Issue with Undertow Client and SSL
by Thomas Segismont
Hi,
Openshift Origin uses Hawkular Metrics to store node and container data. In
this scenario, Hawkular Metrics calls the Kubernetes master server over
HTTPS to validate the client identity. This is implemented with Undertow
Client, as part of a ServletExtension (inside Wildfly 10) [1]. Works fine
in development and testing.
Now the Openshit team sees errors in the logs [2][3]. I couldn't reproduce
yet. Errors come in pair, first the "UT005001: An exception occurred
processing the request: java.lang.IllegalStateException: XNIO000017: Buffer
was already freed", and just after "XNIO001007: A channel event listener
threw an exception: java.lang.NullPointerException".
Does that ring a bell? I haven't been able to find a starting point by
looking into the source the code.
Thanks
--
Thomas Segismont
JBoss ON Engineering Team
[1] https://git.io/vrNyP
[2] https://issues.jboss.org/browse/HWKMETRICS-408
[3] https://issues.jboss.org/secure/attachment/12405779/hawkular.log
1 week, 3 days
Correctly shutting down a websocket handler
by Robin Anil
When a client disconnects, I see that onClose is not being fired. The only
way this seems to be firing if client sents a close frame.
Is there any way to detect disconnection and immediately close all the
opened resources.
Robin
Robin Anil | Software Engineer
2 years, 5 months
Resource Handling Revisited
by Hicks, Matt
Previously I've asked about streaming a single file back to the client and
got some good insight as to how to accomplish this with `transferFrom`, but
this misses out on all the extra features like resuming transfers, cached
content, etc. It would be very nice Undertow offered a static utility
method to serve up File, Path, and URL providing all of this functionality
that is currently contained in ResourceHandler (
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io...
).
I don't think it would be difficult to extract all of that out of the
private method and simply have ResourceHandler call the static method.
Stuart, what do you think?
I'd even be willing to do the leg-work if you'd be willing to accept a PR
for it.
9 years, 2 months
IO and Worker Thread based on custom preferences
by tone randomnaja
Hi there !
Undertow has `IO Thread` and `Worker Thread` configuration (<subsystem
xmlns="urn:jboss:domain:io:1.1"><worker name="default".....) which could be
bounded per Listener (<http-listener....).
In my case I have 1 Listenner (AJP) and 1 Application (EAR),
I'd like to be able to priority and manage Worker Thread base on some
preferences, such as URL path.
Above for a reason of controlling the load of specific URL (under the same
Web Context).
Any suggestions or ideas ?
9 years, 2 months
Question regarding serving a REST API and a WEB UI over the same Undertow instance
by Dieter Bogdoll
Hi Steve,
first thanks again for your help.
I have another question / problem: I have now a running and working REST
API using client certificates auth. Now I would also like to provide an UI
which makes using the REST API easier for interactive usage. (so the web UI
would internally call the REST API)
a) I got my java web UI as war file. How can I register that war file
programmatically with undertow (which also runs my REST API)?
b) Would client certificates also work with web UIs? Would the browser then
just ask for the cert or how do I provide in this case the user cert? E.g.
when I point right now my browser on an URL of the REST API I just got
"Forbidden".
c) If b) is not possible or not easy to do, can I use a different security
realm and auth method for the web ui, maybe BASIC AUTH instead CLIENT CERT
(but just for the web ui?)
Best regards,
Dieter
9 years, 2 months
Proxying SSL
by Hicks, Matt
In
https://github.com/undertow-io/undertow/blob/master/examples/src/main/jav...
a
LoadBalancingProxyClient and a reverse proxy server are being used to proxy
HTTPS, but is all of that necessary?
I'm attempting to proxy from my current code:
SimpleProxyClientProvider proxyClient = new SimpleProxyClientProvider(uri);
ProxyHandler proxyHandler = Handlers.proxyHandler(proxyClient);
To add support to proxy SSL. The proxying is local and both the originating
server and the server being proxied to are using the exact same SSL
certificate. Is there something I can add to this to make it work right,
or do I have to create a LoadBalancingProxyClient?
9 years, 2 months
SSL Documentation
by Hicks, Matt
Is there any documentation for configuring SSL on my server? I was looking
through the online docs and found nothing (apart from "Assembling a Server
Manually").
Any assistance would be appreciated.
Thanks
9 years, 2 months
Add basic auth programmatically
by Вячеслав А
Hello.
I have a problem with auth for web services in my jar.
I want to add BASIC auth programmatically.
I have two places: from ServletExtension and from HttpHandler for request.
I cant find the way to do it ( It will be better if i can do it from
ServletExtension by modify DeploymentInfo.
Thank you in advance for your help.
9 years, 2 months
Undertow: How to use client cert auth with roles
by Dieter Bogdoll
Hello Mailinglist,
I would like to use undertow for creating REST APIs.
I also would like to use HTTPS for communcation between client and server.
The user should authenticate itself with a client certificate. On the
server should be a component which takes the client certificate and
uses some other service (properties file, database, ...) to which roles
the user has (and therefor if and what parts of the REST API he can use).
I think I know how to listen only to HTTPS, but I'm not sure how to extract
the relevant bits from the client certificate and how to set the
groups/roles.
The solution should be compatible with the Servlet API. Is there some
example
code which I could look up, or some tutorial describing what I required?
Best regards,
Dieter
9 years, 2 months
