ServiceBindingPropertySource

Tue, 21 May 2024 10:50:30 -0700 

All,
I've been playing with this PropertySource and I'm wondering if it could be improved a little. 


First of all, it uses an environment variable SERVICE_BINDING_ROOT which 
is in line with the service binding standard which is documented 
https://servicebinding.io/. Environment variables are a little icky in 
Java, so I'd like to do one or more of the following:



1. Allow ServiceBindingPropertySource to use the SERVICE_BINDING_ROOT 
environment variable *or* a system property with an appropriate name 
such as service.binding.root, with the system property overriding the 
environment variable.



This will allow software to use e.g. catalina.properties to define 
service.binding.root instead of using an environment variable which may 
be awkward in certain environments.



2. Have ServiceBindingPropertySource fall-back to system property 
resolution if no matching file is found. Maybe we should do this with 
all PropertySource classes provided by Tomcat?



3. If the SERVICE_BINDING_ROOT environment variable is being used, copy 
its value into a system property. This will allow application software 
or Tomcat itself to use the file reference as necessary. For example:


<SSLHostConfig>
  <Certificate certificateKeyFile="${service.binding.root}/myapp/cert.key"
                  certificateFile="${service.binding.root}/myapp/cert.crt"
    ...
  </Certificate>
</SSLHostConfig>

Without this capability, the application must:

<SSLHostConfig>
  <Certificate certificateKeyFile="${custom-certificate.keyFile}"
                  certificateFile="${custom-certificate.file}"
  ..
</SSLHostConfig>


The values passed-into the certificateKeyFile must point to files on the 
disk which themselves point to ANOTHER file. So you need two files where 
one will do, plus the file-on-the-disk needs to know its own path so it 
can point to the OTHER file which actually contains the key/cert bytes.


Does anyone have any comments on the above?

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org























					Reply via email to