在 apache camel 上制作 API 以便为 HTTPS 实现(SSL)的最佳方法是什么? [英] What is the most optimal way to make an API on apache camel to have (SSL) implemented for HTTPS?

查看:17
本文介绍了在 apache camel 上制作 API 以便为 HTTPS 实现(SSL)的最佳方法是什么?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我希望使用 Apache-Camel 创建的 API 启用 HTTPS.我已经对各种方式(使用 Jetty、Netty 等)进行了一些阅读,但我想知道将 SSL 实现到基于骆驼的 API 的最简单和最有效的方法是什么.这是我当前的配置,我更喜欢(为简单起见,如果我可以使用 netty4-http)

I am looking to make my API created with Apache-Camel be HTTPS enabled. I have conducted some reading into the various ways (using Jetty, Netty etc.) but I'm wanting to know what the simplest and most efficient way to implement SSL to my camel based API is. Here is my current configuration, I would prefer (for simplicity's sake if I could use netty4-http)

public void configure() {

    restConfiguration()
    .component("netty4-http")//Specifies the Camel component to use as the REST transport
    .host("0.0.0.0")//The hostname to use for exposing the REST service
    .port(8080).bindingMode(RestBindingMode.auto)
            .rest("/v1/API.Endpoint")

谢谢各位!

推荐答案

可以按照官方docs 首先指定要使用的 SSLContextParameters,它只是定义证书的位置可以找到在SSL握手期间使用,然后将其设置到netty组件中:

You can configure the Netty4 component as mentioned in the official docs by first specifying the SSLContextParameters to use, which simply define where the certificate to use during SSL handshake can be found, and later on set it onto the netty component:

KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource("/users/home/server/keystore.jks");
ksp.setPassword("keystorePassword");

KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyStore(ksp);
kmp.setKeyPassword("keyPassword");

SSLContextParameters scp = new SSLContextParameters();
scp.setKeyManagers(kmp);

NettyComponent nettyComponent = getContext().getComponent("netty4", NettyComponent.class);
nettyComponent.setSslContextParameters(scp);

如果您使用 Spring (Boot),这可以在 Camel 的上下文初始化例程中轻松完成:

If you use Spring (Boot) this can easily be done during Camel's context initialization routine:

@Bean
CamelContextConfiguration contextConfiguration() {
    return new CamelContextConfiguration() {
       @Override
        public void beforeApplicationStart(CamelContext camelContext) {
            // code goes in here
        }

        @Override
        public void afterApplicationStart(CamelContext camelContext) {
            // noop
        }
    };
}

注意上面的组件被命名为netty4,这也应该反映在其余的配置部分:

Note that the component above was named netty4, this should also reflect in the rest configuration part as well:

restConfiguration()
    .component("netty4")
    .host("0.0.0.0")
    .scheme("https")
    .port(8443)
    ...

可以看到类似的方法,只是在我的一个技术演示项目中使用 Jetty 作为配置的 HTTP 服务器,它保留了 SSLContextParamteter 配置 在它自己的 bean 中,即注入到Jetty 配置,它只是将该参数设置到自定义的 Jetty 组件上.稍后 restConfiguration抽象为基类,某些通过 Jetty 公开端点的路由将从该基类中扩展.

A similar approach can be seen, just with Jetty as configured HTTP server in one of my tech-demo projects which keeps the SSLContextParamteter configuration in its own bean, that is injected into the Jetty configuration which just sets that parameters onto the customized Jetty component. Later on the restConfiguration is abstracted away into a base class which certain routes exposing endpoints via Jetty will extend from.

请进一步注意,您可以使用默认的 Jetty 或 Netty 组件.在我的演示中,我有一个 TLS 1.0 和 1.1 客户端的错误,默认情况下无法作为 Jetty 9.4 连接,排除了所有不安全的密码,Camel 没有将设置正确传播到 Jetty,希望现在应该解决.

Note further that you can use the default Jetty or Netty component. In my demo I had a bug with TLS 1.0 and 1.1 clients that couldn't connect as Jetty 9.4 by default excluded all insecure ciphers and Camel didn't propagate the settings properly to Jetty, which hopefully should be solved now.

这篇关于在 apache camel 上制作 API 以便为 HTTPS 实现(SSL)的最佳方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆