From 13e65301258b71fc3187f743841f17e09e065f5a Mon Sep 17 00:00:00 2001
From: buczekp <buczekp>
Date: Thu, 21 Jan 2010 08:52:35 +0000
Subject: [PATCH] [LMS-1291] accept non-ssl connection from openBIS to DSS
SVN: 14367
---
datastore_server/etc/service.properties | 17 +++++------
.../dss/generic/server/ConfigParameters.java | 28 +++++++++++++++----
.../dss/generic/server/DataStoreServer.java | 23 +++++++--------
.../server/EncapsulatedOpenBISService.java | 16 +++++++++++
.../source/java/dssApplicationContext.xml | 1 +
.../openbis/generic/server/ETLService.java | 4 +--
.../shared/dto/DataStoreServerInfo.java | 15 +++++++++-
7 files changed, 77 insertions(+), 27 deletions(-)
diff --git a/datastore_server/etc/service.properties b/datastore_server/etc/service.properties
index 4358b46d500..5469b6a9095 100644
--- a/datastore_server/etc/service.properties
+++ b/datastore_server/etc/service.properties
@@ -13,14 +13,15 @@ port = 8889
# Session timeout in minutes
session-timeout = 30
-# Path to the keystore
-keystore.path = dist/etc/openBIS.keystore
+# Set to 'false' for development/testing without deployed server. In this mode datastore will not use
+# SSL when connecting to openbis. Otherwise all 'keystore' properties need to be set for SSL connection
+# (default when use-ssl property is not set so there is no need to specify it on production servers).
+use-ssl = false
-# Password of the keystore
-keystore.password = changeit
-
-# Key password of the keystore
-keystore.key-password = changeit
+# Path, password and key password for SSL connection
+#keystore.path = dist/etc/openBIS.keystore
+#keystore.password = changeit
+#keystore.key-password = changeit
# The check interval (in seconds)
check-interval = 5
@@ -50,7 +51,7 @@ username = etlserver
password = doesnotmatter
# The base URL for Web client access.
-download-url = https://localhost:8889
+download-url = http://localhost:8889
# SMTP properties (must start with 'mail' to be considered).
# mail.smtp.host = localhost
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/ConfigParameters.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/ConfigParameters.java
index 23feb655f03..aeb989f7d0f 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/ConfigParameters.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/ConfigParameters.java
@@ -51,6 +51,8 @@ final class ConfigParameters
private static final String KEYSTORE = "keystore.";
+ static final String USE_SSL = "use-ssl";
+
static final String KEYSTORE_PATH_KEY = KEYSTORE + "path";
static final String KEYSTORE_PASSWORD_KEY = KEYSTORE + "password";
@@ -73,6 +75,8 @@ final class ConfigParameters
private final int sessionTimeout;
+ private final boolean useSSL;
+
private final String keystorePath;
private final String keystorePassword;
@@ -123,10 +127,18 @@ final class ConfigParameters
port = getMandatoryIntegerProperty(properties, PORT_KEY);
serverURL = PropertyUtils.getMandatoryProperty(properties, SERVER_URL_KEY);
sessionTimeout = getMandatoryIntegerProperty(properties, SESSION_TIMEOUT_KEY) * 60;
- keystorePath = PropertyUtils.getMandatoryProperty(properties, KEYSTORE_PATH_KEY);
- keystorePassword = PropertyUtils.getMandatoryProperty(properties, KEYSTORE_PASSWORD_KEY);
- keystoreKeyPassword =
- PropertyUtils.getMandatoryProperty(properties, KEYSTORE_KEY_PASSWORD_KEY);
+ useSSL = PropertyUtils.getBoolean(properties, USE_SSL, true);
+ if (useSSL == true)
+ {
+ keystorePath = PropertyUtils.getMandatoryProperty(properties, KEYSTORE_PATH_KEY);
+ keystorePassword =
+ PropertyUtils.getMandatoryProperty(properties, KEYSTORE_PASSWORD_KEY);
+ keystoreKeyPassword =
+ PropertyUtils.getMandatoryProperty(properties, KEYSTORE_KEY_PASSWORD_KEY);
+ } else
+ {
+ keystorePath = keystorePassword = keystoreKeyPassword = null;
+ }
pluginServlets = extractPluginServletsProperties(properties);
}
@@ -202,6 +214,11 @@ final class ConfigParameters
return pluginServlets;
}
+ public boolean isUseSSL()
+ {
+ return useSSL;
+ }
+
public final void log()
{
if (operationLog.isInfoEnabled())
@@ -209,7 +226,8 @@ final class ConfigParameters
operationLog.info(String.format("Store root directory: '%s'.", storePath));
operationLog.info(String.format("Port number: %d.", port));
operationLog.info(String.format("URL of openBIS server: '%s'.", serverURL));
- operationLog.info(String.format("Session timeout (minutes): %d.", sessionTimeout));
+ operationLog.info(String.format("Session timeout (seconds): %d.", sessionTimeout));
+ operationLog.info(String.format("Use SSL: '%s'.", useSSL));
operationLog.info(String.format("Keystore path: '%s'.", keystorePath));
for (PluginServlet pluginServlet : pluginServlets)
{
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
index 2d23ab51290..f8e16e9a16a 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/DataStoreServer.java
@@ -193,19 +193,20 @@ public class DataStoreServer
private static SocketConnector createSocketConnector(ConfigParameters configParameters)
{
- SslSocketConnector socketConnector = new SslSocketConnector();
- socketConnector.setKeystore(configParameters.getKeystorePath());
- socketConnector.setPassword(configParameters.getKeystorePassword());
- socketConnector.setKeyPassword(configParameters.getKeystoreKeyPassword());
- return socketConnector;
+ if (configParameters.isUseSSL())
+ {
+ SslSocketConnector socketConnector = new SslSocketConnector();
+ socketConnector.setKeystore(configParameters.getKeystorePath());
+ socketConnector.setPassword(configParameters.getKeystorePassword());
+ socketConnector.setKeyPassword(configParameters.getKeystoreKeyPassword());
+ return socketConnector;
+ } else
+ {
+ operationLog.warn("creating connector to openBIS without SSL");
+ return new SocketConnector();
+ }
}
- // Uncomment to test connection from openBIS to DSS in hosted mode
- // private static SocketConnector createSocketConnector(ConfigParameters configParameters)
- // {
- // return new SocketConnector();
- // }
-
private final static void selfTest(final ApplicationContext applicationContext)
{
IEncapsulatedOpenBISService dataSetService = applicationContext.getDataSetService();
diff --git a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/EncapsulatedOpenBISService.java b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/EncapsulatedOpenBISService.java
index ae7b6e0fa10..80fe876c035 100644
--- a/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/EncapsulatedOpenBISService.java
+++ b/datastore_server/source/java/ch/systemsx/cisd/openbis/dss/generic/server/EncapsulatedOpenBISService.java
@@ -76,6 +76,8 @@ public final class EncapsulatedOpenBISService implements IEncapsulatedOpenBISSer
private int port;
+ private boolean useSSL;
+
private String username;
private String password;
@@ -116,6 +118,19 @@ public final class EncapsulatedOpenBISService implements IEncapsulatedOpenBISSer
this.port = port;
}
+ public final void setUseSSL(String useSSL)
+ {
+ // NOTE: 'use-ssl' property is optional. If it is not specified in DS properties file
+ // String value passed by Spring is "${use-ssl}". Default value, which is 'true',
+ // should be used in such case.
+ boolean booleanValue = true;
+ if (useSSL.equalsIgnoreCase("false"))
+ {
+ booleanValue = false;
+ }
+ this.useSSL = booleanValue;
+ }
+
public final void setUsername(String username)
{
this.username = username;
@@ -168,6 +183,7 @@ public final class EncapsulatedOpenBISService implements IEncapsulatedOpenBISSer
}
DataStoreServerInfo dataStoreServerInfo = new DataStoreServerInfo();
dataStoreServerInfo.setPort(port);
+ dataStoreServerInfo.setUseSSL(useSSL);
dataStoreServerInfo.setDataStoreCode(dataStoreCode);
dataStoreServerInfo.setDownloadUrl(downloadUrl);
dataStoreServerInfo.setSessionToken(sessionTokenManager.drawSessionToken());
diff --git a/datastore_server/source/java/dssApplicationContext.xml b/datastore_server/source/java/dssApplicationContext.xml
index 13580c66641..2436745d1e8 100644
--- a/datastore_server/source/java/dssApplicationContext.xml
+++ b/datastore_server/source/java/dssApplicationContext.xml
@@ -26,6 +26,7 @@
<property name="username" value="${username}"/>
<property name="password" value="${password}"/>
<property name="port" value="${port}"/>
+ <property name="useSSL" value="${use-ssl}"/>
<property name="downloadUrl" value="${download-url}"/>
<property name="dataStoreCode" value="${data-store-server-code}"/>
<constructor-arg ref="plugin-tasks" />
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLService.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLService.java
index ab333e57df4..b8ecb2aa690 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLService.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/server/ETLService.java
@@ -152,7 +152,7 @@ public class ETLService extends AbstractCommonServer<IETLService> implements IET
{
int port = info.getPort();
String remoteHost = session.getRemoteHost() + ":" + port;
- String dssURL = "https://" + remoteHost;
+ String dssURL = (info.isUseSSL() ? "https://" : "http://") + remoteHost;
checkVersion(dssSessionToken, dssURL);
return dssURL;
}
@@ -505,7 +505,7 @@ public class ETLService extends AbstractCommonServer<IETLService> implements IET
return ExternalDataTranslator.translate(externalDataBO.getExternalData(),
dataStoreBaseURLProvider.getDataStoreBaseURL(), session.getBaseIndexURL());
}
-
+
public void checkDataSetAccess(String sessionToken, String dataSetCode)
throws UserFailureException
{
diff --git a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/DataStoreServerInfo.java b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/DataStoreServerInfo.java
index 8feb1068d5d..cf87e244d76 100644
--- a/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/DataStoreServerInfo.java
+++ b/openbis/source/java/ch/systemsx/cisd/openbis/generic/shared/dto/DataStoreServerInfo.java
@@ -35,7 +35,7 @@ import ch.systemsx.cisd.openbis.generic.shared.IServer;
* <li>the unique code of the DSS.
* </ul>
*
- * @author Franz-Josef Elmer
+ * @author Franz-Josef Elmer
*/
public class DataStoreServerInfo implements Serializable
{
@@ -43,6 +43,8 @@ public class DataStoreServerInfo implements Serializable
private int port;
+ private boolean useSSL;
+
private String dataStoreCode;
private String downloadUrl;
@@ -61,6 +63,16 @@ public class DataStoreServerInfo implements Serializable
this.port = port;
}
+ public boolean isUseSSL()
+ {
+ return useSSL;
+ }
+
+ public void setUseSSL(boolean useSSL)
+ {
+ this.useSSL = useSSL;
+ }
+
public final String getDataStoreCode()
{
return dataStoreCode;
@@ -100,4 +112,5 @@ public class DataStoreServerInfo implements Serializable
{
this.servicesDescriptions = servicesDescriptions;
}
+
}
--
GitLab