[cf-dev] Proposal: Network connection stability option in Luna Security Provider in Java Buildpack #cf

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[cf-dev] Proposal: Network connection stability option in Luna Security Provider in Java Buildpack #cf

Greg Meyer via Lists.Cloudfoundry.Org
First of all, a HUGE thank you for the Luna Security Provider framework in the Java buildpack; I can't express enough how much this has eased deployment and configuration for web applications requiring the level of functionality offered by the HSM.

This is a semi-cross post of an issue posted to the Java Buildpack Git repo [1], and I'm soliciting some feedback.

In some networks, the connection to a Luna device may get severed due various configuration options. In these cases, a Java application using the Luna JCA/JCE provider cannot reconnect without restarting the application.

One possible mitigation is using the TCPKeepAlive option which can be set in the Chrystoki.conf file.  The TCPKeepAlive setting is an optional parameter of the LunaSA Client configuration with 2 possible settings: 0 and 1 where 0 disables it and 1 enables it (the default is 0 if the setting is not present).  I've forked the buildpack and have implemented [2] a candidate mechanism using a new configuration options: tcp_keep_alive_enabled.  There are obviously other way to provide and implement configuration (ex: leaving the setting absent if the configuration is set to false), so with that said I'm looking for feedback and/or opening up a dialog before submitting a pull request.

[1] https://github.com/cloudfoundry/java-buildpack/issues/584
[2] https://github.com/gm2552/java-buildpack/commit/09a089efca0c94279691eb476ec2447ee09f609a


You receive all messages sent to this group.

View/Reply Online (#7975) | [hidden email] | [hidden email] | Mute This Topic | New Topic
Mute #cf

Change Your Subscription
Group Home
[hidden email]
Terms Of Service
Unsubscribe From This Group