Skip to content

Loading modules via SSL

Mads Hansen edited this page May 9, 2017 · 21 revisions

ml-gradle and its underlying libraries - ml-javaclient-util and ml-app-deployer - provide support for creating an app server with a certificate template and then, in the case of a REST API server, loading modules via an SSL connection with that server.

sample-project shows an example of how this works - here are the moving parts:

  • A certificate template config file defines the template configuration.
  • The REST API server file includes a reference to the SSL certificate template (see Referring to a resource by its ID for how this ID reference works).
  • The build.gradle file adds an instance of GenerateTemporaryCertificateCommand to the mlDeploy task. This temporary certificate is then used by the REST API server (the management API offers other options for generating real certificates). Without generating this certificate, the REST API server won't be able to accept HTTP or HTTPS connections.
  • gradle.properties includes mlSimpleSsl=true. This tells ml-gradle to use a very basic SSLContext and SSLHostnameVerifier (basic in that they do no validation) when loading modules into a REST API server.

Instead of using mlSimpleSsl, you can always configure your own SSLContext and SSLHostnameVerifier. The AppConfig instance that is stored under the key "mlAppConfig" by ml-gradle has properties named "restSslContext" and "restSslHostnameVerifier" for these objects. You can set these to anything in your build.gradle file - here's a pseudocode example:

ext {
  def mySSLContext = write any Groovy code you want to create your own SSLContext
  def mySSLHostnameVerifier = write any Groovy code you want to create your own SSLHostnameVerifier
  mlAppConfig.restSslContext = mySSLContext
  mlAppConfig.restSslHostnameVerifier = mySSLHostnameVerifier
}

Note that SSLHostnameVerifier is a MarkLogic Java Client class. It includes a few built-in implementations that may suffice for you.

Clone this wiki locally