Qonduit - secure web socket proxy for Accumulo

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Qonduit - secure web socket proxy for Accumulo

Dave Marion-2
I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.


For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.


- Dave
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Qonduit - secure web socket proxy for Accumulo

Josh Elser
Neat. Thanks for sharing!

Any examples to show how a client would use it?

Regarding the security, does it encompass authentication and privacy
(encryption)? Any experience with certain implementations for the Spring
security modules (e.g. which ones you've tested to work)?

Dave Marion wrote:
> I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.
>
>
> For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.
>
>
> - Dave
>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Qonduit - secure web socket proxy for Accumulo

Dave Marion-2
There is a WebSocketClientIT test in the test module to test access using the Java client. I have implemented operations that get the Qonduit server version and an operation to run an Accumulo Scanner. Both of these implementation are in the operations modules. An example of creating/using a web socket from a web page exists in the Timely codebase[1]. For doing this with Qonduit, the request and response objects need to be encoded/decoded with a CBOR library (for which there are several).

Regarding security, authentication is performed on the server side using whatever pluggable modules are configured (basic auth, x509, etc). The transport is encrypted from the browser to the Qonduit server using SSL (HTTPS / WSS).

[1] https://github.com/NationalSecurityAgency/timely/blob/master/server/src/main/resources/webapp/index.html

> On February 22, 2017 at 1:55 PM Josh Elser <[hidden email]> wrote:
>
>
> Neat. Thanks for sharing!
>
> Any examples to show how a client would use it?
>
> Regarding the security, does it encompass authentication and privacy
> (encryption)? Any experience with certain implementations for the Spring
> security modules (e.g. which ones you've tested to work)?
>
> Dave Marion wrote:
> > I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.
> >
> >
> > For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.
> >
> >
> > - Dave
> >
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Qonduit - secure web socket proxy for Accumulo

Josh Elser
Thanks, Dave!

Dave Marion wrote:

> There is a WebSocketClientIT test in the test module to test access using the Java client. I have implemented operations that get the Qonduit server version and an operation to run an Accumulo Scanner. Both of these implementation are in the operations modules. An example of creating/using a web socket from a web page exists in the Timely codebase[1]. For doing this with Qonduit, the request and response objects need to be encoded/decoded with a CBOR library (for which there are several).
>
> Regarding security, authentication is performed on the server side using whatever pluggable modules are configured (basic auth, x509, etc). The transport is encrypted from the browser to the Qonduit server using SSL (HTTPS / WSS).
>
> [1] https://github.com/NationalSecurityAgency/timely/blob/master/server/src/main/resources/webapp/index.html
>
>> On February 22, 2017 at 1:55 PM Josh Elser<[hidden email]>  wrote:
>>
>>
>> Neat. Thanks for sharing!
>>
>> Any examples to show how a client would use it?
>>
>> Regarding the security, does it encompass authentication and privacy
>> (encryption)? Any experience with certain implementations for the Spring
>> security modules (e.g. which ones you've tested to work)?
>>
>> Dave Marion wrote:
>>> I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.
>>>
>>>
>>> For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.
>>>
>>>
>>> - Dave
>>>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Qonduit - secure web socket proxy for Accumulo

Dave Marion
Qonduit is now located at https://github.com/NationalSecurityAgency/qonduit.

On Wed, Feb 22, 2017 at 2:16 PM, Josh Elser <[hidden email]> wrote:

> Thanks, Dave!
>
>
> Dave Marion wrote:
>
>> There is a WebSocketClientIT test in the test module to test access using
>> the Java client. I have implemented operations that get the Qonduit server
>> version and an operation to run an Accumulo Scanner. Both of these
>> implementation are in the operations modules. An example of creating/using
>> a web socket from a web page exists in the Timely codebase[1]. For doing
>> this with Qonduit, the request and response objects need to be
>> encoded/decoded with a CBOR library (for which there are several).
>>
>> Regarding security, authentication is performed on the server side using
>> whatever pluggable modules are configured (basic auth, x509, etc). The
>> transport is encrypted from the browser to the Qonduit server using SSL
>> (HTTPS / WSS).
>>
>> [1] https://github.com/NationalSecurityAgency/timely/blob/
>> master/server/src/main/resources/webapp/index.html
>>
>> On February 22, 2017 at 1:55 PM Josh Elser<[hidden email]>  wrote:
>>>
>>>
>>> Neat. Thanks for sharing!
>>>
>>> Any examples to show how a client would use it?
>>>
>>> Regarding the security, does it encompass authentication and privacy
>>> (encryption)? Any experience with certain implementations for the Spring
>>> security modules (e.g. which ones you've tested to work)?
>>>
>>> Dave Marion wrote:
>>>
>>>> I extracted the Netty web socket pipeline from Timely into it's own
>>>> server process, and modified it to support custom and pluggable server side
>>>> logic, and request / response objects. The readme has a little more
>>>> information, to include how it's different than the current proxy, it's
>>>> located at https://github.com/NationalSecurityAgency/timely/tree/
>>>> qonduit.
>>>>
>>>>
>>>> For now the code is located in an orphan branch in the Timely GitHub
>>>> project. Someone suggested it might make sense as an Accumulo sub-project -
>>>> let me know if there is interest in that.
>>>>
>>>>
>>>> - Dave
>>>>
>>>>
Loading...