Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: 1.4.1
    • Fix Version/s: 1.5.0
    • Component/s: java
    • Labels:
      None

      Description

      I don't see that it is possible to set up the HTTP RPC code to use SSL.

      Flume needs this feature if the Avro support is to keep pace with the Thrift support.

        Activity

        Hide
        Philip Zeyliger added a comment -

        Though Avro doesn't support it directly, it's not hard to work around. The following is cut and paste from some code we have internally, with some stuff removed (hence the pad indentation).

                SpecificResponder sr = new SpecificResponder(XProtocol.class,
                        new XProtocolImpl(...));
                Connector connector;
                XSettings settings;
        
                        SslSocketConnector sslconn = new SslSocketConnector();
                        sslconn.setKeystore(settings.getKeystorePath());
                        sslconn.setKeyPassword(settings.getKeystorePassword());
                        sslconn.setTruststore(settings.getTruststorePath());
                        sslconn.setTrustPassword(settings.getTruststorePassword());
                        sslconn.setNeedClientAuth(settings.isNeedAgentValidation());
                        connector = sslconn;
                       connector.setPort(XPort);
                  
                agentServer = new HttpConnectorServer(sr, connector);
        
        
        Show
        Philip Zeyliger added a comment - Though Avro doesn't support it directly, it's not hard to work around. The following is cut and paste from some code we have internally, with some stuff removed (hence the pad indentation). SpecificResponder sr = new SpecificResponder(XProtocol.class, new XProtocolImpl(...)); Connector connector; XSettings settings; SslSocketConnector sslconn = new SslSocketConnector(); sslconn.setKeystore(settings.getKeystorePath()); sslconn.setKeyPassword(settings.getKeystorePassword()); sslconn.setTruststore(settings.getTruststorePath()); sslconn.setTrustPassword(settings.getTruststorePassword()); sslconn.setNeedClientAuth(settings.isNeedAgentValidation()); connector = sslconn; connector.setPort(XPort); agentServer = new HttpConnectorServer(sr, connector);
        Hide
        Philip Langdale added a comment -

        That's slightly too little code.

        HttpConnectorServer is a trivial variation of HttpServer that uses a different Server contructor:

        To wit:

        public HttpConnectorServer(Responder responder, Connector connector)
        throws IOException

        { this(new ResponderServlet(responder), connector); }

        public HttpConnectorServer(ResponderServlet servlet, Connector connector)
        throws IOException

        { this.server = new org.mortbay.jetty.Server(); this.server.addConnector(connector); new Context(server, "/").addServlet(new ServletHolder(servlet), "/*"); }

        The rest is the same as HttpServer.

        Show
        Philip Langdale added a comment - That's slightly too little code. HttpConnectorServer is a trivial variation of HttpServer that uses a different Server contructor: To wit: public HttpConnectorServer(Responder responder, Connector connector) throws IOException { this(new ResponderServlet(responder), connector); } public HttpConnectorServer(ResponderServlet servlet, Connector connector) throws IOException { this.server = new org.mortbay.jetty.Server(); this.server.addConnector(connector); new Context(server, "/").addServlet(new ServletHolder(servlet), "/*"); } The rest is the same as HttpServer.
        Hide
        Bruce Mitchener added a comment -

        That could easily be folded into my patch for AVRO-701 ...

        It could also be a new method on HttpServer for addConnector to add a connector to the already-existing server so that one HttpServer can handle multiple connectors ...

        Show
        Bruce Mitchener added a comment - That could easily be folded into my patch for AVRO-701 ... It could also be a new method on HttpServer for addConnector to add a connector to the already-existing server so that one HttpServer can handle multiple connectors ...
        Hide
        Philip Langdale added a comment -

        Indeed. The comment above the code says:

        • It would probably be desirable to just add the connector based constructors
        • to the original avro HttpServer class.

        And yes, it would probably be worthwhile to expose addConnector, although I suppose
        at some point, you want to just get your loses and provide a getter for the Server
        instead of proxying the entire API

        Show
        Philip Langdale added a comment - Indeed. The comment above the code says: It would probably be desirable to just add the connector based constructors to the original avro HttpServer class. And yes, it would probably be worthwhile to expose addConnector, although I suppose at some point, you want to just get your loses and provide a getter for the Server instead of proxying the entire API
        Hide
        Bruce Mitchener added a comment -

        I folded this into the code for AVRO-701.

        Show
        Bruce Mitchener added a comment - I folded this into the code for AVRO-701 .

          People

          • Assignee:
            Bruce Mitchener
            Reporter:
            Bruce Mitchener
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development