Play 2.4 HikariCP connection pool configuration

[Alexey Pismenskiy]

Hello, 

With a new connection pool implementation in Play 2.4 I need to specify some config parameters, separated by dots, for example 

db {

  default {

    driver = ${?DB_DRIVER}

    url = ${?DB_URL}

    username = ${?DB_USER}

    password = ${?DB_PASSWORD}

    hikaricp {

      dataSource {

        "javax.net.ssl.trustStore" = ${?DB_TRUST_STORE}

        "javax.net.ssl.trustStoreType" = "JKS"

        "javax.net.ssl.trustStorePassword" = ${?DB_TRUST_STORE_PASSWORD}

        "javax.net.ssl.keyStore" = ${?DB_KEY_STORE}

        "javax.net.ssl.keyStoreType" = "JKS"

        "javax.net.ssl.keyStorePassword" = ${?DB_KEY_STORE_PASSWORD}

      }

    }

}

All parameters like "javax.net.ssl.*" are used to provide details about SSL certificates for connection. Looks like Play framework it is trying to parse config keys "javax.net.ssl.*" and separate them by dots, so it fails with an exception

Caused by: com.typesafe.config.ConfigException$Missing: No configuration setting found for key 'javax'

I found a similar topic here: http://stackoverflow.com/questions/21738023/how-do-i-get-an-unwrapped-key-in-typesafe-config

According to the first response 

foo {
   bar {
       baz = 10
   }
}

is the same as 

foo.bar.baz = 10

But it would be different if written as "foo.bar.baz" = 10

I hoped that using quotes should help but it doesn't and seems like a bug in the pool configuration. Please, advise. 

[Brett Wooldridge]

Are you sure this should go in the dataSource section, instead of the db or default sections?

[Brett Wooldridge]

These are typically JVM properties, do I don't know if it is appropriate to put them in the db/dataSource configuration.   Even if it is the driver that uses these, those are system-wide properties and would apply to all SSL components.

[Alexey Pismenskiy]

According to https://github.com/playframework/playframework/blob/master/framework/src/play-jdbc/src/main/scala/play/api/db/HikariCPModule.scala#L108

it should go in the hikaricp/dataSource section. The exception that I've mentioned earlier is produced somewhere along these lines (line 110, I believe). 

[Alexey Pismenskiy]

Hmm, do you think that I can configure them by specifying JAVA_OPTS = -Djavax.net.ssl.trustStore = ... 

I did not know that they are JVM level props. 

I usually put them in the Driver properties, like prescribed here:

http://www.oracle.com/technetwork/topics/wp-oracle-jdbc-thin-ssl-130128.pdf

If the truststore format type is JKS

The following code snippet shows how to set a JKS truststore. Note that the path

is specified in the MS Windows style as an example:

String url =

"jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=servernam

e)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=servicename)))");

Properties props = new Properties();

props.setProperty("user", "scott");

props.setProperty("password", "tiger");

props.setProperty("javax.net.ssl.trustStore",

 "D:\\truststore\\truststore.jks");

props.setProperty("javax.net.ssl.trustStoreType","JKS");

props.setProperty("javax.net.ssl.trustStorePassword","welcome123");

Connection conn = DriverManager.getConnection(url, props); 

I will try it. 

[Brett Wooldridge]

Two things.  First, yes, you should be able to configure those in JAVA_OPTS.  Second, I do tend to agree that something is incorrect about the key handling.  Or I just don't understand how to properly escape a key with dots...

[Alexey Pismenskiy]

Thanks for your response. I think there is a bug there in key handling. But if it works with java_opts that is good workaround for now.

[Alexey Pismenskiy]

Yes, it works with JAVA_OPTS = -Djavax.net.ssl.trustStore=
Thanks a lot!