSTS:localhost}
@@ -29,4 +40,16 @@ management.endpoint.health.show-details=always
 
 #Headers are comma separated list
 onap.logging.requestIdHeader=X-ECOMP-RequestID,X-ONAP-RequestID
-onap.logging.partnerNameHeader=USER_ID
\ No newline at end of file
+onap.logging.partnerNameHeader=USER_ID
+
+logging.level.org.springframework=INFO
+logging.level.org.onap.sdc.workflow=INFO
+
+#output to a temp_folder/file
+logging.file=${java.io.tmpdir}/application.log
+
+# Logging pattern for the console
+logging.pattern.console= %d{yyyy-MM-dd HH:mm:ss} - %msg%n
+
+# Logging pattern for file
+logging.pattern.file= %d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%
\ No newline at end of file
diff --git a/workflow-designer-be/src/main/resources/application.properties b/workflow-designer-be/src/main/resources/application.properties
index 5fa56d82..1ff8311a 100644
--- a/workflow-designer-be/src/main/resources/application.properties
+++ b/workflow-designer-be/src/main/resources/application.properties
@@ -14,7 +14,14 @@
 # limitations under the License.
 #/
 server.servlet.context-path=/
-server.port=${SERVER_PORT:8080}
+http.port=${HTTP_PORT:8080}
+
+server.port=${SERVER_PORT:8443}
+server.ssl.enabled=${SSL_ENABLED:false}
+server.ssl.key-password=${SSL_KEY_PASSWORD:}
+server.ssl.key-store=${SSL_KEYSTORE_PATH:}
+server.ssl.key-store-type=${SSL_KEYSTORE_TYPE:}
+
 sdc.be.protocol=${SDC_PROTOCOL:}
 sdc.be.endpoint=${SDC_ENDPOINT:}
 sdc.be.external.user=${SDC_USER:}
@@ -33,4 +40,16 @@ management.endpoint.health.show-details=always
 
 #Headers are comma separated list
 onap.logging.requestIdHeader=X-ECOMP-RequestID,X-ONAP-RequestID
-onap.logging.partnerNameHeader=USER_ID
\ No newline at end of file
+onap.logging.partnerNameHeader=USER_ID
+
+logging.level.org.springframework=INFO
+logging.level.org.onap.sdc.workflow=INFO
+
+#output to a temp_folder/file
+logging.file=${java.io.tmpdir}/application.log
+
+# Logging pattern for the console
+logging.pattern.console= %d{yyyy-MM-dd HH:mm:ss} - %msg%n
+
+# Logging pattern for file
+logging.pattern.file= %d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%
\ No newline at end of file
-- 
cgit 1.2.3-korg