Cargo

Allow direct configuration of SSL/TLS connector options for Tomcat 5.x, 6.x, and 7.x stand alone local configurations

Details

  • Type: Improvement Improvement
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: 1.3.0
  • Component/s: Tomcat
  • Labels:
    None
  • Complexity:
    Intermediate
  • Patch Submitted:
    Yes
  • Number of attachments :
    3

Description

There are a number of configuration attributes on the "Connector" element in server.xml. For a stand alone local configuration, the ability to control the settings for the JSSE based implementation of SSL/TLS support would make testing against a secured Tomcat with Cargo far easier.

The attached patch adds support for the configuration of the server key store, trust store, client authentication, and protocol settings.

The patch adds 2 checkstyle violations relating to complexity; however, the metrics do not reflect the real-world simplicity of the method implementation and can be considered false positives.

I did not see any integration tests that examine the resulting server.xml file and therefore did not include tests of the new features. I tested the updated code against the project I am working on. If there are automated tests of this aspect of the container support, please indicate where these reside and I will happily add the new features to the test.

Finally, the documentation that enumerates the container configuration options is generated by the build. Is there anything specific that I need to do in the code base to ensure that the new options appear in the documentation?

  1. File
    localhost.jks
    31/Aug/12 1:58 PM
    2 kB
    David Valeri
  2. Text File
    tomcat-tls.patch
    04/Sep/12 9:40 AM
    19 kB
    David Valeri
  3. Text File
    tomcat-tls.patch
    31/Aug/12 1:58 PM
    19 kB
    David Valeri

Issue Links

is duplicated by

Bug - A problem which impairs or prevents the functions of the product. CARGO-1134 Cannot enable SSL on Tomcat 5.x, 6.x, and 7.x standalone local configuration

  • Major - Major loss of function.
  • Closed - The issue is considered finished, the resolution is correct. Issues which are not closed can be reopened.
is related to

New Feature - A new feature of the product, which has yet to be developed. CARGO-574 Support simultaneous http and https connectors in tomcat5x

  • Major - Major loss of function.
  • Open - The issue is open and ready for the assignee to start work on it.

New Feature - A new feature of the product, which has yet to be developed. CARGO-977 HTTPS (cargo.protocol) support for Jetty 6.x, 7.x

  • Major - Major loss of function.
  • Open - The issue is open and ready for the assignee to start work on it.

Improvement - An improvement or enhancement to an existing feature or task. CARGO-1030 support both http and https configuration

  • Minor - Minor loss of function, or other problem where easy workaround is present.
  • Open - The issue is open and ready for the assignee to start work on it.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Savas Ali Tokmen added a comment -

Hi David

The patch looks very good. In order to add tests, what you need to do is to add the to the core/samples/java Maven artifact. That one has, in tests, the org.codehaus.cargo.sample.java.tomcat package which contains Tomcat-specific tests.

This way, we do not test what is in the server.xml but that what is attempted to be set actually works as expected

Let me know when ready -I'll then give you developer access.

Thank you

Show
Savas Ali Tokmen added a comment - Hi David The patch looks very good. In order to add tests, what you need to do is to add the to the core/samples/java Maven artifact. That one has, in tests, the org.codehaus.cargo.sample.java.tomcat package which contains Tomcat-specific tests. This way, we do not test what is in the server.xml but that what is attempted to be set actually works as expected Let me know when ready -I'll then give you developer access. Thank you
Hide
Permalink
David Valeri added a comment -

Attaching updated patch. Also including the JKS file used by the patch. Place the JKS file in the src/test/resources folder of the samples/java module.

Show
David Valeri added a comment - Attaching updated patch. Also including the JKS file used by the patch. Place the JKS file in the src/test/resources folder of the samples/java module.
Hide
Permalink
Savas Ali Tokmen added a comment -

Hi David

It looks almost perfect, just a few minor fixes for the TomcatTLSTest:

  • It is preferrabke to use the absolute file name when referencing the TLS file. So, testTlsConfigContainer would have these few lines and localhostJksPath would then be used to set TomcatPropertySet.CONNECTOR_KEY_STORE_FILE and TomcatPropertySet.CONNECTOR_TRUST_STORE_FILE 
            File localhostJks = new File("target/test-classes/localhost.jks");
        String localhostJksPath = localhostJks.getAbsolutePath();
        assertTrue("Cannot find file " + localhostJks, localhostJks.isFile());
  • In the comments of TomcatTLSTest, make sure you give the correct title (we don't test Tomcat packager but Tomcat HTTPS support)

Could you please give me your username on https://xircles.codehaus.org/ so I add you as developer on CARGO and you can check in your changes?

Thank you

Show
Savas Ali Tokmen added a comment - Hi David It looks almost perfect, just a few minor fixes for the TomcatTLSTest: It is preferrabke to use the absolute file name when referencing the TLS file. So, testTlsConfigContainer would have these few lines and localhostJksPath would then be used to set TomcatPropertySet.CONNECTOR_KEY_STORE_FILE and TomcatPropertySet.CONNECTOR_TRUST_STORE_FILE File localhostJks = new File("target/test-classes/localhost.jks"); String localhostJksPath = localhostJks.getAbsolutePath(); assertTrue("Cannot find file " + localhostJks, localhostJks.isFile()); In the comments of TomcatTLSTest, make sure you give the correct title (we don't test Tomcat packager but Tomcat HTTPS support) Could you please give me your username on https://xircles.codehaus.org/ so I add you as developer on CARGO and you can check in your changes? Thank you
Hide
Permalink
David Valeri added a comment -

Updated patch attached with requested changes.

My username is "dvaleri".

Show
David Valeri added a comment - Updated patch attached with requested changes. My username is "dvaleri".
Hide
Permalink
Savas Ali Tokmen added a comment -

David Valeri (dvaleri) accepted as a Developer

Once you've commited and once the CI http://bamboo.ci.codehaus.org/browse/CARGO is happy; please close this with fix versions 1.2.5 and 1.3.0.

Thank you

Show
Savas Ali Tokmen added a comment - David Valeri (dvaleri) accepted as a Developer Once you've commited and once the CI http://bamboo.ci.codehaus.org/browse/CARGO is happy; please close this with fix versions 1.2.5 and 1.3.0. Thank you
Hide
Permalink
Savas Ali Tokmen added a comment -

Updated documentation and default values with revision 3401.

Thank you for your contribution

Show
Savas Ali Tokmen added a comment - Updated documentation and default values with revision 3401. Thank you for your contribution

People

  • Assignee:
    David Valeri
    Reporter:
    David Valeri
Vote (0)
Watch (2)

Dates

  • Created:
    Updated:
    Resolved: