KNOX-2255 - Setting HTTP client connection/socket timeout to 5m for certain services as well as replayBufferSize to 65 bytes for RANGER and useTwoWaySsl to true for NIFI/NIFI-REGISTRY by default (#354)
diff --git a/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/ConfigurableHADispatch.java b/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/ConfigurableHADispatch.java
index a5425d8..544a5bf 100644
--- a/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/ConfigurableHADispatch.java
+++ b/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/ConfigurableHADispatch.java
@@ -21,7 +21,6 @@
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.knox.gateway.config.Configure;
-import org.apache.knox.gateway.config.Optional;
import org.apache.knox.gateway.dispatch.ConfigurableDispatch;
import org.apache.knox.gateway.filter.AbstractGatewayFilter;
import org.apache.knox.gateway.ha.dispatch.i18n.HaDispatchMessages;
@@ -52,10 +51,6 @@
private HaProvider haProvider;
- @Optional
- @Configure
- private String serviceRole;
-
@Override
public void init() {
super.init();
@@ -67,14 +62,6 @@
}
}
- public String getServiceRole() {
- return serviceRole;
- }
-
- public void setServiceRole(String serviceRole) {
- this.serviceRole = serviceRole;
- }
-
public HaProvider getHaProvider() {
return haProvider;
}
diff --git a/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/DefaultHaDispatch.java b/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/DefaultHaDispatch.java
index 698427a..b18c25d 100644
--- a/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/DefaultHaDispatch.java
+++ b/gateway-provider-ha/src/main/java/org/apache/knox/gateway/ha/dispatch/DefaultHaDispatch.java
@@ -18,7 +18,6 @@
package org.apache.knox.gateway.ha.dispatch;
import org.apache.knox.gateway.config.Configure;
-import org.apache.knox.gateway.config.Optional;
import org.apache.knox.gateway.dispatch.DefaultDispatch;
import org.apache.knox.gateway.filter.AbstractGatewayFilter;
import org.apache.knox.gateway.ha.dispatch.i18n.HaDispatchMessages;
@@ -51,10 +50,6 @@
private HaProvider haProvider;
- @Optional
- @Configure
- private String serviceRole;
-
@Override
public void init() {
super.init();
@@ -66,14 +61,6 @@
}
}
- public String getServiceRole() {
- return serviceRole;
- }
-
- public void setServiceRole(String serviceRole) {
- this.serviceRole = serviceRole;
- }
-
public HaProvider getHaProvider() {
return haProvider;
}
diff --git a/gateway-service-definitions/src/main/resources/services/cm-api/1.0.0/service.xml b/gateway-service-definitions/src/main/resources/services/cm-api/1.0.0/service.xml
index c3a4555..cbbad9e 100644
--- a/gateway-service-definitions/src/main/resources/services/cm-api/1.0.0/service.xml
+++ b/gateway-service-definitions/src/main/resources/services/cm-api/1.0.0/service.xml
@@ -33,4 +33,14 @@
<rewrite apply="CM-API/cm-api/rest" to="request.body"/>
</route>
</routes>
+ <dispatch classname="org.apache.knox.gateway.dispatch.DefaultDispatch">
+ <param>
+ <name>httpclient.connectionTimeout</name>
+ <value>5m</value>
+ </param>
+ <param>
+ <name>httpclient.socketTimeout</name>
+ <value>5m</value>
+ </param>
+ </dispatch>
</service>
diff --git a/gateway-service-definitions/src/main/resources/services/hive/0.13.0/service.xml b/gateway-service-definitions/src/main/resources/services/hive/0.13.0/service.xml
index 07e206d..39ee004 100644
--- a/gateway-service-definitions/src/main/resources/services/hive/0.13.0/service.xml
+++ b/gateway-service-definitions/src/main/resources/services/hive/0.13.0/service.xml
@@ -24,5 +24,14 @@
<routes>
<route path="/hive"/>
</routes>
- <dispatch classname="org.apache.knox.gateway.hive.HiveDispatch" ha-classname="org.apache.knox.gateway.hive.HiveHaDispatch"/>
+ <dispatch classname="org.apache.knox.gateway.hive.HiveDispatch" ha-classname="org.apache.knox.gateway.hive.HiveHaDispatch">
+ <param>
+ <name>httpclient.connectionTimeout</name>
+ <value>5m</value>
+ </param>
+ <param>
+ <name>httpclient.socketTimeout</name>
+ <value>5m</value>
+ </param>
+ </dispatch>
</service>
diff --git a/gateway-service-definitions/src/main/resources/services/hue/1.0.0/service.xml b/gateway-service-definitions/src/main/resources/services/hue/1.0.0/service.xml
index 2b7fea7..50bf39d 100644
--- a/gateway-service-definitions/src/main/resources/services/hue/1.0.0/service.xml
+++ b/gateway-service-definitions/src/main/resources/services/hue/1.0.0/service.xml
@@ -61,5 +61,13 @@
<name>responseExcludeHeaders</name>
<value>WWW-AUTHENTICATE</value>
</param>
+ <param>
+ <name>httpclient.connectionTimeout</name>
+ <value>5m</value>
+ </param>
+ <param>
+ <name>httpclient.socketTimeout</name>
+ <value>5m</value>
+ </param>
</dispatch>
</service>
diff --git a/gateway-service-definitions/src/main/resources/services/impala/1.0.0/service.xml b/gateway-service-definitions/src/main/resources/services/impala/1.0.0/service.xml
index 314d7b1..0e67080 100644
--- a/gateway-service-definitions/src/main/resources/services/impala/1.0.0/service.xml
+++ b/gateway-service-definitions/src/main/resources/services/impala/1.0.0/service.xml
@@ -26,5 +26,14 @@
<routes>
<route path="/impala"/>
</routes>
- <dispatch classname="org.apache.knox.gateway.impala.ImpalaDispatch" ha-classname="org.apache.knox.gateway.impala.ImpalaHaDispatch"/>
+ <dispatch classname="org.apache.knox.gateway.impala.ImpalaDispatch" ha-classname="org.apache.knox.gateway.impala.ImpalaHaDispatch">
+ <param>
+ <name>httpclient.connectionTimeout</name>
+ <value>5m</value>
+ </param>
+ <param>
+ <name>httpclient.socketTimeout</name>
+ <value>5m</value>
+ </param>
+ </dispatch>
</service>
diff --git a/gateway-service-definitions/src/main/resources/services/nifi-registry/0.5.0/service.xml b/gateway-service-definitions/src/main/resources/services/nifi-registry/0.5.0/service.xml
index 0ef7dbe..dad1e65 100644
--- a/gateway-service-definitions/src/main/resources/services/nifi-registry/0.5.0/service.xml
+++ b/gateway-service-definitions/src/main/resources/services/nifi-registry/0.5.0/service.xml
@@ -32,5 +32,5 @@
<rewrite apply="NIFI-REGISTRY/nifi-registry/inbound/path/query-other" to="request.url"/>
</route>
</routes>
- <dispatch classname="org.apache.knox.gateway.dispatch.NiFiRegistryDispatch" ha-classname="org.apache.knox.gateway.dispatch.NiFiRegistryHaDispatch" />
+ <dispatch classname="org.apache.knox.gateway.dispatch.NiFiRegistryDispatch" ha-classname="org.apache.knox.gateway.dispatch.NiFiRegistryHaDispatch" use-two-way-ssl="true" />
</service>
diff --git a/gateway-service-definitions/src/main/resources/services/nifi/1.4.0/service.xml b/gateway-service-definitions/src/main/resources/services/nifi/1.4.0/service.xml
index e55c971..89a6ead 100644
--- a/gateway-service-definitions/src/main/resources/services/nifi/1.4.0/service.xml
+++ b/gateway-service-definitions/src/main/resources/services/nifi/1.4.0/service.xml
@@ -32,5 +32,5 @@
<rewrite apply="NIFI/nifi/inbound/path/query-other" to="request.url"/>
</route>
</routes>
- <dispatch classname="org.apache.knox.gateway.dispatch.NiFiDispatch" ha-classname="org.apache.knox.gateway.dispatch.NiFiHaDispatch" />
+ <dispatch classname="org.apache.knox.gateway.dispatch.NiFiDispatch" ha-classname="org.apache.knox.gateway.dispatch.NiFiHaDispatch" use-two-way-ssl="true"/>
</service>
diff --git a/gateway-service-definitions/src/main/resources/services/ranger/1.0.0/service.xml b/gateway-service-definitions/src/main/resources/services/ranger/1.0.0/service.xml
index c803bc6..db13e4b 100644
--- a/gateway-service-definitions/src/main/resources/services/ranger/1.0.0/service.xml
+++ b/gateway-service-definitions/src/main/resources/services/ranger/1.0.0/service.xml
@@ -35,6 +35,10 @@
<name>responseExcludeHeaders</name>
<value>WWW-AUTHENTICATE</value>
</param>
+ <param>
+ <name>replayBufferSize</name>
+ <value>65</value>
+ </param>
</dispatch>
</service>
diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/SpiGatewayMessages.java b/gateway-spi/src/main/java/org/apache/knox/gateway/SpiGatewayMessages.java
index 335a5ce..70db7f6 100644
--- a/gateway-spi/src/main/java/org/apache/knox/gateway/SpiGatewayMessages.java
+++ b/gateway-spi/src/main/java/org/apache/knox/gateway/SpiGatewayMessages.java
@@ -91,4 +91,15 @@
text = "The dispatch to {0} was disallowed because it fails the dispatch whitelist validation. See documentation for dispatch whitelisting." )
void dispatchDisallowed(String uri);
+ @Message( level = MessageLevel.DEBUG, text = "HTTP client connection timeout is set to {0} for {1}" )
+ void setHttpClientConnectionTimeout(int connectionTimeout, String serviceRole);
+
+ @Message( level = MessageLevel.DEBUG, text = "HTTP client socket timeout is set to {0} for {1}" )
+ void setHttpClientSocketTimeout(int csocketTimeout, String serviceRole);
+
+ @Message( level = MessageLevel.DEBUG, text = "replayBufferSize is set to {0} for {1}" )
+ void setReplayBufferSize(int replayBufferSize, String serviceRole);
+
+ @Message( level = MessageLevel.DEBUG, text = "Using two way SSL in {0}" )
+ void usingTwoWaySsl(String serviceRole);
}
diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/DefaultDispatch.java b/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/DefaultDispatch.java
index a7edec4..0d4608c 100644
--- a/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/DefaultDispatch.java
+++ b/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/DefaultDispatch.java
@@ -40,6 +40,7 @@
import org.apache.knox.gateway.config.Configure;
import org.apache.knox.gateway.config.Default;
import org.apache.knox.gateway.config.GatewayConfig;
+import org.apache.knox.gateway.config.Optional;
import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.i18n.resources.ResourcesFactory;
import org.apache.knox.gateway.util.MimeTypes;
@@ -72,6 +73,10 @@
private Set<String> outboundResponseExcludeHeaders = Collections.singleton(WWW_AUTHENTICATE);
private Set<String> outboundResponseExcludedSetCookieHeaderDirectives = Collections.singleton(EXCLUDE_ALL);
+ @Optional
+ @Configure
+ private String serviceRole;
+
//Buffer size in bytes
private int replayBufferSize = -1;
@@ -86,6 +91,14 @@
return replayBufferSize;
}
+ public String getServiceRole() {
+ return serviceRole;
+ }
+
+ public void setServiceRole(String serviceRole) {
+ this.serviceRole = serviceRole;
+ }
+
@Configure
protected void setReplayBufferSize(@Default("-1")int size) {
setReplayBufferSizeInBytes(size);
@@ -100,6 +113,7 @@
size *= 1024;
}
replayBufferSize = size;
+ LOG.setReplayBufferSize(replayBufferSize, getServiceRole());
}
protected void executeRequest(
diff --git a/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/DefaultHttpClientFactory.java b/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/DefaultHttpClientFactory.java
index 8e5b34d..c4dab74 100644
--- a/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/DefaultHttpClientFactory.java
+++ b/gateway-spi/src/main/java/org/apache/knox/gateway/dispatch/DefaultHttpClientFactory.java
@@ -31,7 +31,9 @@
import org.apache.knox.gateway.services.ServiceType;
import org.apache.knox.gateway.services.security.AliasService;
import org.apache.knox.gateway.services.security.KeystoreService;
+import org.apache.knox.gateway.SpiGatewayMessages;
import org.apache.knox.gateway.config.GatewayConfig;
+import org.apache.knox.gateway.i18n.messages.MessagesFactory;
import org.apache.knox.gateway.services.GatewayServices;
import org.apache.knox.gateway.services.metrics.MetricsService;
import org.apache.http.HttpRequest;
@@ -64,10 +66,13 @@
import org.joda.time.format.PeriodFormatterBuilder;
public class DefaultHttpClientFactory implements HttpClientFactory {
+ private static final SpiGatewayMessages LOG = MessagesFactory.get(SpiGatewayMessages.class);
+ private static final String PARAMETER_SERVICE_ROLE = "serviceRole";
static final String PARAMETER_USE_TWO_WAY_SSL = "useTwoWaySsl";
@Override
public HttpClient createHttpClient(FilterConfig filterConfig) {
+ final String serviceRole = filterConfig.getInitParameter(PARAMETER_SERVICE_ROLE);
HttpClientBuilder builder;
GatewayConfig gatewayConfig = (GatewayConfig) filterConfig.getServletContext().getAttribute(GatewayConfig.GATEWAY_CONFIG_ATTRIBUTE);
GatewayServices services = (GatewayServices) filterConfig.getServletContext()
@@ -80,7 +85,7 @@
}
// Conditionally set a custom SSLContext
- SSLContext sslContext = createSSLContext(services, filterConfig);
+ SSLContext sslContext = createSSLContext(services, filterConfig, serviceRole);
if(sslContext != null) {
builder.setSSLSocketFactory(new SSLConnectionSocketFactory(sslContext));
}
@@ -109,7 +114,7 @@
builder.setMaxConnTotal( maxConnections );
builder.setMaxConnPerRoute( maxConnections );
- builder.setDefaultRequestConfig( getRequestConfig( filterConfig ) );
+ builder.setDefaultRequestConfig(getRequestConfig(filterConfig, serviceRole));
// See KNOX-1530 for details
builder.disableContentCompression();
@@ -134,9 +139,10 @@
*
* @param services the {@link GatewayServices}
* @param filterConfig a {@link FilterConfig} used to query for parameters for this operation
+ * @param serviceRole the name of the service role to whom this HTTP client is being created for
* @return a {@link SSLContext} or <code>null</code> if a custom {@link SSLContext} is not needed.
*/
- SSLContext createSSLContext(GatewayServices services, FilterConfig filterConfig) {
+ SSLContext createSSLContext(GatewayServices services, FilterConfig filterConfig, String serviceRole) {
KeyStore identityKeystore;
char[] identityKeyPassphrase;
KeyStore trustKeystore;
@@ -144,6 +150,7 @@
KeystoreService ks = services.getService(ServiceType.KEYSTORE_SERVICE);
try {
if (Boolean.parseBoolean(filterConfig.getInitParameter(PARAMETER_USE_TWO_WAY_SSL))) {
+ LOG.usingTwoWaySsl(serviceRole);
AliasService as = services.getService(ServiceType.ALIAS_SERVICE);
// Get the Gateway's configured identity keystore and key passphrase
@@ -191,16 +198,18 @@
}
}
- static RequestConfig getRequestConfig( FilterConfig config ) {
+ static RequestConfig getRequestConfig(FilterConfig config, String serviceRole) {
RequestConfig.Builder builder = RequestConfig.custom();
int connectionTimeout = getConnectionTimeout( config );
if ( connectionTimeout != -1 ) {
builder.setConnectTimeout( connectionTimeout );
builder.setConnectionRequestTimeout( connectionTimeout );
+ LOG.setHttpClientConnectionTimeout(connectionTimeout, serviceRole == null ? "N/A" : serviceRole);
}
int socketTimeout = getSocketTimeout( config );
if( socketTimeout != -1 ) {
builder.setSocketTimeout( socketTimeout );
+ LOG.setHttpClientSocketTimeout(socketTimeout, serviceRole == null ? "N/A" : serviceRole);
}
// HttpClient 4.5.7 is broken for %2F handling with url normalization.
diff --git a/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/DefaultHttpClientFactoryTest.java b/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/DefaultHttpClientFactoryTest.java
index 6ceeeb2..d0a50f6 100644
--- a/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/DefaultHttpClientFactoryTest.java
+++ b/gateway-spi/src/test/java/org/apache/knox/gateway/dispatch/DefaultHttpClientFactoryTest.java
@@ -75,6 +75,7 @@
expect(filterConfig.getInitParameter("httpclient.maxConnections")).andReturn(null).once();
expect(filterConfig.getInitParameter("httpclient.connectionTimeout")).andReturn(null).once();
expect(filterConfig.getInitParameter("httpclient.socketTimeout")).andReturn(null).once();
+ expect(filterConfig.getInitParameter("serviceRole")).andReturn(null).once();
replay(keystoreService, gatewayConfig, gatewayServices, servletContext, filterConfig);
@@ -99,7 +100,7 @@
replay(keystoreService, gatewayServices, filterConfig);
DefaultHttpClientFactory factory = new DefaultHttpClientFactory();
- SSLContext context = factory.createSSLContext(gatewayServices, filterConfig);
+ SSLContext context = factory.createSSLContext(gatewayServices, filterConfig, "service");
assertNull(context);
verify(keystoreService, gatewayServices, filterConfig);
@@ -126,7 +127,7 @@
replay(keystoreService, aliasService, gatewayServices, filterConfig);
DefaultHttpClientFactory factory = new DefaultHttpClientFactory();
- SSLContext context = factory.createSSLContext(gatewayServices, filterConfig);
+ SSLContext context = factory.createSSLContext(gatewayServices, filterConfig, "service");
assertNotNull(context);
verify(keystoreService, aliasService, gatewayServices, filterConfig);
@@ -154,7 +155,7 @@
replay(keystoreService, aliasService, gatewayServices, filterConfig);
DefaultHttpClientFactory factory = new DefaultHttpClientFactory();
- SSLContext context = factory.createSSLContext(gatewayServices, filterConfig);
+ SSLContext context = factory.createSSLContext(gatewayServices, filterConfig, "service");
assertNotNull(context);
verify(keystoreService, aliasService, gatewayServices, filterConfig);
@@ -174,7 +175,7 @@
replay(keystoreService, gatewayServices, filterConfig);
DefaultHttpClientFactory factory = new DefaultHttpClientFactory();
- SSLContext context = factory.createSSLContext(gatewayServices, filterConfig);
+ SSLContext context = factory.createSSLContext(gatewayServices, filterConfig, "service");
assertNull(context);
verify(keystoreService, gatewayServices, filterConfig);
@@ -196,7 +197,7 @@
replay(keystoreService, gatewayServices, filterConfig);
DefaultHttpClientFactory factory = new DefaultHttpClientFactory();
- SSLContext context = factory.createSSLContext(gatewayServices, filterConfig);
+ SSLContext context = factory.createSSLContext(gatewayServices, filterConfig, "service");
assertNotNull(context);
verify(keystoreService, gatewayServices, filterConfig);
@@ -218,7 +219,7 @@
replay(gatewayConfig, servletContext, filterConfig);
- RequestConfig requestConfig = DefaultHttpClientFactory.getRequestConfig(filterConfig);
+ RequestConfig requestConfig = DefaultHttpClientFactory.getRequestConfig(filterConfig, "service");
assertTrue(requestConfig.isNormalizeUri());
diff --git a/gateway-util-configinjector/src/main/java/org/apache/knox/gateway/config/impl/DefaultConfigurationInjector.java b/gateway-util-configinjector/src/main/java/org/apache/knox/gateway/config/impl/DefaultConfigurationInjector.java
index bfb191e..a138d85 100755
--- a/gateway-util-configinjector/src/main/java/org/apache/knox/gateway/config/impl/DefaultConfigurationInjector.java
+++ b/gateway-util-configinjector/src/main/java/org/apache/knox/gateway/config/impl/DefaultConfigurationInjector.java
@@ -30,6 +30,8 @@
import java.lang.annotation.Annotation;
import java.lang.reflect.Field;
import java.lang.reflect.Method;
+import java.util.Arrays;
+import java.util.Comparator;
import java.util.Locale;
public class DefaultConfigurationInjector implements ConfigurationInjector {
@@ -49,6 +51,18 @@
private void injectClass( Class type, Object target, ConfigurationAdapter config, ConfigurationBinding binding )
throws ConfigurationException {
Field[] fields = type.getDeclaredFields();
+ Arrays.sort(fields, new Comparator<Field>() {
+ @Override
+ public int compare(Field field1, Field field2) {
+ if ("serviceRole".equals(field1.getName())) {
+ return -1;
+ } else if ("serviceRole".equals(field2.getName())) {
+ return 1;
+ } else {
+ return field1.getName().compareTo(field2.getName());
+ }
+ };
+ });
for( Field field : fields ) {
injectFieldValue( field, target, config, binding );
}