SSL Support
331 views
Skip to first unread message
Matt Berdine
Mar 29, 2012, 1:08:43 PM3/29/12
to dropwiz...@googlegroups.com
Hi,
I've been asked to evaluate DropWizard and possibly migrate all of our REST services currently running in Tomcat. So far, I'm very impressed with what I see. It is a very simple architecture and easy to develop against. The only issue I see is that we are required to run all of our services over SSL. Does DropWizard provide any SSL support? I have been through the HttpConfiguration and didn't see anything. I know Jetty supports SSL. Would I have to create a jetty.xml file to configure https?
Thanks
Coda Hale
Mar 29, 2012, 1:13:45 PM3/29/12
to dropwiz...@googlegroups.com
No, it doesn't. You'll either need to patch it or use an SSL-terminating proxy.
Dropwizard doesn't use jetty.xml. It doesn't use a servlet container.
---
Coda Hale
http://codahale.com
Matt Berdine
Mar 30, 2012, 12:39:39 PM3/30/12
to dropwiz...@googlegroups.com
Ok. Thanks.
I've added the basic functionality by adding an ssl configuration to HttpConfiguration and then adding an SslSocketConnector to jetty in the ServerFactory, with the appropriate handler. Is this something that you would be interested in? What I've done works well for my purposes but I would need to spend some time covering the more general cases before I submit a pull request. Just wanted to see if it would be worthwhile before investing the time.
Matt
Coda Hale
Mar 30, 2012, 3:36:39 PM3/30/12
to dropwiz...@googlegroups.com
That would be awesome — it's a common request.
The only thing I can think of is that it would be nice to be able to switch between the SslSocketConnector and the SslSelectChannelConnector.
---
Coda Hale
http://codahale.com
Eric Tschetter
Apr 13, 2012, 6:40:46 PM4/13/12
to dropwiz...@googlegroups.com
Turns out I went and implemented the same thing. I've also put in a pull request to try to get it merged up:
https://github.com/codahale/dropwizard/pull/79
My patch does allow you to select between the SslSocket and the SslSelectChannel as well as use the base keystore or specify your own. I'm not sure what other configuration options people might need, but this works for our own case (an HTTPS-only API).
What is the general process around accepting merge requests?
--Eric
https://github.com/codahale/dropwizard/pull/79
My patch does allow you to select between the SslSocket and the SslSelectChannel as well as use the base keystore or specify your own. I'm not sure what other configuration options people might need, but this works for our own case (an HTTPS-only API).
What is the general process around accepting merge requests?
--Eric
Coda Hale
Apr 13, 2012, 7:19:33 PM4/13/12
to dropwiz...@googlegroups.com
The general process is I try to scrape out a bit of spare time and then I run through them, either merging them outright, giving some feedback, or breaking the news that we won't be doing that.
For this, I'd rather see "socket+ssl" and "nonblocking+ssl" added as connector types. We can add validation methods to ensure the SSL connectors aren't used w/o a valid SSL config.
---
Coda Hale
http://codahale.com
Eric Tschetter
Apr 13, 2012, 8:03:04 PM4/13/12
to dropwiz...@googlegroups.com
If I understand you correctly, you are saying that I should introduce an "isValidSSL" method with a @Validation tag which will verify that it is either not running SSL or it is running SSL and has a valid configuration? Then, change the if-encased switch/case to just a single switch/case that understands the SSL connector options. Is that correct?
Also, is there anything I can do to help get this back-ported and released as part of 0.3.2 as well? (once you are happy with how it is done, anyway)
--Eric
Also, is there anything I can do to help get this back-ported and released as part of 0.3.2 as well? (once you are happy with how it is done, anyway)
--Eric
Eric Tschetter
Apr 13, 2012, 8:50:25 PM4/13/12
to dropwiz...@googlegroups.com
I have updated the pull request. Let me know if there's anything more I can do to help.
--Eric
--Eric
Reply all
Reply to author
Forward
0 new messages