[Feature][Zeta] Support enable https protocol for rest-api v2

[hailin0]

Search before asking

• I had searched in the feature and found no similar feature requirement.

Description

Currently we support using jetty to provide http api services, but not yet support https protocol, so we can add support for https to enhance security.

Updates

• Add config enable https

• Update docs

  • https://github.com/apache/seatunnel/blob/dev/docs/en/seatunnel-engine/rest-api-v2.md
  • https://github.com/apache/seatunnel/blob/dev/docs/zh/seatunnel-engine/rest-api-v2.md

• Add e2e testcase

  • Test one-way(server <- client) authentication
  • Test two-way(server <-> client) authentication

• Adapt web ui
  

• config example

seatunnel:
  engine:
    http:
       ......
      enable-https: true
      https-port: 8443
      keystore: /path/to/file.keystore
      keystore-password: keystore_password
      key-password: key_password

      // optional：Two-way authentication
      truststore: /path/to/file.truststore
      truststore-password: truststore_password
      ......

reference
https://jetty.org/docs/jetty/10/programming-guide/server/http.html#connector-protocol-http11-tls
https://jetty.org/docs/jetty/10/operations-guide/keystore/index.html#client-authn

Usage Scenario

No response

Related issues

No response

Are you willing to submit a PR?

• Yes I am willing to submit a PR!

Code of Conduct

• I agree to follow this project's Code of Conduct

[liugddx]

This is a demo

import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.util.ssl.SslContextFactory;

import java.io.File;

public class JettyServer {
    public static void main(String[] args) throws Exception {
        Server server = new Server();

        ServerConnector httpConnector = new ServerConnector(server);
        httpConnector.setPort(8080);
        server.addConnector(httpConnector);

        String keystorePath = "/path/to/keystore.jks";
        String keystorePassword = "your_keystore_password";
        String keyManagerPassword = "your_key_password";

        File keystoreFile = new File(keystorePath);
        if (keystoreFile.exists() && keystoreFile.isFile()) {

            SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
            sslContextFactory.setKeyStorePath(keystorePath);
            sslContextFactory.setKeyStorePassword(keystorePassword);
            sslContextFactory.setKeyManagerPassword(keyManagerPassword);

            ServerConnector httpsConnector = new ServerConnector(server, sslContextFactory);
            httpsConnector.setPort(8443);
            server.addConnector(httpsConnector);
        } else {
            System.out.println("No HTTPS configuration detected, falling back to HTTP...");
        }

        server.setHandler(...);

        server.start();
        server.join();
    }
}

[hailin0]

This is a demo

import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.util.ssl.SslContextFactory;

import java.io.File;

public class JettyServer {
    public static void main(String[] args) throws Exception {
        Server server = new Server();

        ServerConnector httpConnector = new ServerConnector(server);
        httpConnector.setPort(8080);
        server.addConnector(httpConnector);

        String keystorePath = "/path/to/keystore.jks";
        String keystorePassword = "your_keystore_password";
        String keyManagerPassword = "your_key_password";

        File keystoreFile = new File(keystorePath);
        if (keystoreFile.exists() && keystoreFile.isFile()) {

            SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
            sslContextFactory.setKeyStorePath(keystorePath);
            sslContextFactory.setKeyStorePassword(keystorePassword);
            sslContextFactory.setKeyManagerPassword(keyManagerPassword);

            ServerConnector httpsConnector = new ServerConnector(server, sslContextFactory);
            httpsConnector.setPort(8443);
            server.addConnector(httpsConnector);
        } else {
            System.out.println("No HTTPS configuration detected, falling back to HTTP...");
        }

        server.setHandler(...);

        server.start();
        server.join();
    }
}

Add

        // optional：Two-way authentication
        if (trustStorePath != null && truststorePassword != null) {
            sslContextFactory.setNeedClientAuth(true);
            sslContextFactory.setTrustStorePath(trustStorePath);
            sslContextFactory.setTrustStorePassword(truststorePassword);
        }

[akulabs8]

Hey I am new to this repo but would like to contribute, so shall I help?

[liugddx]

Hey I am new to this repo but would like to contribute, so shall I help?

Sure. Please feel free to let me know if you have any questions.

[akulabs8]

Hey @liugddx @hailin0
I have come up with a draft PR: #8599

With added https support. I am yet to add the test cases and so on but just sharing to be sure if I am moving in the right direction!

P.S. Could you pls assign this ticket to my name?

[liugddx]

Hey @liugddx @hailin0 I have come up with a draft PR: #8599

With added https support. I am yet to add the test cases and so on but just sharing to be sure if I am moving in the right direction!

P.S. Could you pls assign this ticket to my name?

Already assigned to you.

[hailin0]

hi～ @akulabs8

Is there any progress on this task?

[akulabs8]

@hailin0 yes working on it, by this weekend I will make some good progress...

[akulabs8]

Hey @hailin0 , #8698

Please take a look here, I might need some help with e2e tests as how to deal with certificates

[akulabs8]

Hey , I am new to this Project but my goal is to learn more and be an integral part of the project. Right now I am struggling with the e2e tests and how to handle the keystore and truststore files for the same, so maybe someone else can continue the PR and i can learn and then apply it in some new issues.

[hailin0]

Hey , I am new to this Project but my goal is to learn more and be an integral part of the project. Right now I am struggling with the e2e tests and how to handle the keystore and truststore files for the same, so maybe someone else can continue the PR and i can learn and then apply it in some new issues.

@akulabs8
Sorry I'm late, do you still want to continue this task?

[akulabs8]

@hailin0 currently I won't be able to move it forward!

[hailin0]

@akulabs8

Thanks for your contribution. You can close the PR(#8698) and we will assign the issue to other contributors.