HTTPS support for workflow
1. Added support for both http and https on BE.
2. By default the HTTPS is not enabled.
3. Added some logging properties.
4. updated ReadMe.
Change-Id: I5337b19d6fe5eeaf7ded47019dc6bd3fbdcca309
Issue-ID: SDC-2136
Signed-off-by: priyanshu <pagarwal@amdocs.com>
diff --git a/README.md b/README.md
index 4a84a7a..87b980c 100644
--- a/README.md
+++ b/README.md
@@ -98,7 +98,8 @@
`docker run -d -e SDC_PROTOCL=http/https -e SDC_ENDPOINT=<sdc-host>:<sdc-port> -e SDC_USER=<sdc-username>
-e SDC_PASSWORD=<sdc-password> -e CS_HOSTS=<cassandra-hosts> -e CS_PORT=<cassandra-port>
-e CS_AUTHENTICATE=true/false -e CS_USER=<cassandra-user> -e CS_PASSWORD=<cassandra-password>
--e JAVA_OPTIONS=<jvm-options> nexus3.onap.org:10001/onap/workflow-backend:latest`
+-e SSL_ENABLED=true/false -e SSL_KEY_PASSWORD=<ssl_key_password> -e SSL_KEYSTORE_PATH=<ssl_keystore_path>
+-e SSL_KEYSTORE_TYPE=<ssl_keystore_type> -e JAVA_OPTIONS=<jvm-options> nexus3.onap.org:10001/onap/workflow-backend:latest`
### Environment Variables
@@ -122,12 +123,21 @@
- CS_PASSWORD — Cassandra password if CS_AUTHENTICATE is *true*.
+- SSL_ENABLED — whether ssl authentication must be used to connect to application. A *false* will be
+assumed if this variable is not specified.
+
+- SSL_KEY_PASSWORD — SSL key password if SSL_ENABLED is *true*.
+
+- SSL_KEYSTORE_PATH — SSL Keystore path if SSL_ENABLED is *true*.
+
+- SSL_KEYSTORE_TYPE — SSL Keystore type if SSL_ENABLED is *true*.
+
- JAVA_OPTIONS — optionally, JVM (Java Virtual Machine) arguments.
### Example
Assuming you have a dedicated Cassandra container as described in Database section, and the access to it is not
-protected with a password. The following command will start a backend container:
+protected with a password. The following command will start a backend container without SSL support:
`docker run -d --name workflow-backend -e SDC_PROTOCOL=http
-e SDC_ENDPOINT=$(docker inspect sdc-BE --format={{.NetworkSettings.IPAddress}}):8080
diff --git a/workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/WebServerConfig.java b/workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/WebServerConfig.java
new file mode 100644
index 0000000..3ba3f81
--- /dev/null
+++ b/workflow-designer-be/src/main/java/org/onap/sdc/workflow/server/config/WebServerConfig.java
@@ -0,0 +1,28 @@
+package org.onap.sdc.workflow.server.config;
+
+import org.eclipse.jetty.server.ServerConnector;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.embedded.jetty.JettyServerCustomizer;
+import org.springframework.boot.web.embedded.jetty.JettyServletWebServerFactory;
+import org.springframework.boot.web.server.WebServerFactoryCustomizer;
+import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class WebServerConfig implements WebServerFactoryCustomizer<ConfigurableServletWebServerFactory> {
+
+ @Value("${http.port}")
+ private int httpPort;
+
+ @Override
+ public void customize(ConfigurableServletWebServerFactory container) {
+ if (container instanceof JettyServletWebServerFactory) {
+ JettyServletWebServerFactory containerFactory = (JettyServletWebServerFactory) container;
+ containerFactory.addServerCustomizers((JettyServerCustomizer) server -> {
+ ServerConnector connector = new ServerConnector(server);
+ connector.setPort(httpPort);
+ server.addConnector(connector);
+ });
+ }
+ }
+}
diff --git a/workflow-designer-be/src/main/resources/application-dev.properties b/workflow-designer-be/src/main/resources/application-dev.properties
index 12a9902..97d81ac 100644
--- a/workflow-designer-be/src/main/resources/application-dev.properties
+++ b/workflow-designer-be/src/main/resources/application-dev.properties
@@ -14,7 +14,18 @@
# limitations under the License.
#/
server.servlet.context-path=/
-server.port=${SERVER_PORT:8080}
+http.port=${HTTP_PORT:8080}
+
+server.port=${SERVER_PORT:8443}
+server.ssl.enabled=${SSL_ENABLED:false}
+server.ssl.key-password=${SSL_KEY_PASSWORD:}
+server.ssl.key-store=${SSL_KEYSTORE_PATH:}
+server.ssl.key-store-type=${SSL_KEYSTORE_TYPE:}
+
+sdc.be.protocol=${SDC_PROTOCOL:}
+sdc.be.endpoint=${SDC_ENDPOINT:}
+sdc.be.external.user=${SDC_USER:}
+sdc.be.external.password=${SDC_PASSWORD:}
#CASSANDRA
spring.data.cassandra.contact-points=${CS_HOSTS:localhost}
@@ -29,4 +40,16 @@
#Headers are comma separated list
onap.logging.requestIdHeader=X-ECOMP-RequestID,X-ONAP-RequestID
-onap.logging.partnerNameHeader=USER_ID
\ No newline at end of file
+onap.logging.partnerNameHeader=USER_ID
+
+logging.level.org.springframework=INFO
+logging.level.org.onap.sdc.workflow=INFO
+
+#output to a temp_folder/file
+logging.file=${java.io.tmpdir}/application.log
+
+# Logging pattern for the console
+logging.pattern.console= %d{yyyy-MM-dd HH:mm:ss} - %msg%n
+
+# Logging pattern for file
+logging.pattern.file= %d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%
\ No newline at end of file
diff --git a/workflow-designer-be/src/main/resources/application.properties b/workflow-designer-be/src/main/resources/application.properties
index 5fa56d8..1ff8311 100644
--- a/workflow-designer-be/src/main/resources/application.properties
+++ b/workflow-designer-be/src/main/resources/application.properties
@@ -14,7 +14,14 @@
# limitations under the License.
#/
server.servlet.context-path=/
-server.port=${SERVER_PORT:8080}
+http.port=${HTTP_PORT:8080}
+
+server.port=${SERVER_PORT:8443}
+server.ssl.enabled=${SSL_ENABLED:false}
+server.ssl.key-password=${SSL_KEY_PASSWORD:}
+server.ssl.key-store=${SSL_KEYSTORE_PATH:}
+server.ssl.key-store-type=${SSL_KEYSTORE_TYPE:}
+
sdc.be.protocol=${SDC_PROTOCOL:}
sdc.be.endpoint=${SDC_ENDPOINT:}
sdc.be.external.user=${SDC_USER:}
@@ -33,4 +40,16 @@
#Headers are comma separated list
onap.logging.requestIdHeader=X-ECOMP-RequestID,X-ONAP-RequestID
-onap.logging.partnerNameHeader=USER_ID
\ No newline at end of file
+onap.logging.partnerNameHeader=USER_ID
+
+logging.level.org.springframework=INFO
+logging.level.org.onap.sdc.workflow=INFO
+
+#output to a temp_folder/file
+logging.file=${java.io.tmpdir}/application.log
+
+# Logging pattern for the console
+logging.pattern.console= %d{yyyy-MM-dd HH:mm:ss} - %msg%n
+
+# Logging pattern for file
+logging.pattern.file= %d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%
\ No newline at end of file