jclouds-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ignasi Barrera <n...@apache.org>
Subject Re: Using JClouds without TLSv1.0
Date Wed, 09 Mar 2016 12:32:07 GMT
Don't configure the proxy in the client supplier. Just configure it
the "standard jclouds way", by configuring the proxy properties as
"overrides" when creating the context:
http://jclouds-javadocs.elasticbeanstalk.com/constant-values.html#org.jclouds.Constants.PROPERTY_PROXY_HOST

On 9 March 2016 at 13:18, Mop Sophia <mopsophia@gmail.com> wrote:
> Hi,
>
> Thanks for this code Ignasi, but it seems the client configuration is not
> used, because the client tries a direct connection without proxy :(
> Here is my code :
>
>     public static class TLSOkHttpClientSupplier implements
> OkHttpClientSupplier {
>        @Override public OkHttpClient get() {
>           OkHttpClient client = new OkHttpClient();
>           ConnectionSpec tlsSpec =
>               new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
>              .tlsVersions(TlsVersion.TLS_1_1, TlsVersion.TLS_1_2)
>              .build();
>           ConnectionSpec cleartextSpec =
>              new ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT).build();
>           client.setConnectionSpecs(ImmutableList.of(tlsSpec,
> cleartextSpec));
>           client.setProxy(new Proxy(Proxy.Type.HTTP, new
> InetSocketAddress("10.182.110.12", 8080)));
>           return client;
>        }
>     }
>
>
>         Module tlsModule = new AbstractModule() {
>            @Override protected void configure() {
>
> bind(OkHttpClientSupplier.class).to(TLSOkHttpClientSupplier.class);
>            }
>         };
>
>
>         Iterable<Module> modules = ImmutableSet.<Module>of(new
> SLF4JLoggingModule(),tlsModule, new OkHttpCommandExecutorServiceModule());
>
>             Properties overrides = new Properties();
>
> overrides.setProperty(Constants.PROPERTY_LOGGER_WIRE_LOG_SENSITIVE_INFO,
> true + "");
>
>             keystoneApi = ContextBuilder.newBuilder(provider)
>                   .endpoint(endpoint)
>                   .credentials(identity, password)
>                   .modules(modules)
>                   .overrides(overrides)
>                   .buildApi(KeystoneApi.class);
>
>
> Any idea of my mistake ?
>
> Regards,
>
> St├ęphane
>
>
> 2016-03-05 1:28 GMT+01:00 Ignasi Barrera <nacx@apache.org>:
>>
>> Hi!
>>
>> Andrew's link will provide you the context you need.
>>
>> I don't know if there is a proper way of configuring this using the
>> default HTTP driver, but here is a specific example using the OkHttp
>> one:
>>
>> First you will need to create an OkHttpClientSupplier that creates the
>> http client with the desired connection configuration:
>>
>> public class TLSOkHttpClientSupplier implements OkHttpClientSupplier {
>>    @Override public OkHttpClient get() {
>>       OkHttpClient client = new OkHttpClient();
>>       ConnectionSpec tlsSpec =
>>           new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
>>          .tlsVersions(TlsVersion.TLS_1_1, TlsVersion.TLS_1_2)
>>          .build();
>>       ConnectionSpec cleartextSpec =
>>          new ConnectionSpec.Builder(ConnectionSpec.CLEARTEXT).build();
>>       client.setConnectionSpecs(ImmutableList.of(tlsSpec, cleartextSpec));
>>       return client;
>>    }
>> }
>>
>> Once you have the class that will create the OkHttpClient you just
>> have to inject it in the Guice context and configure the OkHttp driver
>> to be used to manage the HTTP connections. Both things are achieved by
>> providing additional modules when creating the context:
>>
>> // Create a Guice module that will bind your supplier implementation
>> // to the injection context
>> Module tlsModule = new AbstractModule() {
>>    @Override protected void configure() {
>>       bind(OkHttpClientSupplier.class).to(TLSOkHttpClientSupplier.class);
>>    }
>> };
>>
>> // Create the context loading the OkHttpDriver and your custom module
>> ContextBuilder.newBuilder("provider")
>>    .modules(ImmutableSet.of(tlsModule,
>>       new OkHttpCommandExecutorServiceModule()))
>>    .build()
>>
>> Note than in order to use the OkHttp driver you'll have to add the
>> "org.apache.jclouds.driver/jclouds-okhttp" dependency to your pom.xml.
>>
>>
>> HTH!
>>
>> I.
>>
>> On 4 March 2016 at 22:23, Andrew Phillips <andrewp@apache.org> wrote:
>> > Hi St├ęphane
>> >
>> >> Any idea of code to configure my http client with TLSv1.1 or TLSv1.2
>> >> instead of TLSv1.0, please ?
>> >
>> >
>> > The following blog post doesn't provide a step-by-step solution, but
>> > should
>> > hopefully help:
>> >
>> > https://jclouds.apache.org/blog/2014/10/25/poodle-and-jclouds/
>> >
>> > Regards
>> >
>> > ap
>
>

Mime
View raw message