Added HTTPS/SSL Support #68
Conversation
|
I will address the drop in test coverage tomorrow evening. |
|
The autodetection of https on client is a good idea. |
|
Sorry, I did not. I will re-investigate tonight. I will revert those It would be great if the SecureHostRoutingFilter was not necessary, but I I will look at this tonight. Thank you for your comments and consideration.
|
|
You were correct about not needing a new RestTemplate. Adding the java.net.ssl JVM properties was enough for the client application to ping the server successfully with x509 client authentication. However the server cannot complete the requests back to the client using the SimpleHostRoutingFilter. It does not build the HTTP client with an SSLContext that can make a secure connection back to the client. It uses a custom SSLSocket which (appears) not to load the key or trust store information. This may be an issue I can bring up with the spring-cloud-netflix project. Shall I close this pull request? I can maintain a fork and use it until Spring Cloud can update that class, but as it stands now it will not work when the client requires x509 authentication. |
|
I'd be keen to do the changes to AdminClientProperties. |
|
Sounds good. I will submit a new pull request as not to pollute the commit -Steve
|
|
Just git reset to codecentric/master do your changes and force push 'em.
|
Checks for the presence of Ssl in ServerProperties and that it is enabled, uses https in that case for client URL. Added test case for option. Added spring-boot-configuration-processor as optional dependency which will generate ConfigurationProperty metadata.
|
Done, updated with test case. Thanks. |
|
Merged your commit. Thanks! |
|
Great, thanks!
On Mon, May 4, 2015 at 3:20 PM, Johannes Stelzer notifications@github.com
|
I had the requirement to use with application with SSL Client Authentication.
The SimpleHostRoutingFilter was not able to provide this, nor was
it extensible to allow a proper subclass. I provided an implementation
which uses most aspects of SimpleHostRoutingFilter, but builds the
HTTP client using current API as well as building a correct SSLContext
based on the javax.net.ssl JVM properties.
The client auto-configuration now provides a RestTemplate bean that builds
an SSLContext if SSL is enabled for the client application. If not, the
original RestTemplate is used.
A modification was needed to the AdminClientProperties to determine if
the connection requires https instead of http (checks ServerProperties
for an instance of Ssl).
I also added spring-configuration-processor as a dependency as to generate
property file metadata.