[jira] [Work logged] (ARTEMIS-4245) Expose web SNI settings

Thu, 27 Apr 2023 08:55:07 -0700 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4245?focusedWorklogId=859430&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-859430
 ]

ASF GitHub Bot logged work on ARTEMIS-4245:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 27/Apr/23 15:54
            Start Date: 27/Apr/23 15:54
    Worklog Time Spent: 10m 
      Work Description: brusdev commented on code in PR #4441:
URL: https://github.com/apache/activemq-artemis/pull/4441#discussion_r1179376675


##########
artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java:
##########
@@ -215,11 +221,11 @@ public void testComponentStopStartBehavior() throws 
Exception {
       Assert.assertFalse(webServerComponent.isStarted());
    }
 
-   @Test
-   public void simpleSecureServer() throws Exception {
+   private WebServerComponent startSimpleSecureServer(String keyStorePath, 
String keyStorePassword, Boolean sniHostCheck) throws Exception {
       BindingDTO bindingDTO = new BindingDTO();
       bindingDTO.uri = "https://localhost:0";;
       bindingDTO.keyStorePath = "./src/test/resources/server.keystore";
+      bindingDTO.setSniHostCheck(sniHostCheck);

Review Comment:
   If the test doesn't set bindingDTO.sniHostCheck the WebServerComponent 
behaviour depends on 
org.eclipse.jetty.server.SecureRequestCustomizer._sniHostCheck default value 
and it already changed from 9.x to 10.x



##########
artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java:
##########
@@ -283,6 +298,40 @@ public void simpleSecureServer() throws Exception {
       Assert.assertFalse(webServerComponent.isStarted());
    }
 
+
+   @Test
+   public void testSimpleSecureServerWithSniHostCheckEnabled() throws 
Exception {
+      testSimpleSecureServerWithSniHostCheck(true);
+   }
+
+   @Test
+   public void testSimpleSecureServerWithSniHostCheckDisabled() throws 
Exception {
+      testSimpleSecureServerWithSniHostCheck(false);
+   }

Review Comment:
   Maybe we should enable sniHostCheck by default because 
org.eclipse.jetty.server.SecureRequestCustomizer._sniHostCheck default value 
already changed from 9.x to 10.x





Issue Time Tracking
-------------------

    Worklog Id:     (was: 859430)
    Time Spent: 0.5h  (was: 20m)

> Expose web SNI settings
> -----------------------
>
>                 Key: ARTEMIS-4245
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4245
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>            Reporter: Domenico Francesco Bruscino
>            Assignee: Domenico Francesco Bruscino
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> Expose sniHostCheck and sniRequired settings in the web config.
> {code:xml}
>    <web path="web" rootRedirectLocation="console">
>        <binding uri="http://localhost:8161"; sniHostCheck="false" 
> sniRequired="false">
> ...
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to