-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve user experience with SSL #698
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
/* | ||
* Copyright 2019 Red Hat, Inc. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.jboss.shamrock.deployment.builditem; | ||
|
||
import org.jboss.builder.item.MultiBuildItem; | ||
|
||
public final class ExtensionSslNativeSupportBuildItem extends MultiBuildItem { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The name could be improved, suggestions, welcome. Obviously, if we end up using a separate extension to push that, we won't need the extension name anymore. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is fine for now. |
||
|
||
private String extension; | ||
|
||
public ExtensionSslNativeSupportBuildItem(String extension) { | ||
this.extension = extension; | ||
} | ||
|
||
public String getExtension() { | ||
return extension; | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
/* | ||
* Copyright 2019 Red Hat, Inc. | ||
* | ||
* Licensed under the Apache License, Version 2.0 (the "License"); | ||
* you may not use this file except in compliance with the License. | ||
* You may obtain a copy of the License at | ||
* | ||
* http://www.apache.org/licenses/LICENSE-2.0 | ||
* | ||
* Unless required by applicable law or agreed to in writing, software | ||
* distributed under the License is distributed on an "AS IS" BASIS, | ||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
* See the License for the specific language governing permissions and | ||
* limitations under the License. | ||
*/ | ||
|
||
package org.jboss.shamrock.deployment.builditem; | ||
|
||
import java.util.Optional; | ||
|
||
import org.jboss.builder.item.SimpleBuildItem; | ||
|
||
public final class SslNativeConfigBuildItem extends SimpleBuildItem { | ||
|
||
private Optional<Boolean> enableSslNativeConfig; | ||
|
||
public SslNativeConfigBuildItem(Optional<Boolean> enableSslNativeConfig) { | ||
this.enableSslNativeConfig = enableSslNativeConfig; | ||
} | ||
|
||
public Optional<Boolean> get() { | ||
return enableSslNativeConfig; | ||
} | ||
|
||
public boolean isEnabled() { | ||
// default is to disable the SSL native support | ||
return enableSslNativeConfig.isPresent() && enableSslNativeConfig.get(); | ||
} | ||
|
||
public boolean isExplicitlyDisabled() { | ||
return enableSslNativeConfig.isPresent() && !enableSslNativeConfig.get(); | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,6 +27,9 @@ | |
import org.jboss.shamrock.deployment.annotations.BuildProducer; | ||
import org.jboss.shamrock.deployment.annotations.BuildStep; | ||
import org.jboss.shamrock.deployment.annotations.Record; | ||
import org.jboss.shamrock.deployment.builditem.ExtensionSslNativeSupportBuildItem; | ||
import org.jboss.shamrock.deployment.builditem.FeatureBuildItem; | ||
import org.jboss.shamrock.deployment.builditem.SslNativeConfigBuildItem; | ||
import org.jboss.shamrock.deployment.builditem.substrate.ReflectiveClassBuildItem; | ||
|
||
class AgroalProcessor { | ||
|
@@ -46,15 +49,19 @@ AdditionalBeanBuildItem registerBean() { | |
@Record(STATIC_INIT) | ||
@BuildStep | ||
BeanContainerListenerBuildItem build( | ||
BuildProducer<FeatureBuildItem> feature, | ||
BuildProducer<ReflectiveClassBuildItem> reflectiveClass, | ||
BuildProducer<DataSourceDriverBuildItem> datasourceDriver, | ||
SslNativeConfigBuildItem sslNativeConfig, BuildProducer<ExtensionSslNativeSupportBuildItem> sslNativeSupport, | ||
DataSourceTemplate template | ||
) throws Exception { | ||
if (! datasource.url.isPresent() || ! datasource.driver.isPresent()) { | ||
log.warn("Agroal extension was included in build however no data source URL and/or driver class has been defined"); | ||
return null; | ||
} | ||
|
||
feature.produce(new FeatureBuildItem(FeatureBuildItem.AGROAL)); | ||
|
||
reflectiveClass.produce(new ReflectiveClassBuildItem(false, false, | ||
io.agroal.pool.ConnectionHandler[].class.getName(), | ||
io.agroal.pool.ConnectionHandler.class.getName(), | ||
|
@@ -63,14 +70,13 @@ BeanContainerListenerBuildItem build( | |
java.sql.ResultSet.class.getName(), | ||
java.sql.ResultSet[].class.getName() | ||
)); | ||
|
||
reflectiveClass.produce(new ReflectiveClassBuildItem(false, false, datasource.driver.get())); | ||
|
||
if (datasource.driver.isPresent()) { | ||
datasourceDriver.produce(new DataSourceDriverBuildItem(datasource.driver.get())); | ||
} | ||
datasourceDriver.produce(new DataSourceDriverBuildItem(datasource.driver.get())); | ||
|
||
sslNativeSupport.produce(new ExtensionSslNativeSupportBuildItem(FeatureBuildItem.AGROAL)); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I push a build item here. @dmlloyd apparently, you preferred having a separate extension do that. I thought having the extensions requiring this could be helpful. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Do all drivers support SSL? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think most of the TCP based drivers do, probably all of them now that SSL is becoming the norm. In the end, I think I would make it something coming from the driver extension but that's for another day. My plan is to have a build item for JDBC drivers that would be consumed by the Agroal extension but that's for another day. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is OK for now. We can come back to this later and come up with something fancy that can handle JDK, NSS, OpenSSL, etc. |
||
|
||
return new BeanContainerListenerBuildItem(template.addDatasource(datasource)); | ||
return new BeanContainerListenerBuildItem(template.addDatasource(datasource, sslNativeConfig.isExplicitlyDisabled())); | ||
} | ||
|
||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -55,6 +55,7 @@ public class DataSourceProducer { | |
private boolean xa; | ||
private Integer minSize; | ||
private Integer maxSize; | ||
private boolean disableSslSupport = false; | ||
|
||
private AgroalDataSource agroalDataSource; | ||
|
||
|
@@ -118,6 +119,20 @@ public AgroalDataSource getDatasource() throws SQLException { | |
poolConfiguration.maxSize( DEFAULT_MAX_POOL_SIZE ); | ||
} | ||
|
||
// SSL support: we should push the driver specific code to the driver extensions but it will have to do for now | ||
if (disableSslSupport) { | ||
switch (driver.getName()) { | ||
case "org.postgresql.Driver": | ||
poolConfiguration.connectionFactoryConfiguration().jdbcProperty("sslmode", "disable"); | ||
break; | ||
case "com.mysql.jdbc.Driver": | ||
poolConfiguration.connectionFactoryConfiguration().jdbcProperty("useSSL", "false"); | ||
break; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We should have the JDBC drivers push some support for that via build items instead of having specific code here. I have some plans for that but it will have to wait. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I agree, we can do this later (not a lot later though ;) ). |
||
default: | ||
log.warning("Agroal does not support disabling SSL for driver " + driver.getName()); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This class does not use JBoss Logging, we need to fix that. Will create a separate issue. |
||
} | ||
} | ||
|
||
//Explicit reference to bypass reflection need of the ServiceLoader used by AgroalDataSource#from | ||
agroalDataSource = new io.agroal.pool.DataSource(dataSourceConfiguration.get()); | ||
log.log(Level.INFO, "Started data source " + url); | ||
|
@@ -222,4 +237,8 @@ public Integer getMaxSize() { | |
public void setMaxSize(Integer maxSize) { | ||
this.maxSize = maxSize; | ||
} | ||
|
||
public void disableSslSupport() { | ||
this.disableSslSupport = true; | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The configuration is pushed here via
native-image.properties
.