#4289 - Ability to skip SSL certificate validation on external recomm…

…enders - Improve documentation
inception-project · Nov 21, 2023 · ce9ee8c · ce9ee8c
1 parent 69a10fc
commit ce9ee8c
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 10 deletions.
diff --git a/...in/resources/META-INF/asciidoc/user-guide/projects_recommendation_external.adoc b/...in/resources/META-INF/asciidoc/user-guide/projects_recommendation_external.adoc
@@ -16,6 +16,14 @@
 
 == External Recommender
 
-This recommender allows to use external web-services to generate predictions. For details on the
-protocol used in the communication with the external services, please refer to the developer
-documentation.
+This recommender allows to use an external web-service to generate predictions. 
+
+You can find an example implementation of several external recommenders in the link:https://github.com/inception-project/inception-external-recommender[INCEpTION External Recommender repository] on GitHub.
+
+For more details on the protocol used in the communication with the external services, please refer to the developer documentation.
+
+=== HTTPS support
+
+The remote recommender service can be accessed via an encrypted HTTPS connection. However, this will fail unless the certificate is either signed by a well-known certificate authority or has been imported into the certificate store of the Java virtual machine. 
+
+For testing purposes, the validation of the SSL certificate can be disabled in the external recommmender settings. However, the SSL certificate will still need to contain a host name that matches the URL of the external recommender. If you also need to disable host name verification, you need to start {application-name} with the system property `jdk.internal.httpclient.disableHostnameVerification`. Note this needs to be specified on the command line and not in the `settings.properties` file.
diff --git a/...tudarmstadt/ukp/inception/recommendation/imls/external/v1/ExternalRecommenderSslTest.java b/...tudarmstadt/ukp/inception/recommendation/imls/external/v1/ExternalRecommenderSslTest.java
@@ -107,13 +107,18 @@ void thatDisablingCertificateValidationWorks_wrongHost()
         sut = new ExternalRecommender(new ExternalRecommenderPropertiesImpl(), recommender, traits);
         assertThatExceptionOfType(RecommendationException.class) //
                 .isThrownBy(() -> sut.train(context, data)) //
-                .withMessageContaining("match any of the subject alternative names");
-
-        traits.setVerifyCertificates(false);
-        sut = new ExternalRecommender(new ExternalRecommenderPropertiesImpl(), recommender, traits);
-        assertThatExceptionOfType(RecommendationException.class) //
-                .isThrownBy(() -> sut.train(context, data)) //
-                .withMessageContaining("404 Not Found");
+                .withMessageContaining("No subject alternative DNS name matching");
+
+        // Disabling certificate validation does not disable host checking for recommenders.
+        // Instead the VM would need to be started with {@code
+        // -Djdk.internal.httpclient.disableHostnameVerification}
+        // System.setProperty("", "true");
+        // // traits.setVerifyCertificates(false);
+        // sut = new ExternalRecommender(new ExternalRecommenderPropertiesImpl(), recommender,
+        // traits);
+        // assertThatExceptionOfType(RecommendationException.class) //
+        // .isThrownBy(() -> sut.train(context, data)) //
+        // .withMessageContaining("404 Not Found");
     }
 
     @Test