jclouds-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mop Sophia <mopsop...@gmail.com>
Subject Re: Using JClouds without TLSv1.0
Date Wed, 09 Mar 2016 16:36:48 GMT
Thanks Ignasi, it's ok when using the proxy properties (it was the way I
was using before going to okhttp)

In fact, the issue is the connection to the service on this platform. The
login using keystone is ok, but the use of service fails :(
It seems JClouds uses the adminURL, I would like to use publicURL, I don't
if there is something configure it...

My case is to check a tenant witth this code :
            keystoneApi = ContextBuilder.newBuilder(provider)
                  .endpoint(endpoint)
                  .credentials(identity, password)
                  .modules(modules)
                  .overrides(overrides)
                  .buildApi(KeystoneApi.class);

            // Request Openstack Keystone to validate the token
            Token token = keystoneApi.getTokenApi().get().get(authToken);
            // Fails because JClouds get the adminUrl of keystone to make
the request

Regards,

Stéphane



2016-03-09 13:32 GMT+01:00 Ignasi Barrera <nacx@apache.org>:

> Don't configure the proxy in the client supplier. Just configure it
> the "standard jclouds way", by configuring the proxy properties as
> "overrides" when creating the context:
>
> http://jclouds-javadocs.elasticbeanstalk.com/constant-values.html#org.jclouds.Constants.PROPERTY_PROXY_HOST
>
> On 9 March 2016 at 13:18, Mop Sophia <mopsophia@gmail.com> wrote:
> > Hi,
> >
> > Thanks for this code Ignasi, but it seems the client configuration is not
> > used, because the client tries a direct connection without proxy :(
> > Here is my code :
> >
> >     public static class TLSOkHttpClientSupplier implements
> > OkHttpClientSupplier {
> >        @Override public OkHttpClient get() {
> >           OkHttpClient client = new OkHttpClient();
> >           ConnectionSpec tlsSpec =
> >               new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
> >              .tlsVersions(TlsVersion.TLS_1_1, TlsVersion.TLS_1_2)
> >              .build();
> >           ConnectionSpec cleartextSpec =
> >              new
> ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT).build();
> >           client.setConnectionSpecs(ImmutableList.of(tlsSpec,
> > cleartextSpec));
> >           client.setProxy(new Proxy(Proxy.Type.HTTP, new
> > InetSocketAddress("10.182.110.12", 8080)));
> >           return client;
> >        }
> >     }
> >
> >
> >         Module tlsModule = new AbstractModule() {
> >            @Override protected void configure() {
> >
> > bind(OkHttpClientSupplier.class).to(TLSOkHttpClientSupplier.class);
> >            }
> >         };
> >
> >
> >         Iterable<Module> modules = ImmutableSet.<Module>of(new
> > SLF4JLoggingModule(),tlsModule, new
> OkHttpCommandExecutorServiceModule());
> >
> >             Properties overrides = new Properties();
> >
> > overrides.setProperty(Constants.PROPERTY_LOGGER_WIRE_LOG_SENSITIVE_INFO,
> > true + "");
> >
> >             keystoneApi = ContextBuilder.newBuilder(provider)
> >                   .endpoint(endpoint)
> >                   .credentials(identity, password)
> >                   .modules(modules)
> >                   .overrides(overrides)
> >                   .buildApi(KeystoneApi.class);
> >
> >
> > Any idea of my mistake ?
> >
> > Regards,
> >
> > Stéphane
> >
> >
> > 2016-03-05 1:28 GMT+01:00 Ignasi Barrera <nacx@apache.org>:
> >>
> >> Hi!
> >>
> >> Andrew's link will provide you the context you need.
> >>
> >> I don't know if there is a proper way of configuring this using the
> >> default HTTP driver, but here is a specific example using the OkHttp
> >> one:
> >>
> >> First you will need to create an OkHttpClientSupplier that creates the
> >> http client with the desired connection configuration:
> >>
> >> public class TLSOkHttpClientSupplier implements OkHttpClientSupplier {
> >>    @Override public OkHttpClient get() {
> >>       OkHttpClient client = new OkHttpClient();
> >>       ConnectionSpec tlsSpec =
> >>           new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
> >>          .tlsVersions(TlsVersion.TLS_1_1, TlsVersion.TLS_1_2)
> >>          .build();
> >>       ConnectionSpec cleartextSpec =
> >>          new ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT).build();
> >>       client.setConnectionSpecs(ImmutableList.of(tlsSpec,
> cleartextSpec));
> >>       return client;
> >>    }
> >> }
> >>
> >> Once you have the class that will create the OkHttpClient you just
> >> have to inject it in the Guice context and configure the OkHttp driver
> >> to be used to manage the HTTP connections. Both things are achieved by
> >> providing additional modules when creating the context:
> >>
> >> // Create a Guice module that will bind your supplier implementation
> >> // to the injection context
> >> Module tlsModule = new AbstractModule() {
> >>    @Override protected void configure() {
> >>
>  bind(OkHttpClientSupplier.class).to(TLSOkHttpClientSupplier.class);
> >>    }
> >> };
> >>
> >> // Create the context loading the OkHttpDriver and your custom module
> >> ContextBuilder.newBuilder("provider")
> >>    .modules(ImmutableSet.of(tlsModule,
> >>       new OkHttpCommandExecutorServiceModule()))
> >>    .build()
> >>
> >> Note than in order to use the OkHttp driver you'll have to add the
> >> "org.apache.jclouds.driver/jclouds-okhttp" dependency to your pom.xml.
> >>
> >>
> >> HTH!
> >>
> >> I.
> >>
> >> On 4 March 2016 at 22:23, Andrew Phillips <andrewp@apache.org> wrote:
> >> > Hi Stéphane
> >> >
> >> >> Any idea of code to configure my http client with TLSv1.1 or TLSv1.2
> >> >> instead of TLSv1.0, please ?
> >> >
> >> >
> >> > The following blog post doesn't provide a step-by-step solution, but
> >> > should
> >> > hopefully help:
> >> >
> >> > https://jclouds.apache.org/blog/2014/10/25/poodle-and-jclouds/
> >> >
> >> > Regards
> >> >
> >> > ap
> >
> >
>

Mime
View raw message