Examples with SecureRequestCustomizer org.eclipse.jetty.server.SecureRequestCustomizer used on opensource projects

Example 46 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project jetty.project by eclipse.

the class LikeJettyXml method main.

public static void main(String[] args) throws Exception {
    // Path to as-built jetty-distribution directory
    String jettyHomeBuild = "../../jetty-distribution/target/distribution";
    // Find jetty home and base directories
    String homePath = System.getProperty("jetty.home", jettyHomeBuild);
    File start_jar = new File(homePath, "start.jar");
    if (!start_jar.exists()) {
        homePath = jettyHomeBuild = "jetty-distribution/target/distribution";
        start_jar = new File(homePath, "start.jar");
        if (!start_jar.exists())
            throw new FileNotFoundException(start_jar.toString());
    }
    File homeDir = new File(homePath);
    String basePath = System.getProperty("jetty.base", homeDir + "/demo-base");
    File baseDir = new File(basePath);
    if (!baseDir.exists()) {
        throw new FileNotFoundException(baseDir.getAbsolutePath());
    }
    // Configure jetty.home and jetty.base system properties
    String jetty_home = homeDir.getAbsolutePath();
    String jetty_base = baseDir.getAbsolutePath();
    System.setProperty("jetty.home", jetty_home);
    System.setProperty("jetty.base", jetty_base);
    // === jetty.xml ===
    // Setup Threadpool
    QueuedThreadPool threadPool = new QueuedThreadPool();
    threadPool.setMaxThreads(500);
    // Server
    Server server = new Server(threadPool);
    // Scheduler
    server.addBean(new ScheduledExecutorScheduler());
    // HTTP Configuration
    HttpConfiguration http_config = new HttpConfiguration();
    http_config.setSecureScheme("https");
    http_config.setSecurePort(8443);
    http_config.setOutputBufferSize(32768);
    http_config.setRequestHeaderSize(8192);
    http_config.setResponseHeaderSize(8192);
    http_config.setSendServerVersion(true);
    http_config.setSendDateHeader(false);
    // httpConfig.addCustomizer(new ForwardedRequestCustomizer());
    // Handler Structure
    HandlerCollection handlers = new HandlerCollection();
    ContextHandlerCollection contexts = new ContextHandlerCollection();
    handlers.setHandlers(new Handler[] { contexts, new DefaultHandler() });
    server.setHandler(handlers);
    // Extra options
    server.setDumpAfterStart(false);
    server.setDumpBeforeStop(false);
    server.setStopAtShutdown(true);
    // === jetty-jmx.xml ===
    MBeanContainer mbContainer = new MBeanContainer(ManagementFactory.getPlatformMBeanServer());
    server.addBean(mbContainer);
    // === jetty-http.xml ===
    ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(http_config));
    http.setPort(8080);
    http.setIdleTimeout(30000);
    server.addConnector(http);
    // === jetty-https.xml ===
    // SSL Context Factory
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(jetty_home + "/../../../jetty-server/src/test/config/etc/keystore");
    sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
    sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
    sslContextFactory.setTrustStorePath(jetty_home + "/../../../jetty-server/src/test/config/etc/keystore");
    sslContextFactory.setTrustStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
    sslContextFactory.setExcludeCipherSuites("SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
    // SSL HTTP Configuration
    HttpConfiguration https_config = new HttpConfiguration(http_config);
    https_config.addCustomizer(new SecureRequestCustomizer());
    // SSL Connector
    ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https_config));
    sslConnector.setPort(8443);
    server.addConnector(sslConnector);
    // === jetty-deploy.xml ===
    DeploymentManager deployer = new DeploymentManager();
    DebugListener debug = new DebugListener(System.err, true, true, true);
    server.addBean(debug);
    deployer.addLifeCycleBinding(new DebugListenerBinding(debug));
    deployer.setContexts(contexts);
    deployer.setContextAttribute("org.eclipse.jetty.server.webapp.ContainerIncludeJarPattern", ".*/servlet-api-[^/]*\\.jar$");
    WebAppProvider webapp_provider = new WebAppProvider();
    webapp_provider.setMonitoredDirName(jetty_base + "/webapps");
    webapp_provider.setDefaultsDescriptor(jetty_home + "/etc/webdefault.xml");
    webapp_provider.setScanInterval(1);
    webapp_provider.setExtractWars(true);
    webapp_provider.setConfigurationManager(new PropertiesConfigurationManager());
    deployer.addAppProvider(webapp_provider);
    server.addBean(deployer);
    // === setup jetty plus ==
    Configuration.ClassList.setServerDefault(server).addAfter("org.eclipse.jetty.webapp.FragmentConfiguration", "org.eclipse.jetty.plus.webapp.EnvConfiguration", "org.eclipse.jetty.plus.webapp.PlusConfiguration");
    // === jetty-stats.xml ===
    StatisticsHandler stats = new StatisticsHandler();
    stats.setHandler(server.getHandler());
    server.setHandler(stats);
    ServerConnectionStatistics.addToAllConnectors(server);
    // === Rewrite Handler
    RewriteHandler rewrite = new RewriteHandler();
    rewrite.setHandler(server.getHandler());
    server.setHandler(rewrite);
    // === jetty-requestlog.xml ===
    NCSARequestLog requestLog = new NCSARequestLog();
    requestLog.setFilename(jetty_home + "/logs/yyyy_mm_dd.request.log");
    requestLog.setFilenameDateFormat("yyyy_MM_dd");
    requestLog.setRetainDays(90);
    requestLog.setAppend(true);
    requestLog.setExtended(true);
    requestLog.setLogCookies(false);
    requestLog.setLogTimeZone("GMT");
    RequestLogHandler requestLogHandler = new RequestLogHandler();
    requestLogHandler.setRequestLog(requestLog);
    handlers.addHandler(requestLogHandler);
    // === jetty-lowresources.xml ===
    LowResourceMonitor lowResourcesMonitor = new LowResourceMonitor(server);
    lowResourcesMonitor.setPeriod(1000);
    lowResourcesMonitor.setLowResourcesIdleTimeout(200);
    lowResourcesMonitor.setMonitorThreads(true);
    lowResourcesMonitor.setMaxConnections(0);
    lowResourcesMonitor.setMaxMemory(0);
    lowResourcesMonitor.setMaxLowResourcesTime(5000);
    server.addBean(lowResourcesMonitor);
    // === test-realm.xml ===
    HashLoginService login = new HashLoginService();
    login.setName("Test Realm");
    login.setConfig(jetty_base + "/etc/realm.properties");
    login.setHotReload(false);
    server.addBean(login);
    // Start the server
    server.start();
    server.join();
}

Example 47 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project jetty.project by eclipse.

the class ManyConnectors method main.

public static void main(String[] args) throws Exception {
    // Since this example shows off SSL configuration, we need a keystore
    // with the appropriate key. These lookup of jetty.home is purely a hack
    // to get access to a keystore that we use in many unit tests and should
    // probably be a direct path to your own keystore.
    String jettyDistKeystore = "../../jetty-distribution/target/distribution/demo-base/etc/keystore";
    String keystorePath = System.getProperty("example.keystore", jettyDistKeystore);
    File keystoreFile = new File(keystorePath);
    if (!keystoreFile.exists()) {
        throw new FileNotFoundException(keystoreFile.getAbsolutePath());
    }
    // Create a basic jetty server object without declaring the port. Since
    // we are configuring connectors directly we'll be setting ports on
    // those connectors.
    Server server = new Server();
    // HTTP Configuration
    // HttpConfiguration is a collection of configuration information
    // appropriate for http and https. The default scheme for http is
    // <code>http</code> of course, as the default for secured http is
    // <code>https</code> but we show setting the scheme to show it can be
    // done. The port for secured communication is also set here.
    HttpConfiguration http_config = new HttpConfiguration();
    http_config.setSecureScheme("https");
    http_config.setSecurePort(8443);
    http_config.setOutputBufferSize(32768);
    // HTTP connector
    // The first server connector we create is the one for http, passing in
    // the http configuration we configured above so it can get things like
    // the output buffer size, etc. We also set the port (8080) and
    // configure an idle timeout.
    ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(http_config));
    http.setPort(8080);
    http.setIdleTimeout(30000);
    // SSL Context Factory for HTTPS
    // SSL requires a certificate so we configure a factory for ssl contents
    // with information pointing to what keystore the ssl connection needs
    // to know about. Much more configuration is available the ssl context,
    // including things like choosing the particular certificate out of a
    // keystore to be used.
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
    sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
    sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
    // HTTPS Configuration
    // A new HttpConfiguration object is needed for the next connector and
    // you can pass the old one as an argument to effectively clone the
    // contents. On this HttpConfiguration object we add a
    // SecureRequestCustomizer which is how a new connector is able to
    // resolve the https connection before handing control over to the Jetty
    // Server.
    HttpConfiguration https_config = new HttpConfiguration(http_config);
    SecureRequestCustomizer src = new SecureRequestCustomizer();
    src.setStsMaxAge(2000);
    src.setStsIncludeSubDomains(true);
    https_config.addCustomizer(src);
    // HTTPS connector
    // We create a second ServerConnector, passing in the http configuration
    // we just made along with the previously created ssl context factory.
    // Next we set the port and a longer idle timeout.
    ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https_config));
    https.setPort(8443);
    https.setIdleTimeout(500000);
    // Here you see the server having multiple connectors registered with
    // it, now requests can flow into the server from both http and https
    // urls to their respective ports and be processed accordingly by jetty.
    // A simple handler is also registered with the server so the example
    // has something to pass requests off to.
    // Set the connectors
    server.setConnectors(new Connector[] { http, https });
    // Set a handler
    server.setHandler(new HelloHandler());
    // Start the server
    server.start();
    server.join();
}

Example 48 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project jetty.project by eclipse.

the class SelectChannelServerSslTest method init.

@Before
public void init() throws Exception {
    String keystorePath = System.getProperty("basedir", ".") + "/src/test/resources/keystore";
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(keystorePath);
    sslContextFactory.setKeyStorePassword("storepwd");
    sslContextFactory.setKeyManagerPassword("keypwd");
    sslContextFactory.setTrustStorePath(keystorePath);
    sslContextFactory.setTrustStorePassword("storepwd");
    ByteBufferPool pool = new LeakTrackingByteBufferPool(new MappedByteBufferPool.Tagged());
    HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory();
    ServerConnector connector = new ServerConnector(_server, (Executor) null, (Scheduler) null, pool, 1, 1, AbstractConnectionFactory.getFactories(sslContextFactory, httpConnectionFactory));
    SecureRequestCustomizer secureRequestCustomer = new SecureRequestCustomizer();
    secureRequestCustomer.setSslSessionAttribute("SSL_SESSION");
    httpConnectionFactory.getHttpConfiguration().addCustomizer(secureRequestCustomer);
    startServer(connector);
    KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
    try (InputStream stream = sslContextFactory.getKeyStoreResource().getInputStream()) {
        keystore.load(stream, "storepwd".toCharArray());
    }
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(keystore);
    __sslContext = SSLContext.getInstance("TLS");
    __sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
    try {
        HttpsURLConnection.setDefaultHostnameVerifier(__hostnameverifier);
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, SslContextFactory.TRUST_ALL_CERTS, new java.security.SecureRandom());
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
    } catch (Exception e) {
        e.printStackTrace();
        throw new RuntimeException(e);
    }
}

Example 49 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project jetty.project by eclipse.

the class SniSslConnectionFactoryTest method before.

@Before
public void before() throws Exception {
    String keystorePath = "src/test/resources/snikeystore";
    File keystoreFile = new File(keystorePath);
    if (!keystoreFile.exists())
        throw new FileNotFoundException(keystoreFile.getAbsolutePath());
    _server = new Server();
    HttpConfiguration http_config = new HttpConfiguration();
    http_config.setSecureScheme("https");
    http_config.setSecurePort(8443);
    http_config.setOutputBufferSize(32768);
    _https_config = new HttpConfiguration(http_config);
    _https_config.addCustomizer(new SecureRequestCustomizer());
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
    sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
    sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
    ServerConnector https = _connector = new ServerConnector(_server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(_https_config));
    _server.addConnector(https);
    _server.setHandler(new AbstractHandler.ErrorDispatchHandler() {

        @Override
        protected void doNonErrorHandle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) {
            baseRequest.setHandled(true);
            response.setStatus(200);
            response.setHeader("X-URL", request.getRequestURI());
            response.setHeader("X-HOST", request.getServerName());
        }
    });
    _server.start();
    _port = https.getLocalPort();
}

Example 50 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project jetty.project by eclipse.

the class SecuredRedirectHandlerTest method startServer.

@BeforeClass
public static void startServer() throws Exception {
    // Setup SSL
    File keystore = MavenTestingUtils.getTestResourceFile("keystore");
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(keystore.getAbsolutePath());
    sslContextFactory.setKeyStorePassword("storepwd");
    sslContextFactory.setKeyManagerPassword("keypwd");
    sslContextFactory.setTrustStorePath(keystore.getAbsolutePath());
    sslContextFactory.setTrustStorePassword("storepwd");
    server = new Server();
    int port = 32080;
    int securePort = 32443;
    // Setup HTTP Configuration
    HttpConfiguration httpConf = new HttpConfiguration();
    httpConf.setSecurePort(securePort);
    httpConf.setSecureScheme("https");
    ServerConnector httpConnector = new ServerConnector(server, new HttpConnectionFactory(httpConf));
    httpConnector.setName("unsecured");
    httpConnector.setPort(port);
    // Setup HTTPS Configuration
    HttpConfiguration httpsConf = new HttpConfiguration(httpConf);
    httpsConf.addCustomizer(new SecureRequestCustomizer());
    ServerConnector httpsConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConf));
    httpsConnector.setName("secured");
    httpsConnector.setPort(securePort);
    // Add connectors
    server.setConnectors(new Connector[] { httpConnector, httpsConnector });
    // Wire up contexts
    String[] secureHosts = new String[] { "@secured" };
    ContextHandler test1Context = new ContextHandler();
    test1Context.setContextPath("/test1");
    test1Context.setHandler(new HelloHandler("Hello1"));
    test1Context.setVirtualHosts(secureHosts);
    ContextHandler test2Context = new ContextHandler();
    test2Context.setContextPath("/test2");
    test2Context.setHandler(new HelloHandler("Hello2"));
    test2Context.setVirtualHosts(secureHosts);
    ContextHandler rootContext = new ContextHandler();
    rootContext.setContextPath("/");
    rootContext.setHandler(new RootHandler("/test1", "/test2"));
    rootContext.setVirtualHosts(secureHosts);
    // Wire up context for unsecure handling to only
    // the named 'unsecured' connector
    ContextHandler redirectHandler = new ContextHandler();
    redirectHandler.setContextPath("/");
    redirectHandler.setHandler(new SecuredRedirectHandler());
    redirectHandler.setVirtualHosts(new String[] { "@unsecured" });
    // Establish all handlers that have a context
    ContextHandlerCollection contextHandlers = new ContextHandlerCollection();
    contextHandlers.setHandlers(new Handler[] { redirectHandler, rootContext, test1Context, test2Context });
    // Create server level handler tree
    HandlerList handlers = new HandlerList();
    handlers.addHandler(contextHandlers);
    // round things out
    handlers.addHandler(new DefaultHandler());
    server.setHandler(handlers);
    server.start();
    // calculate serverUri
    String host = httpConnector.getHost();
    if (host == null) {
        host = "localhost";
    }
    serverHttpUri = new URI(String.format("http://%s:%d/", host, httpConnector.getLocalPort()));
    serverHttpsUri = new URI(String.format("https://%s:%d/", host, httpsConnector.getLocalPort()));
    origVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
    origSsf = HttpsURLConnection.getDefaultSSLSocketFactory();
    HttpsURLConnection.setDefaultHostnameVerifier(new AllowAllVerifier());
    HttpsURLConnection.setDefaultSSLSocketFactory(sslContextFactory.getSslContext().getSocketFactory());
}