HTTP Basic Authentication setup for Connector is required when you want to restrict the access to your MoSKito Central server with login and password, while keeping the possibility for Connector to send snapshots to this server.

You may also be required secure channel for snapshot transfer with data encryption and server verification, so HTTPS Connector with appropriate setup would be an option for this.

Configuring HTTP Basic Authentication

First, REST Connector related dependency should be declared in your project's pom.xml (see Setting Up MoSKito-Central in Remote Mode): 

pom.xml
<dependency>
	<artifactId>moskito-central-connectors-common</artifactId>
	<groupId>org.moskito</groupId>
	<version>1.1</version> 
</dependency>
<dependency>
	<artifactId>moskito-central-rest-connector</artifactId>
	<groupId>org.moskito</groupId>
	<version>1.1</version>
</dependency>


Then, make sure that you have enabled Connector in plugins' section of MoSKito Core config:

moskito.json
"@pluginsConfig": {
	"@plugins": [
		{
            "name": "RESTRemoteCentralConnector",
            "configurationName": "rest-connector",
        	"className": "org.moskito.central.connectors.rest.RESTConnector",
		}
	]
}


Finally, add to you project's resources (or update already existed) rest-connector.json configuration file configured as next:

rest-connector.json
{
	host: "yourproject.com",
	port: 9988,
	resourcePath: "/central/addSnapshot",
    basicAuthEnabled : true,
    login : "login",
    password : "password"
}

 

Now Connector is able to connect MoSKito Central server which is HTTP Basic Authentication protected.

Configuring HTTPS

We assume, that you've configured application server where MoSKito Central is running to use the HTTPS protocol when connection are leading to MoSKito Central endpoint.

To enable HTTPS support on the opposite side, you need RESTHttpsConnector (org.moskito.central.connectors.rest.RESTHttpsConnector) which is also the class of moskito-central-rest-connector module, so dependencies are the same as for RESTConnector

pom.xml
<dependency>
	<artifactId>moskito-central-connectors-common</artifactId>
	<groupId>org.moskito</groupId>
	<version>1.1</version> 
</dependency>
<dependency>
	<artifactId>moskito-central-rest-connector</artifactId>
	<groupId>org.moskito</groupId>
	<version>1.1</version>
</dependency>


MoSKito Core configuration file, plugins' section:

moskito.json
"@pluginsConfig": {
	"@plugins": [
		{
            "name": "RESTRemoteCentralConnector",
            "configurationName": "rest-connector",
        	"className": "org.moskito.central.connectors.rest.RESTHttpsConnector",
		}
	]
}


Finally, add to you project's resources (or update already existed) rest-connector.json configuration file.

HTTPS Connector configuration examples

Next configuration is for the case when you trust only to the certificates that are in provided truststore (even they are self-signed) and don't care if the hostname doesn't match either the first CN, or any of the subject-alts: 

rest-connector.json
{
	host: "yourproject.com",
	port: 9988,
	resourcePath: "/central/addSnapshot",
    trustSelfSigned: false,
    hostVerificationEnabled: false,
    trustStoreFilePath: "~/truststores/central_connector_truststore.jks",
    trustStorePassword: "password"
}

 

This configuration is for the case when you want to trust all certificates (including self-signed) and don't care if the hostname doesn't match either the first CN, or any of the subject-alts: 

rest-connector.json
{
	host: "yourproject.com",
	port: 9988,
	resourcePath: "/central/addSnapshot",
    trustSelfSigned: true,
    hostVerificationEnabled: false
}


Another one configuration example is for the case when you want to trust all certificates (including self-signed), but the hostname must match either the first CN, or any of the subject-alts (a wildcard can occur in the CN, and in any of the subject-alts): 

rest-connector.json
{
	host: "yourproject.com",
	port: 9988,
	resourcePath: "/central/addSnapshot",
    trustSelfSigned: true,
    hostVerificationEnabled: true
}

Keystore and truststore generation

When configuring HTTPS for application server, server's certificate with appropriate public & private key pair are necessarily required.

You can use keytool, which is the JDK console utility, to generate keystore file that contains server's key pair and certificate:

Terminal
keytool -genkey -keyalg RSA -alias moskito_central -keystore central_server_keystore.jks -storepass changeit -validity 365


You probably want to leave that certificate self-signed and to configure Connector in a way to trust only this certificate. Then you need a truststore which contains this servers certificate: 

Terminal
keytool -export -alias moskito_central -keystore central_server_keystore.jks -rfc -file public.cert
keytool -import -alias moskito_central -file public.cert -storetype JKS -keystore central_connector_truststore.jks


Now you can configure Connector with central_connector_truststore.jks truststore (see example).