use of org.wildfly.extension.mod_cluster.ModClusterConfigResourceDefinition.SSL_CONTEXT_CAPABILITY_NAME in project wildfly by wildfly.
the class ModClusterConfigurationServiceBuilder method configure.
@Override
public Builder<ModClusterConfiguration> configure(OperationContext context, ModelNode model) throws OperationFailedException {
// Advertise
optionalString(ADVERTISE_SOCKET.resolveModelAttribute(context, model)).ifPresent(advertiseSocketRef -> this.advertiseSocketDependency = new InjectedValueDependency<>(context.getCapabilityServiceName(SOCKET_BINDING_CAPABILITY_NAME, advertiseSocketRef, SocketBinding.class), SocketBinding.class));
optionalString(ADVERTISE_SECURITY_KEY.resolveModelAttribute(context, model)).ifPresent(securityKey -> builder.advertise().setAdvertiseSecurityKey(securityKey));
// MCMP
builder.mcmp().setAdvertise(ADVERTISE.resolveModelAttribute(context, model).asBoolean()).setProxyURL(PROXY_URL.resolveModelAttribute(context, model).asString()).setAutoEnableContexts(AUTO_ENABLE_CONTEXTS.resolveModelAttribute(context, model).asBoolean()).setStopContextTimeout(STOP_CONTEXT_TIMEOUT.resolveModelAttribute(context, model).asInt()).setStopContextTimeoutUnit(TimeUnit.valueOf(STOP_CONTEXT_TIMEOUT.getMeasurementUnit().getName())).setSocketTimeout(SOCKET_TIMEOUT.resolveModelAttribute(context, model).asInt() * 1000).setSessionDrainingStrategy(Enum.valueOf(SessionDrainingStrategyEnum.class, SESSION_DRAINING_STRATEGY.resolveModelAttribute(context, model).asString()));
if (model.hasDefined(CommonAttributes.EXCLUDED_CONTEXTS)) {
String contexts = EXCLUDED_CONTEXTS.resolveModelAttribute(context, model).asString();
Map<String, Set<String>> excludedContextsPerHost;
if (contexts == null) {
excludedContextsPerHost = Collections.emptyMap();
} else {
String trimmedContexts = contexts.trim();
if (trimmedContexts.isEmpty()) {
excludedContextsPerHost = Collections.emptyMap();
} else {
excludedContextsPerHost = new HashMap<>();
for (String c : trimmedContexts.split(",")) {
String[] parts = c.trim().split(":");
if (parts.length > 2) {
throw ROOT_LOGGER.excludedContextsWrongFormat(trimmedContexts);
}
String host = null;
String trimmedContext = parts[0].trim();
if (parts.length == 2) {
host = trimmedContext;
trimmedContext = parts[1].trim();
}
String path = trimmedContext.equals("ROOT") ? "" : "/" + trimmedContext;
Set<String> paths = excludedContextsPerHost.computeIfAbsent(host, k -> new HashSet<>());
paths.add(path);
}
}
}
builder.mcmp().setExcludedContextsPerHost(excludedContextsPerHost);
}
// Balancer
builder.balancer().setStickySession(STICKY_SESSION.resolveModelAttribute(context, model).asBoolean()).setStickySessionRemove(STICKY_SESSION_REMOVE.resolveModelAttribute(context, model).asBoolean()).setStickySessionForce(STICKY_SESSION_FORCE.resolveModelAttribute(context, model).asBoolean()).setWorkerTimeout(WORKER_TIMEOUT.resolveModelAttribute(context, model).asInt()).setMaxAttempts(MAX_ATTEMPTS.resolveModelAttribute(context, model).asInt());
// Node
builder.node().setFlushPackets(FLUSH_PACKETS.resolveModelAttribute(context, model).asBoolean()).setFlushWait(FLUSH_WAIT.resolveModelAttribute(context, model).asInt()).setPing(PING.resolveModelAttribute(context, model).asInt()).setSmax(SMAX.resolveModelAttribute(context, model).asInt()).setTtl(TTL.resolveModelAttribute(context, model).asInt()).setNodeTimeout(NODE_TIMEOUT.resolveModelAttribute(context, model).asInt());
optionalString(BALANCER.resolveModelAttribute(context, model)).ifPresent(balancer -> builder.node().setBalancer(balancer));
optionalString(LOAD_BALANCING_GROUP.resolveModelAttribute(context, model)).ifPresent(group -> builder.node().setLoadBalancingGroup(group));
optionalList(PROXIES.resolveModelAttribute(context, model)).ifPresent(refs -> refs.stream().map(ModelNode::asString).forEach(ref -> outboundSocketBindings.add(new InjectedValueDependency<>(context.getCapabilityServiceName(OUTBOUND_SOCKET_BINDING_CAPABILITY_NAME, ref, OutboundSocketBinding.class), OutboundSocketBinding.class))));
if (model.hasDefined(CommonAttributes.PROXY_LIST)) {
throw new OperationFailedException(ROOT_LOGGER.proxyListNotAllowedInCurrentModel());
}
// Elytron-based security support
Optional<String> sslContextRef = optionalString(SSL_CONTEXT.resolveModelAttribute(context, model));
sslContextRef.ifPresent(sslContext -> this.sslContextDependency = new InjectedValueDependency<>(context.getCapabilityServiceName(SSL_CONTEXT_CAPABILITY_NAME, sslContext, SSLContext.class), SSLContext.class));
if (model.get(ModClusterSSLResourceDefinition.PATH.getKeyValuePair()).isDefined()) {
if (sslContextRef.isPresent()) {
throw ROOT_LOGGER.bothElytronAndLegacySslContextDefined();
}
ModelNode sslModel = model.get(ModClusterSSLResourceDefinition.PATH.getKeyValuePair());
ModClusterConfig sslConfiguration = new ModClusterConfig();
optionalString(KEY_ALIAS.resolveModelAttribute(context, sslModel)).ifPresent(sslConfiguration::setSslKeyAlias);
optionalString(PASSWORD.resolveModelAttribute(context, sslModel)).ifPresent(sslConfiguration::setSslTrustStorePassword);
optionalString(PASSWORD.resolveModelAttribute(context, sslModel)).ifPresent(sslConfiguration::setSslKeyStorePassword);
optionalString(CERTIFICATE_KEY_FILE.resolveModelAttribute(context, sslModel)).ifPresent(sslConfiguration::setSslKeyStore);
optionalString(CIPHER_SUITE.resolveModelAttribute(context, sslModel)).ifPresent(sslConfiguration::setSslCiphers);
optionalString(PROTOCOL.resolveModelAttribute(context, sslModel)).ifPresent(sslConfiguration::setSslProtocol);
optionalString(CA_CERTIFICATE_FILE.resolveModelAttribute(context, sslModel)).ifPresent(sslConfiguration::setSslTrustStore);
optionalString(CA_REVOCATION_URL.resolveModelAttribute(context, sslModel)).ifPresent(sslConfiguration::setSslCrlFile);
builder.mcmp().setSocketFactory(new JSSESocketFactory(sslConfiguration));
}
return this;
}
Aggregations