Qonduit - secure web socket proxy for Accumulo

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Qonduit - secure web socket proxy for Accumulo

dlmarion

I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.


For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.


- Dave

Reply | Threaded
Open this post in threaded view
|

Re: Qonduit - secure web socket proxy for Accumulo

Josh Elser
Neat. Thanks for sharing!

Any examples to show how a client would use it?

Regarding the security, does it encompass authentication and privacy
(encryption)? Any experience with certain implementations for the Spring
security modules (e.g. which ones you've tested to work)?

Dave Marion wrote:
> I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.
>
>
> For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.
>
>
> - Dave
>
Reply | Threaded
Open this post in threaded view
|

Re: Qonduit - secure web socket proxy for Accumulo

dlmarion
There is a WebSocketClientIT test in the test module to test access using the Java client. I have implemented operations that get the Qonduit server version and an operation to run an Accumulo Scanner. Both of these implementation are in the operations modules. An example of creating/using a web socket from a web page exists in the Timely codebase[1]. For doing this with Qonduit, the request and response objects need to be encoded/decoded with a CBOR library (for which there are several).

Regarding security, authentication is performed on the server side using whatever pluggable modules are configured (basic auth, x509, etc). The transport is encrypted from the browser to the Qonduit server using SSL (HTTPS / WSS).

[1] https://github.com/NationalSecurityAgency/timely/blob/master/server/src/main/resources/webapp/index.html

> On February 22, 2017 at 1:55 PM Josh Elser <[hidden email]> wrote:
>
>
> Neat. Thanks for sharing!
>
> Any examples to show how a client would use it?
>
> Regarding the security, does it encompass authentication and privacy
> (encryption)? Any experience with certain implementations for the Spring
> security modules (e.g. which ones you've tested to work)?
>
> Dave Marion wrote:
> > I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.
> >
> >
> > For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.
> >
> >
> > - Dave
> >
Reply | Threaded
Open this post in threaded view
|

Re: Qonduit - secure web socket proxy for Accumulo

Josh Elser
Thanks, Dave!

Dave Marion wrote:

> There is a WebSocketClientIT test in the test module to test access using the Java client. I have implemented operations that get the Qonduit server version and an operation to run an Accumulo Scanner. Both of these implementation are in the operations modules. An example of creating/using a web socket from a web page exists in the Timely codebase[1]. For doing this with Qonduit, the request and response objects need to be encoded/decoded with a CBOR library (for which there are several).
>
> Regarding security, authentication is performed on the server side using whatever pluggable modules are configured (basic auth, x509, etc). The transport is encrypted from the browser to the Qonduit server using SSL (HTTPS / WSS).
>
> [1] https://github.com/NationalSecurityAgency/timely/blob/master/server/src/main/resources/webapp/index.html
>
>> On February 22, 2017 at 1:55 PM Josh Elser<[hidden email]>  wrote:
>>
>>
>> Neat. Thanks for sharing!
>>
>> Any examples to show how a client would use it?
>>
>> Regarding the security, does it encompass authentication and privacy
>> (encryption)? Any experience with certain implementations for the Spring
>> security modules (e.g. which ones you've tested to work)?
>>
>> Dave Marion wrote:
>>> I extracted the Netty web socket pipeline from Timely into it's own server process, and modified it to support custom and pluggable server side logic, and request / response objects. The readme has a little more information, to include how it's different than the current proxy, it's located at https://github.com/NationalSecurityAgency/timely/tree/qonduit.
>>>
>>>
>>> For now the code is located in an orphan branch in the Timely GitHub project. Someone suggested it might make sense as an Accumulo sub-project - let me know if there is interest in that.
>>>
>>>
>>> - Dave
>>>