nio https ingress connector

NIO HTTPS Ingress Connector

Version: 17.01

Supported Since: 17.01

What is NIO HTTPS Ingress Connector?

As the name implies, NIO HTTPS Ingress connector can be considered as the secured version of the NIO HTTP Ingress Connector. That is, all the requests received and responses sent by this connector will be encrypted. In order to achieve that, this connector can be configured to use SSL (Secure Socket Layer) security and TLS (Transport Layer Security).

In addition to the basic configurations required for the NIO HTTP Ingress Connector, NIO HTTPS Ingress Connector require several other configurations to be done. For example, in order to validate remote server/client certificates, this connector need a trust store to be configured. An introduction to all those configurations and how can they be configured will be shown in the following sections of this documentation.

Simple Use Case

Lets consider a simple use case where the ingress connector accepts requests coming from various clients, add a transport header to the requests and send the requests back to the clients. Following figure shows that scenario. As you have already read, you can just drag and drop those components to create the integration flow.

https ingress connector flow
Figure 1. Integration flow

We have the NIO HTTPS Ingress Connector as the connector. Then we have connected the Add Transport Header processing element as the processor of the connector. Then we have connected the ingress connector (through input port) again as the next element of the Add Transport Header processing element.

Prerequisites

Since this is a connector written on top of NIO HTTP Ingress Connector, it will be easy for you to understand this connector well if you have some idea about NIO HTTP Ingress Connector.

All the prerequisites mentioned in the NIO HTTP Ingress Connector are required in order to test this connector since this is a connector written on top of NIO HTTP Ingress Connector. Apart from that, it is better if you have pre-configured some trust stores and identity stores to test the HTTPS connections and 2-way SSL like features.

Basic Configurations

Following figure show the basic configurations of NIO HTTPS Ingress Connector that has to be provided. These basic configurations are completely similar to the basic configurations of NIO HTTP Ingress Connector’s basic configurations.

nio https conf
Figure 2. Connector’s basic configurations

port is the port from which the ingress connector will be listening on and service path is the url path to which this connector will be subscribed to. In the example above, requests coming to port 8443 with the request path /test/path will be served by this connector and forwarded through the integration flow. Therefore, our request URL required for testing this integration flow will be http://localhost:8443/test/path.

We have to set the transport header in the Add Transport Header processing element’s configuration as follows. You can read more about the Add Transport Header processing element from here. Here, this processing element will add a new transport header FOO: bar to the message and will send the message back to the ingress connector.

add header conf

SSL Configurations

Then we have to configure the SSL Configurations of the connector as follows.

https ingress connector conf
Figure 3. Connector’s SSL configuration

For HTTPS protocol to work, a trust store which contains the trusted server certificates and an identity store which holds the listener’s identity are required. If those are not provided, the connector will continue with the JRE’s default identity and trust store.

Transport Configurations

The transport configurations of this connector are same as NIO HTTP Ingress Connector.

In action

Now let’s try our integration flow. You can use the HTTP/S Client provided in the Ultra Studio Toolbox to send requests to the ingress connector. To run the integration flow, create a new run configuration with an UltraESB Server. Once you run the server, use the HTTP/S Client to send requests to the ingress connector listening on port 8443. The responses you receive should include a new transport header as FOO: bar as shown below.

ingress test response
Figure 4. Response received by the HTTP/S Client

The request shown in the above figure is a POST request with the content "{id : 1}". This is the content of the response received for that request. You can see that a new header FOO: bas has been added.

HTTP/1.1 200 OK
FOO: bar
User-Agent: AdroitLogic (http://adroitlogic.org) - SOA Toolbox/1.5.0
Host: localhost:8443
Content-Type: text/xml; charset=UTF-8
Date: Thu, 08 Dec 2016 06:29:04 GMT
Server: UltraESB 17.01
Content-Length: 8
Connection: close

{id :1 }

Out Ports

Processor

The message received by this ingres connector will be emitted through this out port.

On Exception

The message will be sent to this outport if the Ingress Connector fails to transform the payload due to some reason

Input

The response message to be sent to the client comes through this port.

Parameters

* marked are the mandatory parameters

Parameter Category Description

HTTP Port*

Basic

The port on which the ingress connector will be listening on.

Service Path*

Basic

The request path to which this connector will be subscribed to. Only the requests received through "HTTP Port" with the path "Service Path" will be received by this connector.

Response Timeout

Advanced

Timeout in milliseconds after which the request times out. That is, if a response wasn’t received to the input port of the ingress connector to be sent to the client as the response within the given timeout, the request times out.

Identity Store Location*

SSL Configuration

Path to the identity key store where the key-pair used for this ingress connector’s identity is located.

Identity Store Password*

SSL Configuration

Password of the identity key store located at Identity Store Location

Identity Key Password*

SSL Configuration

Password used to protect the private key of the identity key-pair.

Trust Store Location*

SSL Configuration

Path to the key store where this ingress connector’s trusted certificates are located at

Trust Store Password*

SSL Configuration

Password used to protect the trust store located at Trust Store Location

SSL Client Verification*

SSL Configuration

Indicates whether to validate the clients certificates when accepting a connection by the ingress connector. Allowed values are,

1. none - no remote client validation happens
2. optional - remote certificates are validated if presented by the client, otherwise not
3. required - Always perform validations on remote clients

Prevent Client Certificate Verification

SSL Configuration

Indicates whether not validate client certificates. This parameter should be turned to true only in non-production usages. Turning this parameter on will cause no remote client certificate to be validated even if you had specified SSL Client Verification to required. Therefore always be careful when turning on this parameter.

SSL Protocol Version

SSL Configuration

Specify which protocol version to be used for HTTPS connections. This parameter defaults to TLS. Available values are,

1. TLS
2. TLSv1
3. TLSv1.1
4. TLSv1.2

You can chose the TLS version depending on the level of security your ingress connector is expected to have when transporting data.

Supported TLS Versions

SSL Configuration

The set of TLS versions to be enabled for this ingress connector.

Supported Cipher Suits

SSL Configuration

The set of cipher suites to be enabled should be given here. This is an advanced SSL configuration where only the specified set of cipher suits will be used to encrypt connections between the ingress connector and the clients.
The Transport Configuration of this connector is same as the transport configurations of the NIO HTTPS Ingress Connector. You can read more about it from here
In this topic
In this topic
(c) Copyright 2016-2017 AdroitLogic. All rights reserved.
Terms of Use
Contact Us