How to enable OpenSSL when loading the plugin in my own jar

[Augusto Altman Quaranta]

Hello everybody, hope you're doping great.

I have successfully integrated search-guard-ssl v2.0.1.16 plugin onto a Java (8) project of my own that uses the Elasticsearch Java API. I've followed this post and it's working fine. On the other hand I have successfully enabled OpenSSL on all of my ES nodes (thanks to this doc, section 'dynamically linked').

The problem comes when I try to enable OpenSSL on my Java project. I don't know exactly how to do this, I've tried different things and I'm always getting the following log:

Open SSL not available because of java.lang.UnsatisfiedLinkError: no netty-tcnative in java.library.path

To add a little more of complexity to the deal, I need to dynamically enable OpenSSL, just as I do with the ES nodes. If the netty-tcnative jar is available at some path then my service should start with OpenSSL.

Best,

Augusto.-

[SG]

did you install also apr (libapr1)?

> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/545ad5e4-a11d-4e06-ac47-f02ba38ebd20%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Augusto Altman Quaranta]

Yes I did.

[SG]

Maybe our unit tests can help you: https://github.com/floragunncom/search-guard-ssl/blob/master/src/test/java/com/floragunn/searchguard/ssl/OpenSSLTest.java
You also may want to read https://github.com/netty/netty/wiki/Forked-Tomcat-Native

> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/4aae3d72-34fe-41e0-baa3-7388009f8b1b%40googlegroups.com.

[Augusto Altman Quaranta]

Ok I will! thank you for sharing those links :).

In the meantime I want to clarify my current situation. First of all I have no problem with netty-tcnative itself nor with search-guard-ssl plugin. I have my entire ES cluster using the plugin + OpenSSL and I have gotten the following log on every single node:

[INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Open SSL OpenSSL 1.0.2j-fips    26 sep 2016 available

So search-guard-ssl is working just fine with OpenSSL. My problem comes when I load search-guard-ssl from my own java code as specified on this post (Using Transport Clients with Search Guard). To be completely honest I have no idea what should do I for enabling OpenSSL when I load the plugin from my own jar. I mean... for a regular ES node is as simple as pasting the netty-tcnative jar on the search-guard-ssl plugin folder. But, which are the steps for enabling it from a java project using a transport client?

Thank you very much for helping me.

Best, Augusto.-

[Augusto Altman Quaranta]

I solved it.

I'm using Spring Boot which ultimately generates a fat jar that you have to run using:

java -jar mysSpringBootApp.jar

Inside that fat jar is the Search Guard SSL plugin among other things (Elasticsearch, my java classes, etc). I wasn't able to tell the Search Guard SSL plugin where the netty-tcnative jar was in order to load it. After reading some code and digging a little about how Spring Boot bootstrap an application I managed to solve this problem by running my application like this (linux):

java -cp "/path/to/my/jar/mysSpringBootApp.jar:path/to/tcnative/jar/netty-tcnative.jar" org.springframework.boot.loader.JarLauncher

Augusto.-