Re: [PR] HIVE-29112: HMS embedded servlets https support [hive]

Wed, 13 Aug 2025 05:22:32 -0700 


deniskuzZ commented on code in PR #6002:
URL: https://github.com/apache/hive/pull/6002#discussion_r2273208807


##########
standalone-metastore/metastore-server/src/main/java/org/apache/hadoop/hive/metastore/ServletServerBuilder.java:
##########
@@ -159,24 +165,49 @@ private Server createServer() {
   }
 
   /**
-   * Creates a server instance and a connector on a given port.
+   * Create an SSL context factory using the configuration.
    *
-   * @param server            the server instance
-   * @param sslContextFactory the ssl factory
-   * @param port              the port
-   * @return the server connector listening to the port
+   * @param conf The configuration to use
+   * @return The created SslContextFactory or null if creation failed
+   */
+  private static SslContextFactory createSslContextFactory(Configuration conf) 
throws IOException {
+      return ServletSecurity.createSslContextFactoryIf(conf, 
MetastoreConf.ConfVars.USE_SSL);
+  }
+
+  /**
+   * Create an HTTP or HTTPS connector.
+   *
+   * @param server The server to create the connector for
+   * @param sslContextFactory The ssl context factory to use;
+   *                          if null, the connector will be HTTP; if not 
null, the connector will be HTTPS
+   * @param port The port to bind the connector to
+   * @return The created ServerConnector
    */
   private ServerConnector createConnector(Server server, SslContextFactory 
sslContextFactory, int port) {
-    final ServerConnector connector = new ServerConnector(server, 
sslContextFactory);
+    final ServerConnector connector;
+    if (sslContextFactory == null) {

Review Comment:
   can we refactor this to
   ````
   HttpConfiguration httpConf = new HttpConfiguration();
   
   // Do not leak information - this logic is now in one place.
   httpConf.setSendServerVersion(false);
   httpConf.setSendXPoweredBy(false);
   
   if (sslContextFactory != null) {
       httpConf.setSecureScheme(HTTPS);
       httpConf.setSecurePort(port);
       httpConf.addCustomizer(new SecureRequestCustomizer());
       
       connector = new ServerConnector(server, sslContextFactory, new 
HttpConnectionFactory(httpConf));
       connector.setName(HTTPS);
   } else {
       connector = new ServerConnector(server, new 
HttpConnectionFactory(httpConf));
       connector.setName(HTTP);
   }
   ````
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: gitbox-unsubscr...@hive.apache.org
For additional commands, e-mail: gitbox-h...@hive.apache.org

Reply via email to