inteligr8/SearchServices
1
0
Fork 0
mirror of https://github.com/Alfresco/SearchServices.git synced 2025-10-08 14:51:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Skip loading SSL Settings from properties when "alfresco.secureComms" is set to "none"

Browse Source
This commit is contained in:
Angel Borroy
2019-06-07 13:12:50 +02:00
parent 8e30f4906c
commit b48d65e98d
2 changed files with 117 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
search-services/alfresco-search/src/main/java/org/apache/solr/core/CoreDescriptorDecorator.java
View File

@@ -18,12 +18,14 @@
*/ */
package org.apache.solr.core; package org.apache.solr.core;
import com.google.common.collect.ImmutableList; import java.util.List;
import java.util.Properties;
import org.alfresco.solr.config.ConfigUtil; import org.alfresco.solr.config.ConfigUtil;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import java.util.Properties; import com.google.common.collect.ImmutableList;
/** /**
* This class was created solely for the purpose of exposing the coreProperties of the CoreDescriptor. * This class was created solely for the purpose of exposing the coreProperties of the CoreDescriptor.
@@ -32,13 +34,16 @@ import java.util.Properties;
* The Substitutable Properties are defined in the substitutableProperties list. * The Substitutable Properties are defined in the substitutableProperties list.
* @author Ahmed Owian * @author Ahmed Owian
* @author Gethin James * @author Gethin James
* @author aborroy
*/ */
public class CoreDescriptorDecorator public class CoreDescriptorDecorator
{ {
private static Log log = LogFactory.getLog(CoreDescriptorDecorator.class); private static Log log = LogFactory.getLog(CoreDescriptorDecorator.class);
private final Properties properties = new Properties(); private final Properties properties = new Properties();
private static String SECURE_COMMS_PROPERTY = "alfresco.secureComms";
public static ImmutableList<String> substitutableProperties = public static ImmutableList<String> substitutablePropertiesSecure =
ImmutableList.of( ImmutableList.of(
"alfresco.host", "alfresco.host",
"alfresco.port", "alfresco.port",
@@ -54,18 +59,37 @@ public class CoreDescriptorDecorator
"alfresco.encryption.ssl.keystore.provider", "alfresco.encryption.ssl.keystore.provider",
"alfresco.encryption.ssl.truststore.type"); "alfresco.encryption.ssl.truststore.type");
public static ImmutableList<String> substitutablePropertiesNone =
ImmutableList.of(
"alfresco.host",
"alfresco.port",
"alfresco.baseUrl",
"alfresco.secureComms");
public CoreDescriptorDecorator(CoreDescriptor descriptor) public CoreDescriptorDecorator(CoreDescriptor descriptor)
{ {
properties.putAll(descriptor.coreProperties); properties.putAll(descriptor.coreProperties);
List<String> coreProperties;
String comms = ConfigUtil.locateProperty(SECURE_COMMS_PROPERTY, "none");
if (comms.equals("https"))
{
coreProperties = substitutablePropertiesSecure;
}
else
{
coreProperties = substitutablePropertiesNone;
}
try try
{ {
substitutableProperties.forEach(prop -> coreProperties.forEach(prop ->
properties.put(prop, ConfigUtil.locateProperty(prop,properties.getProperty(prop))) properties.put(prop, ConfigUtil.locateProperty(prop,properties.getProperty(prop)))
); );
} }
catch(Exception e) catch(Exception e)
{ {
log.warn("Unable to locate alfresco host|port|baseUrl|ssl properties"); log.warn("Unable to locate alfresco host|port|baseUrl|ssl properties", e);
} }
} }

119
search-services/alfresco-solrclient-lib/src/main/java/org/alfresco/solr/client/SOLRAPIClientFactory.java
View File

@@ -38,6 +38,7 @@ import org.alfresco.httpclient.HttpClientFactory;
import org.alfresco.httpclient.HttpClientFactory.SecureCommsType; import org.alfresco.httpclient.HttpClientFactory.SecureCommsType;
import org.alfresco.repo.dictionary.NamespaceDAO; import org.alfresco.repo.dictionary.NamespaceDAO;
import org.alfresco.service.cmr.dictionary.DictionaryService; import org.alfresco.service.cmr.dictionary.DictionaryService;
import org.apache.commons.httpclient.params.DefaultHttpParams;
/** /**
* This factory encapsulates the creation of a SOLRAPIClient and the management of that resource. * This factory encapsulates the creation of a SOLRAPIClient and the management of that resource.
@@ -53,10 +54,6 @@ public class SOLRAPIClientFactory
// encryption related parameters // encryption related parameters
private String secureCommsType; // "none", "https" private String secureCommsType; // "none", "https"
private String keyStoreType;
private String keyStoreProvider;
private String passwordFileLocation;
private String keyStoreLocation;
// ssl // ssl
private String sslKeyStoreType; private String sslKeyStoreType;
@@ -151,24 +148,25 @@ public class SOLRAPIClientFactory
if (client == null) if (client == null)
{ {
baseUrl = props.getProperty("alfresco.baseUrl", "/alfresco"); baseUrl = props.getProperty("alfresco.baseUrl", "/alfresco");
keyStoreType = props.getProperty("alfresco.encryption.keystore.type", "JCEKS"); // Load SSL settings only when using HTTPs protocol
keyStoreProvider = props.getProperty("alfresco.encryption.keystore.provider");
passwordFileLocation = props.getProperty("alfresco.encryption.keystore.passwordFileLocation");
keyStoreLocation = props.getProperty("alfresco.encryption.keystore.location");
sslKeyStoreType = props.getProperty("alfresco.encryption.ssl.keystore.type", "JCEKS");
sslKeyStoreProvider = props.getProperty("alfresco.encryption.ssl.keystore.provider", "");
sslKeyStoreLocation = props.getProperty("alfresco.encryption.ssl.keystore.location",
"ssl.repo.client.keystore");
sslKeyStorePasswordFileLocation = props.getProperty(
"alfresco.encryption.ssl.keystore.passwordFileLocation", "ssl-keystore-passwords.properties");
sslTrustStoreType = props.getProperty("alfresco.encryption.ssl.truststore.type", "JCEKS");
sslTrustStoreProvider = props.getProperty("alfresco.encryption.ssl.truststore.provider", "");
sslTrustStoreLocation = props.getProperty("alfresco.encryption.ssl.truststore.location",
"ssl.repo.client.truststore");
sslTrustStorePasswordFileLocation = props.getProperty(
"alfresco.encryption.ssl.truststore.passwordFileLocation",
"ssl-truststore-passwords.properties");
secureCommsType = props.getProperty("alfresco.secureComms", "none"); secureCommsType = props.getProperty("alfresco.secureComms", "none");
if (secureCommsType.equals("https"))
{
sslKeyStoreType = getProperty(props, "alfresco.encryption.ssl.keystore.type", "JCEKS");
sslKeyStoreProvider = getProperty(props, "alfresco.encryption.ssl.keystore.provider", "");
sslKeyStoreLocation = getProperty(props, "alfresco.encryption.ssl.keystore.location",
"ssl.repo.client.keystore");
sslKeyStorePasswordFileLocation = getProperty(props,
"alfresco.encryption.ssl.keystore.passwordFileLocation",
"ssl-keystore-passwords.properties");
sslTrustStoreType = getProperty(props, "alfresco.encryption.ssl.truststore.type", "JCEKS");
sslTrustStoreProvider = getProperty(props, "alfresco.encryption.ssl.truststore.provider", "");
sslTrustStoreLocation = getProperty(props, "alfresco.encryption.ssl.truststore.location",
"ssl.repo.client.truststore");
sslTrustStorePasswordFileLocation = getProperty(props,
"alfresco.encryption.ssl.truststore.passwordFileLocation",
"ssl-truststore-passwords.properties");
}
maxTotalConnections = Integer.parseInt(props.getProperty("alfresco.maxTotalConnections", "40")); maxTotalConnections = Integer.parseInt(props.getProperty("alfresco.maxTotalConnections", "40"));
maxHostConnections = Integer.parseInt(props.getProperty("alfresco.maxHostConnections", "40")); maxHostConnections = Integer.parseInt(props.getProperty("alfresco.maxHostConnections", "40"));
socketTimeout = Integer.parseInt(props.getProperty("alfresco.socketTimeout", "60000")); socketTimeout = Integer.parseInt(props.getProperty("alfresco.socketTimeout", "60000"));
@@ -182,20 +180,79 @@ public class SOLRAPIClientFactory
protected AlfrescoHttpClient getRepoClient(KeyResourceLoader keyResourceLoader) protected AlfrescoHttpClient getRepoClient(KeyResourceLoader keyResourceLoader)
{ {
// TODO i18n HttpClientFactory httpClientFactory = null;
KeyStoreParameters keyStoreParameters = new KeyStoreParameters("SSL Key Store", sslKeyStoreType,
sslKeyStoreProvider, sslKeyStorePasswordFileLocation, sslKeyStoreLocation); if (secureCommsType.equals("https"))
KeyStoreParameters trustStoreParameters = new KeyStoreParameters("SSL Trust Store", sslTrustStoreType, {
sslTrustStoreProvider, sslTrustStorePasswordFileLocation, sslTrustStoreLocation); KeyStoreParameters keyStoreParameters = new KeyStoreParameters("SSL Key Store", sslKeyStoreType,
SSLEncryptionParameters sslEncryptionParameters = new SSLEncryptionParameters(keyStoreParameters, sslKeyStoreProvider, sslKeyStorePasswordFileLocation, sslKeyStoreLocation);
trustStoreParameters); KeyStoreParameters trustStoreParameters = new KeyStoreParameters("SSL Trust Store", sslTrustStoreType,
sslTrustStoreProvider, sslTrustStorePasswordFileLocation, sslTrustStoreLocation);
HttpClientFactory httpClientFactory = new HttpClientFactory(SecureCommsType.getType(secureCommsType), SSLEncryptionParameters sslEncryptionParameters = new SSLEncryptionParameters(keyStoreParameters,
trustStoreParameters);
httpClientFactory = new HttpClientFactory(SecureCommsType.getType(secureCommsType),
sslEncryptionParameters, keyResourceLoader, null, null, alfrescoHost, alfrescoPort, sslEncryptionParameters, keyResourceLoader, null, null, alfrescoHost, alfrescoPort,
alfrescoPortSSL, maxTotalConnections, maxHostConnections, socketTimeout); alfrescoPortSSL, maxTotalConnections, maxHostConnections, socketTimeout);
// TODO need to make port configurable depending on secure comms, or just make redirects work }
else
{
httpClientFactory = new PlainHttpClientFactory(alfrescoHost, alfrescoPort, maxTotalConnections, maxHostConnections);
}
AlfrescoHttpClient repoClient = httpClientFactory.getRepoClient(alfrescoHost, alfrescoPortSSL); AlfrescoHttpClient repoClient = httpClientFactory.getRepoClient(alfrescoHost, alfrescoPortSSL);
repoClient.setBaseUrl(baseUrl); repoClient.setBaseUrl(baseUrl);
return repoClient; return repoClient;
} }
/**
* Return property value from system (passed as -D argument).
* If the system property does not exists, return local value from solrcore.properties
* If the local property does not exists, return default value
*
* @param props Local properties file (solrcore.properties)
* @param key The property key
* @return The value
*/
private String getProperty(Properties props, String key, String defaultValue)
{
String value = System.getProperties().getProperty(key);
if (value == null)
{
value = props.getProperty(key);
}
if (value == null)
{
value = defaultValue;
}
return value;
}
/**
* Local class to avoid loading sslEntryptionParameters for plain http connections.
*
* @author aborroy
*
*/
class PlainHttpClientFactory extends HttpClientFactory
{
public PlainHttpClientFactory(String host, int port, int maxTotalConnections, int maxHostConnections)
{
setSecureCommsType("none");
setHost(host);
setPort(port);
setMaxTotalConnections(maxTotalConnections);
setMaxHostConnections(maxHostConnections);
init();
}
@Override
public void init()
{
DefaultHttpParams.setHttpParamsFactory(new NonBlockingHttpParamsFactory());
}
}
} }