All,
I've been playing with this PropertySource and I'm wondering if it could
be improved a little.
First of all, it uses an environment variable SERVICE_BINDING_ROOT which
is in line with the service binding standard which is documented
https://servicebinding.io/. Environment variables are a little icky in
Java, so I'd like to do one or more of the following:
1. Allow ServiceBindingPropertySource to use the SERVICE_BINDING_ROOT
environment variable *or* a system property with an appropriate name
such as service.binding.root, with the system property overriding the
environment variable.
This will allow software to use e.g. catalina.properties to define
service.binding.root instead of using an environment variable which may
be awkward in certain environments.
2. Have ServiceBindingPropertySource fall-back to system property
resolution if no matching file is found. Maybe we should do this with
all PropertySource classes provided by Tomcat?
3. If the SERVICE_BINDING_ROOT environment variable is being used, copy
its value into a system property. This will allow application software
or Tomcat itself to use the file reference as necessary. For example:
<SSLHostConfig>
<Certificate certificateKeyFile="${service.binding.root}/myapp/cert.key"
certificateFile="${service.binding.root}/myapp/cert.crt"
...
</Certificate>
</SSLHostConfig>
Without this capability, the application must:
<SSLHostConfig>
<Certificate certificateKeyFile="${custom-certificate.keyFile}"
certificateFile="${custom-certificate.file}"
..
</SSLHostConfig>
The values passed-into the certificateKeyFile must point to files on the
disk which themselves point to ANOTHER file. So you need two files where
one will do, plus the file-on-the-disk needs to know its own path so it
can point to the OTHER file which actually contains the key/cert bytes.
Does anyone have any comments on the above?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org