Google Groups

Re: SSL Support


Eric Tschetter Apr 13, 2012 5:03 PM
Posted in group: dropwizard-user
If I understand you correctly, you are saying that I should introduce an "isValidSSL" method with a @Validation tag which will verify that it is either not running SSL or it is running SSL and has a valid configuration?  Then, change the if-encased switch/case to just a single switch/case that understands the SSL connector options.  Is that correct?

Also, is there anything I can do to help get this back-ported and released as part of 0.3.2 as well? (once you are happy with how it is done, anyway)

--Eric



 
On Friday, April 13, 2012 4:19:33 PM UTC-7, Coda Hale wrote:
The general process is I try to scrape out a bit of spare time and then I run through them, either merging them outright, giving some feedback, or breaking the news that we won't be doing that.  

For this, I'd rather see "socket+ssl" and "nonblocking+ssl" added as connector types. We can add validation methods to ensure the SSL connectors aren't used w/o a valid SSL config.  

---  
Coda Hale
http://codahale.com


On Friday, April 13, 2012 at 3:40 PM, Eric Tschetter wrote:

> Turns out I went and implemented the same thing. I've also put in a pull request to try to get it merged up:
>  
> https://github.com/codahale/dropwizard/pull/79
>  
> My patch does allow you to select between the SslSocket and the SslSelectChannel as well as use the base keystore or specify your own. I'm not sure what other configuration options people might need, but this works for our own case (an HTTPS-only API).
>  
> What is the general process around accepting merge requests?
>  
> --Eric
>  
>  
> On Friday, March 30, 2012 12:36:39 PM UTC-7, Coda Hale wrote:
> > That would be awesome — it's a common request.  
> > The only thing I can think of is that it would be nice to be able to switch between the SslSocketConnector and the SslSelectChannelConnector.  
> > ---  
> > Coda Hale
> > http://codahale.com
> >  
> > On Friday, March 30, 2012 at 9:39 AM, Matt Berdine wrote:
> > > Ok. Thanks.
> > >  
> > > I've added the basic functionality by adding an ssl configuration to HttpConfiguration and then adding an SslSocketConnector to jetty in the ServerFactory, with the appropriate handler. Is this something that you would be interested in? What I've done works well for my purposes but I would need to spend some time covering the more general cases before I submit a pull request. Just wanted to see if it would be worthwhile before investing the time.
> > >  
> > > Matt
> > >  
> > > On Thursday, March 29, 2012 11:13:45 AM UTC-6, Coda Hale wrote:
> > > > No, it doesn't. You'll either need to patch it or use an SSL-terminating proxy.  
> > > > Dropwizard doesn't use jetty.xml. It doesn't use a servlet container.  
> > > > ---  
> > > > Coda Hale
> > > > http://codahale.com
> > > >  
> > > > On Thursday, March 29, 2012 at 10:08 AM, Matt Berdine wrote:
> > > > > Hi,
> > > > >  
> > > > > I've been asked to evaluate DropWizard and possibly migrate all of our REST services currently running in Tomcat. So far, I'm very impressed with what I see. It is a very simple architecture and easy to develop against. The only issue I see is that we are required to run all of our services over SSL. Does DropWizard provide any SSL support? I have been through the HttpConfiguration and didn't see anything. I know Jetty supports SSL. Would I have to create a jetty.xml file to configure https?
> > > > >  
> > > > > Thanks  
> > > >  
> > >  
> >  
>