Proposal: Network connection stability option in Luna Security Provider in Java Buildpack #cf


Greg Meyer
 

First of all, a HUGE thank you for the Luna Security Provider framework in the Java buildpack; I can't express enough how much this has eased deployment and configuration for web applications requiring the level of functionality offered by the HSM.

This is a semi-cross post of an issue posted to the Java Buildpack Git repo [1], and I'm soliciting some feedback.

In some networks, the connection to a Luna device may get severed due various configuration options. In these cases, a Java application using the Luna JCA/JCE provider cannot reconnect without restarting the application.

One possible mitigation is using the TCPKeepAlive option which can be set in the Chrystoki.conf file.  The TCPKeepAlive setting is an optional parameter of the LunaSA Client configuration with 2 possible settings: 0 and 1 where 0 disables it and 1 enables it (the default is 0 if the setting is not present).  I've forked the buildpack and have implemented [2] a candidate mechanism using a new configuration options: tcp_keep_alive_enabled.  There are obviously other way to provide and implement configuration (ex: leaving the setting absent if the configuration is set to false), so with that said I'm looking for feedback and/or opening up a dialog before submitting a pull request.


[1] https://github.com/cloudfoundry/java-buildpack/issues/584
[2] https://github.com/gm2552/java-buildpack/commit/09a089efca0c94279691eb476ec2447ee09f609a

Join cf-dev@lists.cloudfoundry.org to automatically receive all group messages.