Examples with HttpConfiguration org.eclipse.jetty.server.HttpConfiguration used on opensource projects

Example 91 with HttpConfiguration

use of org.eclipse.jetty.server.HttpConfiguration in project drill by apache.

the class WebServer method createHttpsConnector.

/**
   * Create an HTTPS connector for given jetty server instance. If the admin has specified keystore/truststore settings
   * they will be used else a self-signed certificate is generated and used.
   *
   * @return Initialized {@link ServerConnector} for HTTPS connectios.
   * @throws Exception
   */
private ServerConnector createHttpsConnector() throws Exception {
    logger.info("Setting up HTTPS connector for web server");
    final SslContextFactory sslContextFactory = new SslContextFactory();
    if (config.hasPath(ExecConstants.HTTP_KEYSTORE_PATH) && !Strings.isNullOrEmpty(config.getString(ExecConstants.HTTP_KEYSTORE_PATH))) {
        logger.info("Using configured SSL settings for web server");
        sslContextFactory.setKeyStorePath(config.getString(ExecConstants.HTTP_KEYSTORE_PATH));
        sslContextFactory.setKeyStorePassword(config.getString(ExecConstants.HTTP_KEYSTORE_PASSWORD));
        // TrustStore and TrustStore password are optional
        if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PATH)) {
            sslContextFactory.setTrustStorePath(config.getString(ExecConstants.HTTP_TRUSTSTORE_PATH));
            if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PASSWORD)) {
                sslContextFactory.setTrustStorePassword(config.getString(ExecConstants.HTTP_TRUSTSTORE_PASSWORD));
            }
        }
    } else {
        logger.info("Using generated self-signed SSL settings for web server");
        final SecureRandom random = new SecureRandom();
        // Generate a private-public key pair
        final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024, random);
        final KeyPair keyPair = keyPairGenerator.generateKeyPair();
        final DateTime now = DateTime.now();
        // Create builder for certificate attributes
        final X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.OU, "Apache Drill (auth-generated)").addRDN(BCStyle.O, "Apache Software Foundation (auto-generated)").addRDN(BCStyle.CN, workManager.getContext().getEndpoint().getAddress());
        final Date notBefore = now.minusMinutes(1).toDate();
        final Date notAfter = now.plusYears(5).toDate();
        final BigInteger serialNumber = new BigInteger(128, random);
        // Create a certificate valid for 5years from now.
        final X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(// attributes
        nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic());
        // Sign the certificate using the private key
        final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
        final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
        // Check the validity
        certificate.checkValidity(now.toDate());
        // Make sure the certificate is self-signed.
        certificate.verify(certificate.getPublicKey());
        // Generate a random password for keystore protection
        final String keyStorePasswd = RandomStringUtils.random(20);
        final KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        keyStore.setKeyEntry("DrillAutoGeneratedCert", keyPair.getPrivate(), keyStorePasswd.toCharArray(), new java.security.cert.Certificate[] { certificate });
        sslContextFactory.setKeyStore(keyStore);
        sslContextFactory.setKeyStorePassword(keyStorePasswd);
    }
    final HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    // SSL Connector
    final ServerConnector sslConnector = new ServerConnector(embeddedJetty, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    sslConnector.setPort(config.getInt(ExecConstants.HTTP_PORT));
    return sslConnector;
}

Example 92 with HttpConfiguration

use of org.eclipse.jetty.server.HttpConfiguration in project drill by apache.

the class WebServer method createHttpConnector.

/**
   * Create HTTP connector.
   * @return Initialized {@link ServerConnector} instance for HTTP connections.
   * @throws Exception
   */
private ServerConnector createHttpConnector() throws Exception {
    logger.info("Setting up HTTP connector for web server");
    final HttpConfiguration httpConfig = new HttpConfiguration();
    final ServerConnector httpConnector = new ServerConnector(embeddedJetty, new HttpConnectionFactory(httpConfig));
    httpConnector.setPort(config.getInt(ExecConstants.HTTP_PORT));
    return httpConnector;
}

Example 93 with HttpConfiguration

use of org.eclipse.jetty.server.HttpConfiguration in project geode by apache.

the class JettyHelper method initJetty.

public static Server initJetty(final String bindAddress, final int port, SSLConfig sslConfig) {
    final Server jettyServer = new Server();
    // Add a handler collection here, so that each new context adds itself
    // to this collection.
    jettyServer.setHandler(new HandlerCollection());
    ServerConnector connector = null;
    HttpConfiguration httpConfig = new HttpConfiguration();
    httpConfig.setSecureScheme(HTTPS);
    httpConfig.setSecurePort(port);
    if (sslConfig.isEnabled()) {
        SslContextFactory sslContextFactory = new SslContextFactory();
        if (StringUtils.isNotBlank(sslConfig.getAlias())) {
            sslContextFactory.setCertAlias(sslConfig.getAlias());
        }
        sslContextFactory.setNeedClientAuth(sslConfig.isRequireAuth());
        if (StringUtils.isNotBlank(sslConfig.getCiphers()) && !"any".equalsIgnoreCase(sslConfig.getCiphers())) {
            // If use has mentioned "any" let the SSL layer decide on the ciphers
            sslContextFactory.setIncludeCipherSuites(SSLUtil.readArray(sslConfig.getCiphers()));
        }
        String protocol = SSLUtil.getSSLAlgo(SSLUtil.readArray(sslConfig.getProtocols()));
        if (protocol != null) {
            sslContextFactory.setProtocol(protocol);
        } else {
            logger.warn(ManagementStrings.SSL_PROTOCOAL_COULD_NOT_BE_DETERMINED);
        }
        if (StringUtils.isBlank(sslConfig.getKeystore())) {
            throw new GemFireConfigException("Key store can't be empty if SSL is enabled for HttpService");
        }
        sslContextFactory.setKeyStorePath(sslConfig.getKeystore());
        if (StringUtils.isNotBlank(sslConfig.getKeystoreType())) {
            sslContextFactory.setKeyStoreType(sslConfig.getKeystoreType());
        }
        if (StringUtils.isNotBlank(sslConfig.getKeystorePassword())) {
            sslContextFactory.setKeyStorePassword(sslConfig.getKeystorePassword());
        }
        if (StringUtils.isNotBlank(sslConfig.getTruststore())) {
            sslContextFactory.setTrustStorePath(sslConfig.getTruststore());
        }
        if (StringUtils.isNotBlank(sslConfig.getTruststorePassword())) {
            sslContextFactory.setTrustStorePassword(sslConfig.getTruststorePassword());
        }
        httpConfig.addCustomizer(new SecureRequestCustomizer());
        // Somehow With HTTP_2.0 Jetty throwing NPE. Need to investigate further whether all GemFire
        // web application(Pulse, REST) can do with HTTP_1.1
        connector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfig));
        connector.setPort(port);
    } else {
        connector = new ServerConnector(jettyServer, new HttpConnectionFactory(httpConfig));
        connector.setPort(port);
    }
    jettyServer.setConnectors(new Connector[] { connector });
    if (StringUtils.isNotBlank(bindAddress)) {
        connector.setHost(bindAddress);
    }
    if (bindAddress != null && !bindAddress.isEmpty()) {
        JettyHelper.bindAddress = bindAddress;
    }
    JettyHelper.port = port;
    return jettyServer;
}

Example 94 with HttpConfiguration

use of org.eclipse.jetty.server.HttpConfiguration in project incubator-atlas by apache.

the class SecureEmbeddedServer method getConnector.

protected Connector getConnector(int port) throws IOException {
    org.apache.commons.configuration.Configuration config = getConfiguration();
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(config.getString(KEYSTORE_FILE_KEY, System.getProperty(KEYSTORE_FILE_KEY, DEFAULT_KEYSTORE_FILE_LOCATION)));
    sslContextFactory.setKeyStorePassword(getPassword(config, KEYSTORE_PASSWORD_KEY));
    sslContextFactory.setKeyManagerPassword(getPassword(config, SERVER_CERT_PASSWORD_KEY));
    sslContextFactory.setTrustStorePath(config.getString(TRUSTSTORE_FILE_KEY, System.getProperty(TRUSTSTORE_FILE_KEY, DEFATULT_TRUSTORE_FILE_LOCATION)));
    sslContextFactory.setTrustStorePassword(getPassword(config, TRUSTSTORE_PASSWORD_KEY));
    sslContextFactory.setWantClientAuth(config.getBoolean(CLIENT_AUTH_KEY, Boolean.getBoolean(CLIENT_AUTH_KEY)));
    List<Object> cipherList = config.getList(ATLAS_SSL_EXCLUDE_CIPHER_SUITES, DEFAULT_CIPHER_SUITES);
    sslContextFactory.setExcludeCipherSuites(cipherList.toArray(new String[cipherList.size()]));
    sslContextFactory.setRenegotiationAllowed(false);
    String[] excludedProtocols = config.containsKey(ATLAS_SSL_EXCLUDE_PROTOCOLS) ? config.getStringArray(ATLAS_SSL_EXCLUDE_PROTOCOLS) : DEFAULT_EXCLUDE_PROTOCOLS;
    if (excludedProtocols != null && excludedProtocols.length > 0) {
        sslContextFactory.addExcludeProtocols(excludedProtocols);
    }
    // SSL HTTP Configuration
    // HTTP Configuration
    HttpConfiguration http_config = new HttpConfiguration();
    http_config.setSecureScheme("https");
    final int bufferSize = AtlasConfiguration.WEBSERVER_REQUEST_BUFFER_SIZE.getInt();
    http_config.setSecurePort(port);
    http_config.setRequestHeaderSize(bufferSize);
    http_config.setResponseHeaderSize(bufferSize);
    http_config.setSendServerVersion(true);
    http_config.setSendDateHeader(false);
    HttpConfiguration https_config = new HttpConfiguration(http_config);
    https_config.addCustomizer(new SecureRequestCustomizer());
    // SSL Connector
    ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https_config));
    sslConnector.setPort(port);
    server.addConnector(sslConnector);
    return sslConnector;
}

Example 95 with HttpConfiguration

use of org.eclipse.jetty.server.HttpConfiguration in project incubator-atlas by apache.

the class EmbeddedServer method getConnector.

protected Connector getConnector(int port) throws IOException {
    HttpConfiguration http_config = new HttpConfiguration();
    // this is to enable large header sizes when Kerberos is enabled with AD
    final int bufferSize = AtlasConfiguration.WEBSERVER_REQUEST_BUFFER_SIZE.getInt();
    ;
    http_config.setResponseHeaderSize(bufferSize);
    http_config.setRequestHeaderSize(bufferSize);
    ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory(http_config));
    connector.setPort(port);
    connector.setHost("0.0.0.0");
    return connector;
}