在Apache骆驼上为HTTPS实施(SSL)的API的最佳方法是什么? [英] What is the most optimal way to make an API on apache camel to have (SSL) implemented for HTTPS?
问题描述
我希望将使用Apache-Camel创建的API启用HTTPS.我已经对各种方式(使用Jetty,Netty等)进行了一些阅读,但是我想知道对基于骆驼的API实施SSL的最简单,最有效的方法是什么.这是我当前的配置,我更喜欢(为简单起见,如果我可以使用netty4-http)
I am looking to make my API created with Apache-Camel be HTTPS enabled. I have conducted some reading into the various ways (using Jetty, Netty etc.) but I'm wanting to know what the simplest and most efficient way to implement SSL to my camel based API is. Here is my current configuration, I would prefer (for simplicity's sake if I could use netty4-http)
public void configure() {
restConfiguration()
.component("netty4-http")//Specifies the Camel component to use as the REST transport
.host("0.0.0.0")//The hostname to use for exposing the REST service
.port(8080).bindingMode(RestBindingMode.auto)
.rest("/v1/API.Endpoint")
谢谢大家!
推荐答案
You can configure the Netty4 component as mentioned in the official docs by first specifying the SSLContextParameters to use, which simply define where the certificate to use during SSL handshake can be found, and later on set it onto the netty component:
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource("/users/home/server/keystore.jks");
ksp.setPassword("keystorePassword");
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyStore(ksp);
kmp.setKeyPassword("keyPassword");
SSLContextParameters scp = new SSLContextParameters();
scp.setKeyManagers(kmp);
NettyComponent nettyComponent = getContext().getComponent("netty4", NettyComponent.class);
nettyComponent.setSslContextParameters(scp);
如果使用Spring(引导),则可以在Camel的上下文初始化例程中轻松完成:
If you use Spring (Boot) this can easily be done during Camel's context initialization routine:
@Bean
CamelContextConfiguration contextConfiguration() {
return new CamelContextConfiguration() {
@Override
public void beforeApplicationStart(CamelContext camelContext) {
// code goes in here
}
@Override
public void afterApplicationStart(CamelContext camelContext) {
// noop
}
};
}
请注意,上面的组件被命名为 netty4 ,这也应该在其余的配置部分中反映出来:
Note that the component above was named netty4, this should also reflect in the rest configuration part as well:
restConfiguration()
.component("netty4")
.host("0.0.0.0")
.scheme("https")
.port(8443)
...
可以看到一种类似的方法,只是在我的一个技术演示项目中使用Jetty作为配置的HTTP服务器,该项目使
A similar approach can be seen, just with Jetty as configured HTTP server in one of my tech-demo projects which keeps the SSLContextParamteter configuration in its own bean, that is injected into the Jetty configuration which just sets that parameters onto the customized Jetty component. Later on the restConfiguration is abstracted away into a base class which certain routes exposing endpoints via Jetty will extend from.
请进一步注意,您可以使用默认的Jetty或Netty组件.在我的演示中,我遇到了TLS 1.0和1.1客户端无法连接的错误,因为默认情况下Jetty 9.4无法连接,排除了所有不安全的密码,并且Camel没有将设置正确传播到Jetty,希望现在就可以解决.
Note further that you can use the default Jetty or Netty component. In my demo I had a bug with TLS 1.0 and 1.1 clients that couldn't connect as Jetty 9.4 by default excluded all insecure ciphers and Camel didn't propagate the settings properly to Jetty, which hopefully should be solved now.
这篇关于在Apache骆驼上为HTTPS实施(SSL)的API的最佳方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
