added parameter to configure incoming connections backlog size
All checks were successful
CI / build (push) Successful in 2m12s
All checks were successful
CI / build (push) Successful in 2m12s
This commit is contained in:
@@ -9,11 +9,6 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- name: Checkout sources
|
- name: Checkout sources
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
- name: Setup Java
|
|
||||||
uses: actions/setup-java@v4
|
|
||||||
with:
|
|
||||||
distribution: graalvm
|
|
||||||
java-version: 21
|
|
||||||
- name: Setup Gradle
|
- name: Setup Gradle
|
||||||
uses: gradle/actions/setup-gradle@v3
|
uses: gradle/actions/setup-gradle@v3
|
||||||
- name: Execute Gradle build
|
- name: Execute Gradle build
|
||||||
|
|||||||
@@ -22,6 +22,7 @@ public class Configuration {
|
|||||||
Tls tls;
|
Tls tls;
|
||||||
boolean useVirtualThread;
|
boolean useVirtualThread;
|
||||||
int maxRequestSize;
|
int maxRequestSize;
|
||||||
|
int incomingConnectionsBacklogSize;
|
||||||
|
|
||||||
@Value
|
@Value
|
||||||
public static class Group {
|
public static class Group {
|
||||||
@@ -109,7 +110,8 @@ public class Configuration {
|
|||||||
Authentication authentication,
|
Authentication authentication,
|
||||||
Tls tls,
|
Tls tls,
|
||||||
boolean useVirtualThread,
|
boolean useVirtualThread,
|
||||||
int maxRequestSize
|
int maxRequestSize,
|
||||||
|
int incomingConnectionsBacklogSize
|
||||||
) {
|
) {
|
||||||
return new Configuration(
|
return new Configuration(
|
||||||
host,
|
host,
|
||||||
@@ -121,7 +123,8 @@ public class Configuration {
|
|||||||
authentication,
|
authentication,
|
||||||
tls,
|
tls,
|
||||||
useVirtualThread,
|
useVirtualThread,
|
||||||
maxRequestSize
|
maxRequestSize,
|
||||||
|
incomingConnectionsBacklogSize
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -75,7 +75,6 @@ import java.util.Base64
|
|||||||
import java.util.regex.Matcher
|
import java.util.regex.Matcher
|
||||||
import java.util.regex.Pattern
|
import java.util.regex.Pattern
|
||||||
import javax.naming.ldap.LdapName
|
import javax.naming.ldap.LdapName
|
||||||
import javax.net.ssl.SSLEngine
|
|
||||||
import javax.net.ssl.SSLPeerUnverifiedException
|
import javax.net.ssl.SSLPeerUnverifiedException
|
||||||
|
|
||||||
|
|
||||||
@@ -85,6 +84,7 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
|||||||
companion object {
|
companion object {
|
||||||
|
|
||||||
val DEFAULT_CONFIGURATION_URL by lazy { "classpath:net/woggioni/gbcs/gbcs-default.xml".toUrl() }
|
val DEFAULT_CONFIGURATION_URL by lazy { "classpath:net/woggioni/gbcs/gbcs-default.xml".toUrl() }
|
||||||
|
private const val SSL_HANDLER_NAME = "sslHandler"
|
||||||
|
|
||||||
fun loadConfiguration(configurationFile: Path): Configuration {
|
fun loadConfiguration(configurationFile: Path): Configuration {
|
||||||
val doc = Files.newInputStream(configurationFile).use {
|
val doc = Files.newInputStream(configurationFile).use {
|
||||||
@@ -122,7 +122,6 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
|||||||
@Sharable
|
@Sharable
|
||||||
private class ClientCertificateAuthenticator(
|
private class ClientCertificateAuthenticator(
|
||||||
authorizer: Authorizer,
|
authorizer: Authorizer,
|
||||||
private val sslEngine: SSLEngine,
|
|
||||||
private val anonymousUserRoles: Set<Role>?,
|
private val anonymousUserRoles: Set<Role>?,
|
||||||
private val userExtractor: Configuration.UserExtractor?,
|
private val userExtractor: Configuration.UserExtractor?,
|
||||||
private val groupExtractor: Configuration.GroupExtractor?,
|
private val groupExtractor: Configuration.GroupExtractor?,
|
||||||
@@ -130,6 +129,9 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
|||||||
|
|
||||||
override fun authenticate(ctx: ChannelHandlerContext, req: HttpRequest): Set<Role>? {
|
override fun authenticate(ctx: ChannelHandlerContext, req: HttpRequest): Set<Role>? {
|
||||||
return try {
|
return try {
|
||||||
|
val sslHandler = (ctx.pipeline().get(SSL_HANDLER_NAME) as? SslHandler)
|
||||||
|
?: throw ConfigurationException("Client certificate authentication cannot be used when TLS is disabled")
|
||||||
|
val sslEngine = sslHandler.engine()
|
||||||
sslEngine.session.peerCertificates.takeIf {
|
sslEngine.session.peerCertificates.takeIf {
|
||||||
it.isNotEmpty()
|
it.isNotEmpty()
|
||||||
}?.let { peerCertificates ->
|
}?.let { peerCertificates ->
|
||||||
@@ -206,25 +208,20 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
|||||||
|
|
||||||
private val exceptionHandler = ExceptionHandler()
|
private val exceptionHandler = ExceptionHandler()
|
||||||
|
|
||||||
private val basicAuthenticator by lazy {
|
private val authenticator = when (val auth = cfg.authentication) {
|
||||||
NettyHttpBasicAuthenticator(cfg.users, RoleAuthorizer())
|
is Configuration.BasicAuthentication -> NettyHttpBasicAuthenticator(cfg.users, RoleAuthorizer())
|
||||||
}
|
is Configuration.ClientCertificateAuthentication -> {
|
||||||
|
ClientCertificateAuthenticator(
|
||||||
private fun getAuthenticator(sslHandler : SslHandler?) = when(val auth = cfg.authentication) {
|
RoleAuthorizer(),
|
||||||
is Configuration.BasicAuthentication -> basicAuthenticator
|
cfg.users[""]?.roles,
|
||||||
is Configuration.ClientCertificateAuthentication -> {
|
userExtractor(auth),
|
||||||
if(sslHandler == null) throw ConfigurationException("Client certificate authentication cannot be used when TLS is disabled")
|
groupExtractor(auth)
|
||||||
ClientCertificateAuthenticator(
|
)
|
||||||
RoleAuthorizer(),
|
|
||||||
sslHandler.engine(),
|
|
||||||
cfg.users[""]?.roles,
|
|
||||||
userExtractor(auth),
|
|
||||||
groupExtractor(auth)
|
|
||||||
)
|
|
||||||
}
|
|
||||||
else -> null
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
else -> null
|
||||||
|
}
|
||||||
|
|
||||||
companion object {
|
companion object {
|
||||||
private fun createSslCtx(tls: Configuration.Tls): SslContext {
|
private fun createSslCtx(tls: Configuration.Tls): SslContext {
|
||||||
val keyStore = tls.keyStore
|
val keyStore = tls.keyStore
|
||||||
@@ -307,14 +304,14 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
|||||||
|
|
||||||
override fun initChannel(ch: Channel) {
|
override fun initChannel(ch: Channel) {
|
||||||
val pipeline = ch.pipeline()
|
val pipeline = ch.pipeline()
|
||||||
val sslHandler = sslContext?.newHandler(ch.alloc())?.also {
|
sslContext?.newHandler(ch.alloc())?.also {
|
||||||
pipeline.addLast(it)
|
pipeline.addLast(SSL_HANDLER_NAME, it)
|
||||||
}
|
}
|
||||||
pipeline.addLast(HttpServerCodec())
|
pipeline.addLast(HttpServerCodec())
|
||||||
pipeline.addLast(HttpChunkContentCompressor(1024))
|
pipeline.addLast(HttpChunkContentCompressor(1024))
|
||||||
pipeline.addLast(ChunkedWriteHandler())
|
pipeline.addLast(ChunkedWriteHandler())
|
||||||
pipeline.addLast(HttpObjectAggregator(cfg.maxRequestSize))
|
pipeline.addLast(HttpObjectAggregator(cfg.maxRequestSize))
|
||||||
getAuthenticator(sslHandler)?.let {
|
authenticator?.let {
|
||||||
pipeline.addLast(it)
|
pipeline.addLast(it)
|
||||||
}
|
}
|
||||||
pipeline.addLast(eventExecutorGroup, serverHandler)
|
pipeline.addLast(eventExecutorGroup, serverHandler)
|
||||||
@@ -512,7 +509,7 @@ class GradleBuildCacheServer(private val cfg: Configuration) {
|
|||||||
group(bossGroup, workerGroup)
|
group(bossGroup, workerGroup)
|
||||||
channel(serverSocketChannel)
|
channel(serverSocketChannel)
|
||||||
childHandler(ServerInitializer(cfg, eventExecutorGroup))
|
childHandler(ServerInitializer(cfg, eventExecutorGroup))
|
||||||
option(ChannelOption.SO_BACKLOG, 128)
|
option(ChannelOption.SO_BACKLOG, cfg.incomingConnectionsBacklogSize)
|
||||||
childOption(ChannelOption.SO_KEEPALIVE, true)
|
childOption(ChannelOption.SO_KEEPALIVE, true)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -35,6 +35,8 @@ object Parser {
|
|||||||
?.let(String::toBoolean) ?: true
|
?.let(String::toBoolean) ?: true
|
||||||
val maxRequestSize = root.renderAttribute("max-request-size")
|
val maxRequestSize = root.renderAttribute("max-request-size")
|
||||||
?.let(String::toInt) ?: 67108864
|
?.let(String::toInt) ?: 67108864
|
||||||
|
val incomingConnectionsBacklogSize = root.renderAttribute("incoming-connections-backlog-size")
|
||||||
|
?.let(String::toInt) ?: 1024
|
||||||
var authentication: Authentication? = null
|
var authentication: Authentication? = null
|
||||||
for (child in root.asIterable()) {
|
for (child in root.asIterable()) {
|
||||||
val tagName = child.localName
|
val tagName = child.localName
|
||||||
@@ -138,7 +140,19 @@ object Parser {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return Configuration(host, port, serverPath, users, groups, cache!!, authentication, tls, useVirtualThread, maxRequestSize)
|
return Configuration(
|
||||||
|
host,
|
||||||
|
port,
|
||||||
|
serverPath,
|
||||||
|
users,
|
||||||
|
groups,
|
||||||
|
cache!!,
|
||||||
|
authentication,
|
||||||
|
tls,
|
||||||
|
useVirtualThread,
|
||||||
|
maxRequestSize,
|
||||||
|
incomingConnectionsBacklogSize
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
private fun parseRoles(root: Element) = root.asIterable().asSequence().map {
|
private fun parseRoles(root: Element) = root.asIterable().asSequence().map {
|
||||||
|
|||||||
@@ -16,6 +16,8 @@ object Serializer {
|
|||||||
return Xml.of(GBCS.GBCS_NAMESPACE_URI, GBCS.GBCS_PREFIX + ":server") {
|
return Xml.of(GBCS.GBCS_NAMESPACE_URI, GBCS.GBCS_PREFIX + ":server") {
|
||||||
attr("use-virtual-threads", conf.isUseVirtualThread.toString())
|
attr("use-virtual-threads", conf.isUseVirtualThread.toString())
|
||||||
attr("max-request-size", conf.maxRequestSize.toString())
|
attr("max-request-size", conf.maxRequestSize.toString())
|
||||||
|
attr("incoming-connections-backlog-size", conf.incomingConnectionsBacklogSize.toString())
|
||||||
|
|
||||||
// attr("xmlns:xs", GradleBuildCacheServer.XML_SCHEMA_NAMESPACE_URI)
|
// attr("xmlns:xs", GradleBuildCacheServer.XML_SCHEMA_NAMESPACE_URI)
|
||||||
val value = schemaLocations.asSequence().map { (k, v) -> "$k $v" }.joinToString(" ")
|
val value = schemaLocations.asSequence().map { (k, v) -> "$k $v" }.joinToString(" ")
|
||||||
attr("xs:schemaLocation", value , namespaceURI = GBCS.XML_SCHEMA_NAMESPACE_URI)
|
attr("xs:schemaLocation", value , namespaceURI = GBCS.XML_SCHEMA_NAMESPACE_URI)
|
||||||
|
|||||||
@@ -1,6 +1,7 @@
|
|||||||
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
|
||||||
<gbcs:server use-virtual-threads="false"
|
<gbcs:server use-virtual-threads="false"
|
||||||
max-request-size="67108864"
|
max-request-size="67108864"
|
||||||
|
incoming-connections-backlog-size="1024"
|
||||||
xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
|
xmlns:xs="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
xmlns:gbcs="urn:net.woggioni.gbcs.server"
|
xmlns:gbcs="urn:net.woggioni.gbcs.server"
|
||||||
xs:schemaLocation="urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd">
|
xs:schemaLocation="urn:net.woggioni.gbcs.server jpms://net.woggioni.gbcs.server/net/woggioni/gbcs/server/schema/gbcs.xsd">
|
||||||
|
|||||||
@@ -25,6 +25,7 @@
|
|||||||
<xs:attribute name="path" type="xs:string" use="optional"/>
|
<xs:attribute name="path" type="xs:string" use="optional"/>
|
||||||
<xs:attribute name="use-virtual-threads" type="xs:boolean" use="optional" default="true"/>
|
<xs:attribute name="use-virtual-threads" type="xs:boolean" use="optional" default="true"/>
|
||||||
<xs:attribute name="max-request-size" type="xs:unsignedInt" use="optional" default="67108864"/>
|
<xs:attribute name="max-request-size" type="xs:unsignedInt" use="optional" default="67108864"/>
|
||||||
|
<xs:attribute name="incoming-connections-backlog-size" type="xs:unsignedInt" use="optional" default="1024"/>
|
||||||
</xs:complexType>
|
</xs:complexType>
|
||||||
|
|
||||||
<xs:complexType name="bindType">
|
<xs:complexType name="bindType">
|
||||||
|
|||||||
@@ -45,7 +45,8 @@ abstract class AbstractBasicAuthServerTest : AbstractServerTest() {
|
|||||||
Configuration.BasicAuthentication(),
|
Configuration.BasicAuthentication(),
|
||||||
null,
|
null,
|
||||||
true,
|
true,
|
||||||
0x10000
|
0x10000,
|
||||||
|
100
|
||||||
)
|
)
|
||||||
Xml.write(Serializer.serialize(cfg), System.out)
|
Xml.write(Serializer.serialize(cfg), System.out)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -157,7 +157,8 @@ abstract class AbstractTlsServerTest : AbstractServerTest() {
|
|||||||
true
|
true
|
||||||
),
|
),
|
||||||
false,
|
false,
|
||||||
0x10000
|
0x10000,
|
||||||
|
100
|
||||||
)
|
)
|
||||||
Xml.write(Serializer.serialize(cfg), System.out)
|
Xml.write(Serializer.serialize(cfg), System.out)
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -46,7 +46,8 @@ class NoAuthServerTest : AbstractServerTest() {
|
|||||||
null,
|
null,
|
||||||
null,
|
null,
|
||||||
true,
|
true,
|
||||||
0x10000
|
0x10000,
|
||||||
|
100
|
||||||
)
|
)
|
||||||
Xml.write(Serializer.serialize(cfg), System.out)
|
Xml.write(Serializer.serialize(cfg), System.out)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user