0

I have SCDF deployed on PCF environment (1.2.3 Release) I need to enforce communication only for trusted parties for HTTP endpoint;

On the first approach - I have installed 3rd party certificates on the PCF level; SSL connection is stablished correctly - however communication on this endpoint not using certificates is still possible (e.g. curl )

Based on my investigation I have found the following way

  1. I have created trust store using openssl /keytool
  2. I have setup the simple stream as "http | log"

for deploy http app - I am using following properties

app.http.logging.level.org.springframework.integration=DEBUG
app.http.management.security.enabled=true
app.http.server.ssl.client-auth=need
app.http.server.ssl.enabled=true
app.http.server.ssl.trust-store=https://static_file_URL/SCDF.truststore
app.http.server.ssl.trust-store-password=<pass>

however the module does not start with the following error message "Resource location must not be null"

[OUT] at org.springframework.cloud.stream.app.http.source.rabbit.HttpSourceRabbitApplication.main(HttpSourceRabbitApplication.java:29) [classes/:na]
[OUT] at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_141]
[OUT] at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:51) [app/:na]
[OUT] Caused by: java.lang.IllegalArgumentException: Resource location must not be null

can you advise me how to configure http module to achieve this goal?

best regards Wojtek

Wojtek Jacko
  • 1
  • 1
  • How are the `app.http....` properties supplied in the DSL? Are they supplied as deployment properties or is that resolved from config-server? – Sabby Anandan Aug 16 '17 at 16:46
  • Hello Saby Thanks for reply. I tried both option - explicitly set deployment parameter in the stream definition or add deployment properties. result was the same as described – Wojtek Jacko Aug 18 '17 at 06:53
  • Thanks for confirming. Can you also upload the entire stacktrace in a file or as a gist? It would be useful to troubleshoot. – Sabby Anandan Aug 18 '17 at 13:26
  • we managed to have SSL validation enforced working on locally run apps when we embedded certificates inside the client app and then server part ; as there is ongoing activities to check on various components variant for SSL termination - (HAproxy, goRouter and TCProuter as example) when apps are running in PCF - then we wanted to apply final solution after review; thank you – Wojtek Jacko Sep 12 '17 at 06:31

0 Answers0