Example 1 with AbstractHttp11JsseProtocol
use of org.apache.coyote.http11.AbstractHttp11JsseProtocol in project tomcat by apache.
the class Connector method initInternal.
@Override
protected void initInternal() throws LifecycleException {
super.initInternal();
if (protocolHandler == null) {
throw new LifecycleException(sm.getString("coyoteConnector.protocolHandlerInstantiationFailed"));
}
// Initialize adapter
adapter = new CoyoteAdapter(this);
protocolHandler.setAdapter(adapter);
// Make sure parseBodyMethodsSet has a default
if (null == parseBodyMethodsSet) {
setParseBodyMethods(getParseBodyMethods());
}
if (protocolHandler.isAprRequired() && !AprLifecycleListener.isAprAvailable()) {
throw new LifecycleException(sm.getString("coyoteConnector.protocolHandlerNoApr", getProtocolHandlerClassName()));
}
if (AprLifecycleListener.isAprAvailable() && AprLifecycleListener.getUseOpenSSL() && protocolHandler instanceof AbstractHttp11JsseProtocol) {
AbstractHttp11JsseProtocol<?> jsseProtocolHandler = (AbstractHttp11JsseProtocol<?>) protocolHandler;
if (jsseProtocolHandler.isSSLEnabled() && jsseProtocolHandler.getSslImplementationName() == null) {
// OpenSSL is compatible with the JSSE configuration, so use it if APR is available
jsseProtocolHandler.setSslImplementationName(OpenSSLImplementation.class.getName());
}
}
try {
protocolHandler.init();
} catch (Exception e) {
throw new LifecycleException(sm.getString("coyoteConnector.protocolHandlerInitializationFailed"), e);
}
}
Also used :
AbstractHttp11JsseProtocol(org.apache.coyote.http11.AbstractHttp11JsseProtocol)
LifecycleException(org.apache.catalina.LifecycleException)
OpenSSLImplementation(org.apache.tomcat.util.net.openssl.OpenSSLImplementation)
LifecycleException(org.apache.catalina.LifecycleException)
Example 2 with AbstractHttp11JsseProtocol
use of org.apache.coyote.http11.AbstractHttp11JsseProtocol in project fru-paqx-parent by dellemc-symphony.
the class ContextConfig method servletContainer.
@Bean
public /**
* This container is required in order to implement the redirect from http 8080 to https 18443 in spring boot.
* This means that http can continue to be used but will automatically redirect to https
* The responses from FRU will be https regardless of the protocol/port used by the cli.
*/
EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
@Override
protected void postProcessContext(Context context) {
SecurityConstraint securityConstraint = new SecurityConstraint();
securityConstraint.setUserConstraint("CONFIDENTIAL");
SecurityCollection collection = new SecurityCollection();
collection.addPattern("/*");
securityConstraint.addCollection(collection);
context.addConstraint(securityConstraint);
}
@Override
protected /**
* This is the method where ssl is configured in the tomcat container.
* We want to override this in order to be able to take an encrypted-base64-encoded password from
* application.properties and to decode+decrypt it and provide it to the Ssl object before ssl configuration begins.
*/
void configureSsl(AbstractHttp11JsseProtocol<?> protocol, Ssl ssl) {
if (LOG.isDebugEnabled()) {
LOG.debug("ContextConfig: servletContainer: encoded password = " + ssl.getKeyStorePassword());
}
byte[] decodedBytes = Base64.getDecoder().decode(ssl.getKeyStorePassword());
ssl.setKeyStorePassword(new String(decodedBytes));
super.configureSsl(protocol, ssl);
}
};
//Setup the redirection
tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
//Setup the custom realm, which sets the custom redirect code.
//By default the redirect is 302. But if the request to be redirected is a post,
//then the post is converted to a get and therefore the post's body is removed in the redirect. (e.g. using CURL)
//We need to set the redirection with code 307 so that the origin method is used in the redirect
//e.g. get uses get on redirect and post uses post on redirect.
//This conforms to standard RFC 2616
tomcat.addContextCustomizers((TomcatContextCustomizer) context -> {
RealmBase base = new CombinedRealm();
base.setTransportGuaranteeRedirectStatus(307);
context.setRealm(base);
});
return tomcat;
}
Also used :
Context(org.apache.catalina.Context)
CombinedRealm(org.apache.catalina.realm.CombinedRealm)
Logger(org.slf4j.Logger)
TomcatContextCustomizer(org.springframework.boot.context.embedded.tomcat.TomcatContextCustomizer)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
LoggerFactory(org.slf4j.LoggerFactory)
Connector(org.apache.catalina.connector.Connector)
Context(org.apache.catalina.Context)
EmbeddedServletContainerFactory(org.springframework.boot.context.embedded.EmbeddedServletContainerFactory)
RealmBase(org.apache.catalina.realm.RealmBase)
Configuration(org.springframework.context.annotation.Configuration)
Ssl(org.springframework.boot.context.embedded.Ssl)
TomcatEmbeddedServletContainerFactory(org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory)
Base64(java.util.Base64)
ConsumerContextConfig(com.dell.cpsd.service.common.client.context.ConsumerContextConfig)
AbstractHttp11JsseProtocol(org.apache.coyote.http11.AbstractHttp11JsseProtocol)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
Bean(org.springframework.context.annotation.Bean)
AbstractHttp11JsseProtocol(org.apache.coyote.http11.AbstractHttp11JsseProtocol)
CombinedRealm(org.apache.catalina.realm.CombinedRealm)
TomcatEmbeddedServletContainerFactory(org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory)
RealmBase(org.apache.catalina.realm.RealmBase)
Ssl(org.springframework.boot.context.embedded.Ssl)
SecurityConstraint(org.apache.tomcat.util.descriptor.web.SecurityConstraint)
SecurityCollection(org.apache.tomcat.util.descriptor.web.SecurityCollection)
Bean(org.springframework.context.annotation.Bean)
Example 3 with AbstractHttp11JsseProtocol
use of org.apache.coyote.http11.AbstractHttp11JsseProtocol in project tomcat by apache.
the class TestCustomSsl method doTestCustomTrustManager.
private void doTestCustomTrustManager(boolean serverTrustAll) throws Exception {
Tomcat tomcat = getTomcatInstance();
Assume.assumeTrue("SSL renegotiation has to be supported for this test", TesterSupport.isRenegotiationSupported(getTomcatInstance()));
TesterSupport.configureClientCertContext(tomcat);
// Override the defaults
ProtocolHandler handler = tomcat.getConnector().getProtocolHandler();
if (handler instanceof AbstractHttp11JsseProtocol) {
((AbstractHttp11JsseProtocol<?>) handler).setTruststoreFile(null);
} else {
// Unexpected
fail("Unexpected handler type");
}
if (serverTrustAll) {
tomcat.getConnector().setAttribute("trustManagerClassName", "org.apache.tomcat.util.net.TesterSupport$TrustAllCerts");
}
// Start Tomcat
tomcat.start();
TesterSupport.configureClientSsl();
// Unprotected resource
ByteChunk res = getUrl("https://localhost:" + getPort() + "/unprotected");
assertEquals("OK", res.toString());
// Protected resource
res.recycle();
int rc = -1;
try {
rc = getUrl("https://localhost:" + getPort() + "/protected", res, null, null);
} catch (SocketException se) {
if (serverTrustAll) {
fail(se.getMessage());
se.printStackTrace();
}
} catch (SSLException he) {
if (serverTrustAll) {
fail(he.getMessage());
he.printStackTrace();
}
}
if (serverTrustAll) {
assertEquals(200, rc);
assertEquals("OK-" + TesterSupport.ROLE, res.toString());
} else {
assertTrue(rc != 200);
assertEquals("", res.toString());
}
}
Also used :
ProtocolHandler(org.apache.coyote.ProtocolHandler)
AbstractHttp11JsseProtocol(org.apache.coyote.http11.AbstractHttp11JsseProtocol)
SocketException(java.net.SocketException)
Tomcat(org.apache.catalina.startup.Tomcat)
ByteChunk(org.apache.tomcat.util.buf.ByteChunk)
SSLException(javax.net.ssl.SSLException)
Example 4 with AbstractHttp11JsseProtocol
use of org.apache.coyote.http11.AbstractHttp11JsseProtocol in project spring-boot by spring-projects.
the class TomcatServletWebServerFactory method customizeSsl.
private void customizeSsl(Connector connector) {
ProtocolHandler handler = connector.getProtocolHandler();
Assert.state(handler instanceof AbstractHttp11JsseProtocol, "To use SSL, the connector's protocol handler must be an " + "AbstractHttp11JsseProtocol subclass");
configureSsl((AbstractHttp11JsseProtocol<?>) handler, getSsl());
connector.setScheme("https");
connector.setSecure(true);
}
Also used :
ProtocolHandler(org.apache.coyote.ProtocolHandler)
AbstractHttp11JsseProtocol(org.apache.coyote.http11.AbstractHttp11JsseProtocol)
Aggregations
AbstractHttp11JsseProtocol (org.apache.coyote.http11.AbstractHttp11JsseProtocol)4
ProtocolHandler (org.apache.coyote.ProtocolHandler)2
ConsumerContextConfig (com.dell.cpsd.service.common.client.context.ConsumerContextConfig)1
SocketException (java.net.SocketException)1
Base64 (java.util.Base64)1
SSLException (javax.net.ssl.SSLException)1
Context (org.apache.catalina.Context)1
LifecycleException (org.apache.catalina.LifecycleException)1
Connector (org.apache.catalina.connector.Connector)1
CombinedRealm (org.apache.catalina.realm.CombinedRealm)1
RealmBase (org.apache.catalina.realm.RealmBase)1
Tomcat (org.apache.catalina.startup.Tomcat)1
ByteChunk (org.apache.tomcat.util.buf.ByteChunk)1
SecurityCollection (org.apache.tomcat.util.descriptor.web.SecurityCollection)1
SecurityConstraint (org.apache.tomcat.util.descriptor.web.SecurityConstraint)1
OpenSSLImplementation (org.apache.tomcat.util.net.openssl.OpenSSLImplementation)1
Logger (org.slf4j.Logger)1
LoggerFactory (org.slf4j.LoggerFactory)1
EmbeddedServletContainerFactory (org.springframework.boot.context.embedded.EmbeddedServletContainerFactory)1
Ssl (org.springframework.boot.context.embedded.Ssl)1
