hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Best way to use one SSLContext for different origin servers in a proxy
Date Tue, 09 May 2017 07:21:55 GMT
Hi All,

We have a nice example in HttpCore for an HTTP reverse proxy here:

https://hc.apache.org/httpcomponents-core-4.4.x/httpcore-nio/examples/org/apache/http/examples/nio/NHttpReverseProxy.java

I've taken this example and morphed into a different beast. I am wondering
how I can let each origin server client have its own SSLContext in order
for me to given them different TrustStrategy implementations.

In our example, we set things up like this:

        final IOEventDispatch *connectingEventDispatch *= new
DefaultHttpClientIODispatch(
                clientHandler, ConnectionConfig.DEFAULT);

        final IOEventDispatch listeningEventDispatch = new
DefaultHttpServerIODispatch(
                serviceHandler, ConnectionConfig.DEFAULT);

        Thread t = new Thread(new Runnable() {

            public void run() {
                try {
                    connectingIOReactor.execute(*connectingEventDispatch*);
                } catch (InterruptedIOException ex) {
                    System.err.println("Interrupted");
                } catch (IOException ex) {
                    ex.printStackTrace();
                } finally {
                    try {
                        listeningIOReactor.shutdown();
                    } catch (IOException ex2) {
                        ex2.printStackTrace();
                    }
                }
            }

        });
        t.start();


In my case I build the connectingEventDispatch with our lower-level APIs in
order to pass in the SSLContext like this:

ConnectionConfig clientConnectionConfig = ConnectionConfig.DEFAULT;
IOEventDispatch *connectingEventDispatch *=
    clientSslContext == null ?
    new DefaultHttpClientIODispatch(clientHandler, clientConnectionConfig)
:
    new DefaultHttpClientIODispatch(clientHandler, *clientSslContext*,
clientConnectionConfig);

But this SSLContext is used for ALL origin servers (a.k.a. target hosts)

Do I need to build a connectingEventDispatch for each SSLContext I need and
then execute each like the above:

connectingIOReactor.execute(connectingEventDispatch);

Each execute in its own thread?

Or is there a cleaner, more HttpCore way to do this?

Thank you!
Gary

-- 
E-Mail: garydgregory@gmail.com | ggregory@apache.org
Java Persistence with Hibernate, Second Edition
<https://www.amazon.com/gp/product/1617290459/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1617290459&linkCode=as2&tag=garygregory-20&linkId=cadb800f39946ec62ea2b1af9fe6a2b8>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1617290459>
JUnit in Action, Second Edition
<https://www.amazon.com/gp/product/1935182021/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182021&linkCode=as2&tag=garygregory-20&linkId=31ecd1f6b6d1eaf8886ac902a24de418%22>

<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182021>
Spring Batch in Action
<https://www.amazon.com/gp/product/1935182951/ref=as_li_tl?ie=UTF8&camp=1789&creative=9325&creativeASIN=1935182951&linkCode=%7B%7BlinkCode%7D%7D&tag=garygregory-20&linkId=%7B%7Blink_id%7D%7D%22%3ESpring+Batch+in+Action>
<http:////ir-na.amazon-adsystem.com/e/ir?t=garygregory-20&l=am2&o=1&a=1935182951>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message