Example 1 with AuditLogHandler
use of io.cdap.cdap.gateway.router.handlers.AuditLogHandler in project cdap by caskdata.
the class NettyRouter method createServerBootstrap.
private ServerBootstrap createServerBootstrap(final ChannelGroup channelGroup) {
EventLoopGroup bossGroup = createEventLoopGroup(serverBossThreadPoolSize, "router-server-boss-thread-%d");
EventLoopGroup workerGroup = createEventLoopGroup(serverWorkerThreadPoolSize, "router-server-worker-thread-%d");
SSLHandlerFactory sslHandlerFactory = null;
if (sslEnabled) {
// We support both JKS keystore format and PEM cert file.
String keyStorePath = sConf.get(Constants.Security.Router.SSL_KEYSTORE_PATH);
String certFilePath = cConf.get(Constants.Security.Router.SSL_CERT_PATH);
if (!Strings.isNullOrEmpty(keyStorePath)) {
SSLConfig sslConfig = SSLConfig.builder(new File(keyStorePath), sConf.get(Constants.Security.Router.SSL_KEYSTORE_PASSWORD)).setCertificatePassword(sConf.get(Constants.Security.Router.SSL_KEYPASSWORD)).build();
sslHandlerFactory = new SSLHandlerFactory(sslConfig);
} else if (!Strings.isNullOrEmpty(certFilePath)) {
String password = sConf.get(Constants.Security.Router.SSL_CERT_PASSWORD, "");
KeyStore keyStore = KeyStores.createKeyStore(Paths.get(certFilePath), password);
sslHandlerFactory = new HttpsEnabler().setKeyStore(keyStore, password::toCharArray).createSSLHandlerFactory();
}
if (sslHandlerFactory == null) {
throw new RuntimeException("SSL is enabled but there is no keystore file nor certificate file being " + "configured. Please ensure either '" + Constants.Security.Router.SSL_KEYSTORE_PATH + "' is set in cdap-security.xml or '" + Constants.Security.Router.SSL_CERT_PATH + "' is set in cdap-site.xml file.");
}
}
SSLHandlerFactory finalSSLHandlerFactory = sslHandlerFactory;
return new ServerBootstrap().group(bossGroup, workerGroup).channel(NioServerSocketChannel.class).option(ChannelOption.SO_BACKLOG, serverConnectionBacklog).childHandler(new ChannelInitializer<SocketChannel>() {
@Override
protected void initChannel(SocketChannel ch) {
channelGroup.add(ch);
ChannelPipeline pipeline = ch.pipeline();
if (finalSSLHandlerFactory != null) {
pipeline.addLast("ssl", finalSSLHandlerFactory.create(ch.alloc()));
}
pipeline.addLast("http-codec", new HttpServerCodec());
pipeline.addLast("http-status-request-handler", new HttpStatusRequestHandler());
if (securityEnabled) {
pipeline.addLast("access-token-authenticator", new AuthenticationHandler(cConf, sConf, discoveryServiceClient, userIdentityExtractor));
}
if (cConf.getBoolean(Constants.Router.ROUTER_AUDIT_LOG_ENABLED)) {
pipeline.addLast("audit-log", new AuditLogHandler());
}
// Will block inbound requests if config for blocking the requests is enabled
pipeline.addLast("config-based-request-blocking-handler", new ConfigBasedRequestBlockingHandler(cConf));
// Always let the client to continue sending the request body after the authentication passed
pipeline.addLast("expect-continue", new HttpServerExpectContinueHandler());
// for now there's only one hardcoded rule, but if there will be more, we may want it generic and configurable
pipeline.addLast("http-request-handler", new HttpRequestRouter(cConf, serviceLookup));
}
});
}
Also used :
SSLConfig(io.cdap.http.SSLConfig)
SocketChannel(io.netty.channel.socket.SocketChannel)
NioServerSocketChannel(io.netty.channel.socket.nio.NioServerSocketChannel)
ConfigBasedRequestBlockingHandler(io.cdap.cdap.gateway.router.handlers.ConfigBasedRequestBlockingHandler)
HttpServerExpectContinueHandler(io.netty.handler.codec.http.HttpServerExpectContinueHandler)
KeyStore(java.security.KeyStore)
ServerBootstrap(io.netty.bootstrap.ServerBootstrap)
ChannelPipeline(io.netty.channel.ChannelPipeline)
HttpRequestRouter(io.cdap.cdap.gateway.router.handlers.HttpRequestRouter)
HttpStatusRequestHandler(io.cdap.cdap.gateway.router.handlers.HttpStatusRequestHandler)
NioEventLoopGroup(io.netty.channel.nio.NioEventLoopGroup)
EventLoopGroup(io.netty.channel.EventLoopGroup)
AuditLogHandler(io.cdap.cdap.gateway.router.handlers.AuditLogHandler)
HttpServerCodec(io.netty.handler.codec.http.HttpServerCodec)
HttpsEnabler(io.cdap.cdap.common.security.HttpsEnabler)
AuthenticationHandler(io.cdap.cdap.gateway.router.handlers.AuthenticationHandler)
SSLHandlerFactory(io.cdap.http.SSLHandlerFactory)
File(java.io.File)
Aggregations
HttpsEnabler (io.cdap.cdap.common.security.HttpsEnabler)1
AuditLogHandler (io.cdap.cdap.gateway.router.handlers.AuditLogHandler)1
AuthenticationHandler (io.cdap.cdap.gateway.router.handlers.AuthenticationHandler)1
ConfigBasedRequestBlockingHandler (io.cdap.cdap.gateway.router.handlers.ConfigBasedRequestBlockingHandler)1
HttpRequestRouter (io.cdap.cdap.gateway.router.handlers.HttpRequestRouter)1
HttpStatusRequestHandler (io.cdap.cdap.gateway.router.handlers.HttpStatusRequestHandler)1
SSLConfig (io.cdap.http.SSLConfig)1
SSLHandlerFactory (io.cdap.http.SSLHandlerFactory)1
ServerBootstrap (io.netty.bootstrap.ServerBootstrap)1
ChannelPipeline (io.netty.channel.ChannelPipeline)1
EventLoopGroup (io.netty.channel.EventLoopGroup)1
NioEventLoopGroup (io.netty.channel.nio.NioEventLoopGroup)1
SocketChannel (io.netty.channel.socket.SocketChannel)1
NioServerSocketChannel (io.netty.channel.socket.nio.NioServerSocketChannel)1
HttpServerCodec (io.netty.handler.codec.http.HttpServerCodec)1
HttpServerExpectContinueHandler (io.netty.handler.codec.http.HttpServerExpectContinueHandler)1
File (java.io.File)1
KeyStore (java.security.KeyStore)1
