[ELY-1996] SSLContext to support delegation to alternate instances based on peer information. #1488
Conversation
| * @param authenticationContext the authentication context to examine (must not be {@code null}) | ||
| * @return List of all configured SSL context belonging to the provided authentication context | ||
| */ | ||
| public List<SSLContext> getConfiguredSSLContexts(AuthenticationContext authenticationContext) throws GeneralSecurityException { |
There was a problem hiding this comment.
@darranl @fjuma I did not realize before, but when I move the public class DynamicSSLContextSpiImpl from elytron client to dynamic-ssl module, then I can't use these methods without them being public.
So we either add them as public methods and use a disclaimer saying it is not part of the public API (in javadoc/blog etc.), or use a reflection. I decided to do the former but let me know if you think otherwise. Thanks.
There was a problem hiding this comment.
I think looking at the two methods we should just accept them in a new public API, I don't think this will affect our plans to include in Elytron 1.16 as the methods have a well defined scope.
Skyllarr
force-pushed
the
dynamic-ssl-elytron-part
branch
from
3c1308f
to
0b39596
Compare
|
Linux - JDK11 EA 28 Build 632 outcome was UNKNOWN using a merge of 0b39596 |
Skyllarr
force-pushed
the
dynamic-ssl-elytron-part
branch
4 times, most recently
from
bfdc8a5
to
5d759e3
Compare
Skyllarr
force-pushed
the
dynamic-ssl-elytron-part
branch
4 times, most recently
from
65886f8
to
46cfe35
Compare
|
@Skyllarr Just noticed that some of the error messages from the GitHub CI jobs look similar to the some of the issues we ran into recently with Zulu JDK. Darran had submitted a PR to ensure that all SSLContext instances in the tests exclusively use the installed providers: We'll likely need similar changes in this PR. |
Skyllarr
force-pushed
the
dynamic-ssl-elytron-part
branch
from
46cfe35
to
7f2a2d5
Compare
@fjuma yes that was the problem. Thanks a lot! |
dynamic-ssl/pom.xml
Outdated
| <parent> | ||
| <groupId>org.wildfly.security</groupId> | ||
| <artifactId>wildfly-elytron-parent</artifactId> | ||
| <version>1.14.3.CR1-SNAPSHOT</version> |
There was a problem hiding this comment.
This version now needs to be updated.
Skyllarr
force-pushed
the
dynamic-ssl-elytron-part
branch
from
7f2a2d5
to
f37301d
Compare
…sed on peer information.
Skyllarr
force-pushed
the
dynamic-ssl-elytron-part
branch
from
f37301d
to
77574fd
Compare
| <groupId>org.kohsuke.metainf-services</groupId> | ||
| <artifactId>metainf-services</artifactId> | ||
| <scope>provided</scope> | ||
| </dependency> |
| <parent> | ||
| <groupId>org.wildfly.security</groupId> | ||
| <artifactId>wildfly-elytron-parent</artifactId> | ||
| <version>1.15.1.CR1-SNAPSHOT</version> |
There was a problem hiding this comment.
This version will need to be updated.
https://issues.redhat.com/browse/ELY-1996
This is PR is meant to be merged before we have a QE pre-check.
Currently it does change public API because as it adds 2 public methods to AuthenticationContextConfigurationClient.java, please see the comment below and let me know if that is ok or I should use a reflection instead.