TechQA.

Play 2.4 HikariCP connection pool configuration

2.4k views Asked by At

I need to specify some config parameters, separated by dots. Connection pool is in Play 2.4 application. For example 

db {
  default {
    driver = ${?DB_DRIVER}
    url = ${?DB_URL}
    username = ${?DB_USER}
    password = ${?DB_PASSWORD}
    hikaricp {
      dataSource {
        "javax.net.ssl.trustStore" = ${?DB_TRUST_STORE}
        "javax.net.ssl.trustStoreType" = "JKS"
        "javax.net.ssl.trustStorePassword" = ${?DB_TRUST_STORE_PASSWORD}
        "javax.net.ssl.keyStore" = ${?DB_KEY_STORE}
        "javax.net.ssl.keyStoreType" = "JKS"
        "javax.net.ssl.keyStorePassword" = ${?DB_KEY_STORE_PASSWORD}
      }
    }
}

All parameters like "javax.net.ssl." are used to provide details about SSL certificates for connection. Looks like Play framework is trying to parse config keys like "javax.net.ssl." and separate them by dots. So it fails with the exception

Caused by: com.typesafe.config.ConfigException$Missing: No configuration setting found for key 'javax'

I found a similar topic here: How do I get an unwrapped key in Typesafe Config? According to the first response 

foo {
   bar {
       baz = 10
   }
}

is the same as 

foo.bar.baz = 10

But it would be different if written as "foo.bar.baz" = 10

I hoped that using quotes should help but it doesn't and seems like a bug in the pool configuration implementation. Please, advise.

java ssl playframework typesafe-config
Original Q&A
2

There are 2 answers

0
brettw On

These are typically JVM properties, do I don't know if it is appropriate to put them in the db/dataSource configuration. Even if it is the driver that uses these, those are system-wide properties and would apply to all SSL components.

0
kheraud On

I answer to complete @brettw answer.

You have to add these parameters as JVM properties when running your play exec :

/path/to/bin/<project-name>
  -Djavax.net.ssl.keyStore=/mysql-credentials/keystore \
  -Djavax.net.ssl.keyStorePassword=YYYYYY \
  -Djavax.net.ssl.trustStore=/mysql-credentials/truststore \
  -Djavax.net.ssl.trustStorePassword=XXXXXX \
  ...

For those wondering how to create these stores : read this

I think that trustStoreType and keyStoreType are not required, I always use JKS types.

Keep in mind that you also have to tell jdbc to use SSL : 

-Dslick.dbs.default.db.url=jdbc:mysql://DOMAIN_OR_IP/DATABASE?verifyServerCertificate=false&useSSL=true&requireSSL=true

Last but not least you can debug the handshakes with :

-Djavax.net.debug=all

It gives you a lot (MB) of informations on handshakes, renegociation and ciphers printed on stdout

Related Questions in JAVA

Related Questions in SSL

Related Questions in PLAYFRAMEWORK

Related Questions in TYPESAFE-CONFIG

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions