Examples with SslSelectChannelConnector org.eclipse.jetty.server.ssl.SslSelectChannelConnector used on opensource projects

Search in sources :

Example 1 with SslSelectChannelConnector

use of org.eclipse.jetty.server.ssl.SslSelectChannelConnector in project cdap by caskdata.

the class ExternalAuthenticationServer method startUp.

@Override
protected void startUp() throws Exception {
    server = new Server();
    InetAddress bindAddress = InetAddress.getByName(cConfiguration.get(Constants.Security.AUTH_SERVER_BIND_ADDRESS));
    QueuedThreadPool threadPool = new QueuedThreadPool();
    threadPool.setMaxThreads(maxThreads);
    server.setThreadPool(threadPool);
    initHandlers();
    ServletContextHandler context = new ServletContextHandler();
    context.setServer(server);
    context.addServlet(HttpServletDispatcher.class, "/");
    context.addEventListener(new AuthenticationGuiceServletContextListener(handlers));
    context.setSecurityHandler(authenticationHandler);
    // Status endpoint should be handled without the authentication
    ContextHandler statusContext = new ContextHandler();
    statusContext.setContextPath(Constants.EndPoints.STATUS);
    statusContext.setServer(server);
    statusContext.setHandler(new StatusRequestHandler());
    if (cConfiguration.getBoolean(Constants.Security.SSL.EXTERNAL_ENABLED, false)) {
        SslContextFactory sslContextFactory = new SslContextFactory();
        String keyStorePath = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PATH);
        String keyStorePassword = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_PASSWORD);
        String keyStoreType = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYSTORE_TYPE, Constants.Security.AuthenticationServer.DEFAULT_SSL_KEYSTORE_TYPE);
        String keyPassword = sConfiguration.get(Constants.Security.AuthenticationServer.SSL_KEYPASSWORD);
        Preconditions.checkArgument(keyStorePath != null, "Key Store Path Not Configured");
        Preconditions.checkArgument(keyStorePassword != null, "KeyStore Password Not Configured");
        sslContextFactory.setKeyStorePath(keyStorePath);
        sslContextFactory.setKeyStorePassword(keyStorePassword);
        sslContextFactory.setKeyStoreType(keyStoreType);
        if (keyPassword != null && keyPassword.length() != 0) {
            sslContextFactory.setKeyManagerPassword(keyPassword);
        }
        String trustStorePath = cConfiguration.get(Constants.Security.AuthenticationServer.SSL_TRUSTSTORE_PATH);
        if (StringUtils.isNotEmpty(trustStorePath)) {
            String trustStorePassword = cConfiguration.get(Constants.Security.AuthenticationServer.SSL_TRUSTSTORE_PASSWORD);
            String trustStoreType = cConfiguration.get(Constants.Security.AuthenticationServer.SSL_TRUSTSTORE_TYPE, Constants.Security.AuthenticationServer.DEFAULT_SSL_KEYSTORE_TYPE);
            // SSL handshaking will involve requesting for a client certificate, if cert is not provided
            // server continues with the connection but the client is considered to be unauthenticated
            sslContextFactory.setWantClientAuth(true);
            sslContextFactory.setTrustStore(trustStorePath);
            sslContextFactory.setTrustStorePassword(trustStorePassword);
            sslContextFactory.setTrustStoreType(trustStoreType);
            sslContextFactory.setValidateCerts(true);
        }
        // TODO Figure out how to pick a certificate from key store
        SslSelectChannelConnector sslConnector = new SslSelectChannelConnector(sslContextFactory);
        sslConnector.setHost(bindAddress.getCanonicalHostName());
        sslConnector.setPort(port);
        server.setConnectors(new Connector[] { sslConnector });
    } else {
        SelectChannelConnector connector = new SelectChannelConnector();
        connector.setHost(bindAddress.getCanonicalHostName());
        connector.setPort(port);
        server.setConnectors(new Connector[] { connector });
    }
    HandlerCollection handlers = new HandlerCollection();
    handlers.addHandler(statusContext);
    handlers.addHandler(context);
    // AuditLogHandler must be last, since it needs the response that was sent to the client
    handlers.addHandler(auditLogHandler);
    server.setHandler(handlers);
    try {
        server.start();
    } catch (Exception e) {
        if ((Throwables.getRootCause(e) instanceof BindException)) {
            throw new ServiceBindException("Authentication Server", bindAddress.getCanonicalHostName(), port, e);
        }
        throw e;
    }
    // assumes we only have one connector
    Connector connector = server.getConnectors()[0];
    InetSocketAddress inetSocketAddress = new InetSocketAddress(connector.getHost(), connector.getLocalPort());
    serviceCancellable = discoveryService.register(ResolvingDiscoverable.of(new Discoverable(Constants.Service.EXTERNAL_AUTHENTICATION, inetSocketAddress)));
}
Also used : SslSelectChannelConnector(org.eclipse.jetty.server.ssl.SslSelectChannelConnector) SelectChannelConnector(org.eclipse.jetty.server.nio.SelectChannelConnector) Connector(org.eclipse.jetty.server.Connector) Discoverable(org.apache.twill.discovery.Discoverable) ResolvingDiscoverable(co.cask.cdap.common.discovery.ResolvingDiscoverable) ServiceBindException(co.cask.cdap.common.ServiceBindException) Server(org.eclipse.jetty.server.Server) InetSocketAddress(java.net.InetSocketAddress) BindException(java.net.BindException) ServiceBindException(co.cask.cdap.common.ServiceBindException) BindException(java.net.BindException) ServiceBindException(co.cask.cdap.common.ServiceBindException) SslSelectChannelConnector(org.eclipse.jetty.server.ssl.SslSelectChannelConnector) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler) ContextHandler(org.eclipse.jetty.server.handler.ContextHandler) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SslSelectChannelConnector(org.eclipse.jetty.server.ssl.SslSelectChannelConnector) SelectChannelConnector(org.eclipse.jetty.server.nio.SelectChannelConnector) QueuedThreadPool(org.eclipse.jetty.util.thread.QueuedThreadPool) HandlerCollection(org.eclipse.jetty.server.handler.HandlerCollection) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler) InetAddress(java.net.InetAddress)

Example 2 with SslSelectChannelConnector

use of org.eclipse.jetty.server.ssl.SslSelectChannelConnector in project qi4j-sdk by Qi4j.

the class SecureJettyMixin method buildConnector.

@Override
protected Connector buildConnector() {
    SslConnector connector = new SslSelectChannelConnector(new SslContextFactory());
    JettyConfigurationHelper.configureSslConnector(connector, configuration.get());
    return connector;
}
Also used : SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SslConnector(org.eclipse.jetty.server.ssl.SslConnector) SslSelectChannelConnector(org.eclipse.jetty.server.ssl.SslSelectChannelConnector)

Example 3 with SslSelectChannelConnector

use of org.eclipse.jetty.server.ssl.SslSelectChannelConnector in project coprhd-controller by CoprHD.

the class AbstractSecuredWebServer method initConnectors.

/**
 * set up the ssl connectors with strong ciphers
 *
 * @throws Exception
 */
protected void initConnectors() throws Exception {
    if (!_disableHTTP) {
        if (_unsecuredConnector == null) {
            _unsecuredConnector = new SelectChannelConnector();
        }
        if (_unsecurePort != null) {
            _unsecuredConnector.setPort(Integer.parseInt(_unsecurePort));
        } else {
            _unsecuredConnector.setPort(_serviceInfo.getEndpoint().getPort());
        }
        if (_httpBindAddress != null) {
            _unsecuredConnector.setHost(_httpBindAddress);
        }
        if (lowResourcesConnections != null) {
            _unsecuredConnector.setLowResourcesConnections(lowResourcesConnections);
        }
        if (lowResourcesMaxIdleTime != null) {
            _unsecuredConnector.setLowResourcesMaxIdleTime(lowResourcesMaxIdleTime);
        }
        if (threadPool != null) {
            _unsecuredConnector.setThreadPool(threadPool);
        }
        _server.addConnector(_unsecuredConnector);
    }
    if (!_disableSSL) {
        SslContextFactory sslFac = new SslContextFactory();
        sslFac.setIncludeCipherSuites(_ciphers);
        KeyStore ks = KeyStoreUtil.getViPRKeystore(_coordinatorClient);
        _log.debug("The certificates in Jetty is {}. ", ks.getCertificateChain(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS));
        sslFac.setCertAlias(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS);
        sslFac.setKeyStore(ks);
        _securedConnector = new SslSelectChannelConnector(sslFac);
        if (_securePort != null) {
            _securedConnector.setPort(Integer.parseInt(_securePort));
        } else {
            _securedConnector.setPort(_serviceInfo.getEndpoint().getPort());
        }
        if (_bindAddress != null) {
            _securedConnector.setHost(_bindAddress);
        }
        if (lowResourcesConnections != null) {
            _securedConnector.setLowResourcesConnections(lowResourcesConnections);
        }
        if (lowResourcesMaxIdleTime != null) {
            _securedConnector.setLowResourcesMaxIdleTime(lowResourcesMaxIdleTime);
        }
        if (threadPool != null) {
            _securedConnector.setThreadPool(threadPool);
        }
        _server.addConnector(_securedConnector);
    }
    _server.setSendServerVersion(false);
}
Also used : SslSelectChannelConnector(org.eclipse.jetty.server.ssl.SslSelectChannelConnector) SelectChannelConnector(org.eclipse.jetty.server.nio.SelectChannelConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) KeyStore(java.security.KeyStore) SslSelectChannelConnector(org.eclipse.jetty.server.ssl.SslSelectChannelConnector)

Example 4 with SslSelectChannelConnector

use of org.eclipse.jetty.server.ssl.SslSelectChannelConnector in project coprhd-controller by CoprHD.

the class TestWebServer method initConnectors.

/**
 * set up the ssl connectors with strong ciphers
 *
 * @throws Exception
 */
private void initConnectors() throws Exception {
    SslContextFactory sslFac = new SslContextFactory();
    sslFac.setIncludeCipherSuites(_ciphers);
    KeyStore ks = loadKeystore();
    sslFac.setKeyStore(ks);
    sslFac.setKeyStorePassword(_keystorePassword);
    sslFac.setKeyManagerPassword(_keystorePassword);
    sslFac.setTrustStorePassword(_keystorePassword);
    _securedConnector = new SslSelectChannelConnector(sslFac);
    _securedConnector.setPort(_securePort);
    _server.addConnector(_securedConnector);
    _server.setSendServerVersion(false);
}
Also used : SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) KeyStore(java.security.KeyStore) SslSelectChannelConnector(org.eclipse.jetty.server.ssl.SslSelectChannelConnector)

Example 5 with SslSelectChannelConnector

use of org.eclipse.jetty.server.ssl.SslSelectChannelConnector in project bnd by bndtools.

the class HttpConnectorTest method startJetty.

private static Server startJetty() throws Exception {
    Server server = new Server();
    // Create the login service
    String REQUIRED_ROLE = "users";
    HashLoginService loginSvc = new HashLoginService(REQUIRED_ROLE, USER_ROLE_FILE);
    server.addBean(loginSvc);
    // Start HTTP and HTTPS connectors
    SelectChannelConnector httpConnector = new SelectChannelConnector();
    httpConnector.setPort(0);
    httpConnector.setHost(LOCALHOST);
    server.addConnector(httpConnector);
    SslSelectChannelConnector sslConnector = new SslSelectChannelConnector();
    sslConnector.setPort(0);
    sslConnector.setHost(LOCALHOST);
    SslContextFactory contextFactory = sslConnector.getSslContextFactory();
    contextFactory.setKeyStorePath(KEYSTORE_PATH);
    contextFactory.setKeyStorePassword(KEYSTORE_PASS);
    server.addConnector(sslConnector);
    // Create the resource handler to serve files
    ResourceHandler resourceHandler = new ETaggingResourceHandler();
    resourceHandler.setResourceBase(RESOURCE_BASE);
    resourceHandler.setDirectoriesListed(true);
    // Setup user role constraints
    Constraint constraint = new Constraint();
    constraint.setName(Constraint.__BASIC_AUTH);
    constraint.setRoles(new String[] { REQUIRED_ROLE });
    constraint.setAuthenticate(true);
    // Map constraints to the secured directory
    ConstraintMapping cm = new ConstraintMapping();
    cm.setConstraint(constraint);
    cm.setPathSpec(SECURED_PATH);
    // Setup the constraint handler
    ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
    securityHandler.setAuthMethod("BASIC");
    securityHandler.setHandler(resourceHandler);
    securityHandler.setLoginService(loginSvc);
    securityHandler.setConstraintMappings(new ConstraintMapping[] { cm });
    // Finally!! Start the server
    server.setHandler(securityHandler);
    server.start();
    while (!server.isRunning()) {
        Thread.sleep(10);
    }
    HTTP_PORT = httpConnector.getLocalPort();
    HTTPS_PORT = sslConnector.getLocalPort();
    assertNotSame(Integer.valueOf(0), Integer.valueOf(HTTP_PORT));
    assertNotSame(Integer.valueOf(-1), Integer.valueOf(HTTP_PORT));
    assertNotSame(Integer.valueOf(0), Integer.valueOf(HTTPS_PORT));
    assertNotSame(Integer.valueOf(-1), Integer.valueOf(HTTPS_PORT));
    assertNotSame(Integer.valueOf(HTTP_PORT), Integer.valueOf(HTTPS_PORT));
    return server;
}
Also used : HashLoginService(org.eclipse.jetty.security.HashLoginService) SslSelectChannelConnector(org.eclipse.jetty.server.ssl.SslSelectChannelConnector) SelectChannelConnector(org.eclipse.jetty.server.nio.SelectChannelConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping) Server(org.eclipse.jetty.server.Server) ETaggingResourceHandler(test.http.ETaggingResourceHandler) Constraint(org.eclipse.jetty.util.security.Constraint) ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler) ResourceHandler(org.eclipse.jetty.server.handler.ResourceHandler) ETaggingResourceHandler(test.http.ETaggingResourceHandler) SslSelectChannelConnector(org.eclipse.jetty.server.ssl.SslSelectChannelConnector)

Aggregations

SslSelectChannelConnector (org.eclipse.jetty.server.ssl.SslSelectChannelConnector)7 SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)7 Server (org.eclipse.jetty.server.Server)4 KeyStore (java.security.KeyStore)3 SelectChannelConnector (org.eclipse.jetty.server.nio.SelectChannelConnector)3 Connector (org.eclipse.jetty.server.Connector)2 ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)2 WebAppContext (org.eclipse.jetty.webapp.WebAppContext)2 ServiceBindException (co.cask.cdap.common.ServiceBindException)1 ResolvingDiscoverable (co.cask.cdap.common.discovery.ResolvingDiscoverable)1 CertificateAndKey (com.fathomdb.crypto.CertificateAndKey)1 GuiceFilter (com.google.inject.servlet.GuiceFilter)1 File (java.io.File)1 BindException (java.net.BindException)1 InetAddress (java.net.InetAddress)1 InetSocketAddress (java.net.InetSocketAddress)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 SSLContext (javax.net.ssl.SSLContext)1 Discoverable (org.apache.twill.discovery.Discoverable)1 ConstraintMapping (org.eclipse.jetty.security.ConstraintMapping)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial