问题
I am looking to make my API created with Apache-Camel be HTTPS enabled. I have conducted some reading into the various ways (using Jetty, Netty etc.) but I'm wanting to know what the simplest and most efficient way to implement SSL to my camel based API is. Here is my current configuration, I would prefer (for simplicity's sake if I could use netty4-http)
public void configure() {
restConfiguration()
.component("netty4-http")//Specifies the Camel component to use as the REST transport
.host("0.0.0.0")//The hostname to use for exposing the REST service
.port(8080).bindingMode(RestBindingMode.auto)
.rest("/v1/API.Endpoint")
Thanks guys!
回答1:
You can configure the Netty4 component as mentioned in the official docs by first specifying the SSLContextParameters to use, which simply define where the certificate to use during SSL handshake can be found, and later on set it onto the netty component:
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource("/users/home/server/keystore.jks");
ksp.setPassword("keystorePassword");
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyStore(ksp);
kmp.setKeyPassword("keyPassword");
SSLContextParameters scp = new SSLContextParameters();
scp.setKeyManagers(kmp);
NettyComponent nettyComponent = getContext().getComponent("netty4", NettyComponent.class);
nettyComponent.setSslContextParameters(scp);
If you use Spring (Boot) this can easily be done during Camel's context initialization routine:
@Bean
CamelContextConfiguration contextConfiguration() {
return new CamelContextConfiguration() {
@Override
public void beforeApplicationStart(CamelContext camelContext) {
// code goes in here
}
@Override
public void afterApplicationStart(CamelContext camelContext) {
// noop
}
};
}
Note that the component above was named netty4, this should also reflect in the rest configuration part as well:
restConfiguration()
.component("netty4")
.host("0.0.0.0")
.scheme("https")
.port(8443)
...
A similar approach can be seen, just with Jetty as configured HTTP server in one of my tech-demo projects which keeps the SSLContextParamteter configuration in its own bean, that is injected into the Jetty configuration which just sets that parameters onto the customized Jetty component. Later on the restConfiguration is abstracted away into a base class which certain routes exposing endpoints via Jetty will extend from.
Note further that you can use the default Jetty or Netty component. In my demo I had a bug with TLS 1.0 and 1.1 clients that couldn't connect as Jetty 9.4 by default excluded all insecure ciphers and Camel didn't propagate the settings properly to Jetty, which hopefully should be solved now.
来源:https://stackoverflow.com/questions/55497605/what-is-the-most-optimal-way-to-make-an-api-on-apache-camel-to-have-ssl-implem