Examples with SecureRequestCustomizer org.eclipse.jetty.server.SecureRequestCustomizer used on opensource projects

Example 81 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project incubator-atlas by apache.

the class SecureEmbeddedServer method getConnector.

protected Connector getConnector(int port) throws IOException {
    org.apache.commons.configuration.Configuration config = getConfiguration();
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(config.getString(KEYSTORE_FILE_KEY, System.getProperty(KEYSTORE_FILE_KEY, DEFAULT_KEYSTORE_FILE_LOCATION)));
    sslContextFactory.setKeyStorePassword(getPassword(config, KEYSTORE_PASSWORD_KEY));
    sslContextFactory.setKeyManagerPassword(getPassword(config, SERVER_CERT_PASSWORD_KEY));
    sslContextFactory.setTrustStorePath(config.getString(TRUSTSTORE_FILE_KEY, System.getProperty(TRUSTSTORE_FILE_KEY, DEFATULT_TRUSTORE_FILE_LOCATION)));
    sslContextFactory.setTrustStorePassword(getPassword(config, TRUSTSTORE_PASSWORD_KEY));
    sslContextFactory.setWantClientAuth(config.getBoolean(CLIENT_AUTH_KEY, Boolean.getBoolean(CLIENT_AUTH_KEY)));
    List<Object> cipherList = config.getList(ATLAS_SSL_EXCLUDE_CIPHER_SUITES, DEFAULT_CIPHER_SUITES);
    sslContextFactory.setExcludeCipherSuites(cipherList.toArray(new String[cipherList.size()]));
    sslContextFactory.setRenegotiationAllowed(false);
    String[] excludedProtocols = config.containsKey(ATLAS_SSL_EXCLUDE_PROTOCOLS) ? config.getStringArray(ATLAS_SSL_EXCLUDE_PROTOCOLS) : DEFAULT_EXCLUDE_PROTOCOLS;
    if (excludedProtocols != null && excludedProtocols.length > 0) {
        sslContextFactory.addExcludeProtocols(excludedProtocols);
    }
    // SSL HTTP Configuration
    // HTTP Configuration
    HttpConfiguration http_config = new HttpConfiguration();
    http_config.setSecureScheme("https");
    final int bufferSize = AtlasConfiguration.WEBSERVER_REQUEST_BUFFER_SIZE.getInt();
    http_config.setSecurePort(port);
    http_config.setRequestHeaderSize(bufferSize);
    http_config.setResponseHeaderSize(bufferSize);
    http_config.setSendServerVersion(true);
    http_config.setSendDateHeader(false);
    HttpConfiguration https_config = new HttpConfiguration(http_config);
    https_config.addCustomizer(new SecureRequestCustomizer());
    // SSL Connector
    ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https_config));
    sslConnector.setPort(port);
    server.addConnector(sslConnector);
    return sslConnector;
}

Example 82 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project druid by druid-io.

the class FriendlyServersTest method testFriendlySelfSignedHttpsServer.

@Test
public void testFriendlySelfSignedHttpsServer() throws Exception {
    final Lifecycle lifecycle = new Lifecycle();
    final String keyStorePath = getClass().getClassLoader().getResource("keystore.jks").getFile();
    Server server = new Server();
    HttpConfiguration https = new HttpConfiguration();
    https.addCustomizer(new SecureRequestCustomizer());
    SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
    sslContextFactory.setKeyStorePath(keyStorePath);
    sslContextFactory.setKeyStorePassword("abc123");
    sslContextFactory.setKeyManagerPassword("abc123");
    ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https));
    sslConnector.setPort(0);
    server.setConnectors(new Connector[] { sslConnector });
    server.start();
    try {
        final SSLContext mySsl = HttpClientInit.sslContextWithTrustedKeyStore(keyStorePath, "abc123");
        final HttpClientConfig trustingConfig = HttpClientConfig.builder().withSslContext(mySsl).build();
        final HttpClient trustingClient = HttpClientInit.createClient(trustingConfig, lifecycle);
        final HttpClientConfig skepticalConfig = HttpClientConfig.builder().withSslContext(SSLContext.getDefault()).build();
        final HttpClient skepticalClient = HttpClientInit.createClient(skepticalConfig, lifecycle);
        // Correct name ("localhost")
        {
            final HttpResponseStatus status = trustingClient.go(new Request(HttpMethod.GET, new URL(StringUtils.format("https://localhost:%d/", sslConnector.getLocalPort()))), StatusResponseHandler.getInstance()).get().getStatus();
            Assert.assertEquals(404, status.getCode());
        }
        // Incorrect name ("127.0.0.1")
        {
            final ListenableFuture<StatusResponseHolder> response1 = trustingClient.go(new Request(HttpMethod.GET, new URL(StringUtils.format("https://127.0.0.1:%d/", sslConnector.getLocalPort()))), StatusResponseHandler.getInstance());
            Throwable ea = null;
            try {
                response1.get();
            } catch (ExecutionException e) {
                ea = e.getCause();
            }
            Assert.assertTrue("ChannelException thrown by 'get'", ea instanceof ChannelException);
            Assert.assertTrue("Expected error message", ea.getCause().getMessage().contains("Failed to handshake"));
        }
        {
            // Untrusting client
            final ListenableFuture<StatusResponseHolder> response2 = skepticalClient.go(new Request(HttpMethod.GET, new URL(StringUtils.format("https://localhost:%d/", sslConnector.getLocalPort()))), StatusResponseHandler.getInstance());
            Throwable eb = null;
            try {
                response2.get();
            } catch (ExecutionException e) {
                eb = e.getCause();
            }
            Assert.assertNotNull("ChannelException thrown by 'get'", eb);
            Assert.assertTrue("Root cause is SSLHandshakeException", eb.getCause().getCause() instanceof SSLHandshakeException);
        }
    } finally {
        lifecycle.stop();
        server.stop();
    }
}

Example 83 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project SSM by Intel-bigdata.

the class SmartZeppelinServer method setupJettyServer.

private static Server setupJettyServer(ZeppelinConfiguration zconf) {
    final Server server = new Server();
    ServerConnector connector;
    if (zconf.useSsl()) {
        LOG.debug("Enabling SSL for Zeppelin Server on port " + zconf.getServerSslPort());
        HttpConfiguration httpConfig = new HttpConfiguration();
        httpConfig.setSecureScheme("https");
        httpConfig.setSecurePort(zconf.getServerSslPort());
        httpConfig.setOutputBufferSize(32768);
        httpConfig.setRequestHeaderSize(8192);
        httpConfig.setResponseHeaderSize(8192);
        httpConfig.setSendServerVersion(true);
        HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
        SecureRequestCustomizer src = new SecureRequestCustomizer();
        // Only with Jetty 9.3.x
        // src.setStsMaxAge(2000);
        // src.setStsIncludeSubDomains(true);
        httpsConfig.addCustomizer(src);
        connector = new ServerConnector(server, new SslConnectionFactory(getSslContextFactory(zconf), HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    } else {
        connector = new ServerConnector(server);
    }
    // Set some timeout options to make debugging easier.
    int timeout = 1000 * 30;
    connector.setIdleTimeout(timeout);
    connector.setSoLingerTime(-1);
    String webUrl = "";
    connector.setHost(zconf.getServerAddress());
    if (zconf.useSsl()) {
        connector.setPort(zconf.getServerSslPort());
        webUrl = "https://" + zconf.getServerAddress() + ":" + zconf.getServerSslPort();
    } else {
        connector.setPort(zconf.getServerPort());
        webUrl = "http://" + zconf.getServerAddress() + ":" + zconf.getServerPort();
    }
    LOG.info("Web address:" + webUrl);
    server.addConnector(connector);
    return server;
}

Example 84 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project symmetric-ds by JumpMind.

the class SymmetricWebServer method getConnectors.

protected Connector[] getConnectors(Server server, int port, int securePort, Mode mode) {
    ArrayList<Connector> connectors = new ArrayList<Connector>();
    String keyStoreFile = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE);
    String keyStoreType = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_TYPE, SecurityConstants.KEYSTORE_TYPE);
    HttpConfiguration httpConfig = new HttpConfiguration();
    if (mode.equals(Mode.HTTPS) || mode.equals(Mode.MIXED)) {
        httpConfig.setSecureScheme("https");
        httpConfig.setSecurePort(securePort);
    }
    httpConfig.setOutputBufferSize(32768);
    if (mode.equals(Mode.HTTP) || mode.equals(Mode.MIXED)) {
        ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
        http.setPort(port);
        http.setHost(host);
        http.setIdleTimeout(maxIdleTime);
        connectors.add(http);
        log.info(String.format("About to start %s web server on host:port %s:%s", name, host == null ? "default" : host, port));
    }
    if (mode.equals(Mode.HTTPS) || mode.equals(Mode.MIXED)) {
        ISecurityService securityService = SecurityServiceFactory.create(SecurityServiceType.SERVER, new TypedProperties(System.getProperties()));
        securityService.installDefaultSslCert(host);
        String keyStorePassword = System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_PASSWORD);
        keyStorePassword = (keyStorePassword != null) ? keyStorePassword : SecurityConstants.KEYSTORE_PASSWORD;
        SslContextFactory sslConnectorFactory = new SslContextFactory();
        sslConnectorFactory.setKeyStorePath(keyStoreFile);
        sslConnectorFactory.setKeyManagerPassword(keyStorePassword);
        /* Prevent POODLE attack */
        sslConnectorFactory.addExcludeProtocols("SSLv3");
        sslConnectorFactory.setCertAlias(System.getProperty(SecurityConstants.SYSPROP_KEYSTORE_CERT_ALIAS, SecurityConstants.ALIAS_SYM_PRIVATE_KEY));
        sslConnectorFactory.setKeyStoreType(keyStoreType);
        HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
        httpsConfig.addCustomizer(new SecureRequestCustomizer());
        ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslConnectorFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
        https.setPort(securePort);
        https.setIdleTimeout(maxIdleTime);
        https.setHost(host);
        connectors.add(https);
        log.info(String.format("About to start %s web server on secure host:port %s:%s", name, host == null ? "default" : host, securePort));
    }
    return connectors.toArray(new Connector[connectors.size()]);
}

Example 85 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project drill by apache.

the class WebServer method createHttpsConnector.

/**
 * Create an HTTPS connector for given jetty server instance. If the admin has
 * specified keystore/truststore settings they will be used else a self-signed
 * certificate is generated and used.
 *
 * @return Initialized {@link ServerConnector} for HTTPS connections.
 */
private ServerConnector createHttpsConnector(int port, int acceptors, int selectors) throws Exception {
    logger.info("Setting up HTTPS connector for web server");
    SslContextFactory sslContextFactory = new SslContextFactoryConfigurator(config, workManager.getContext().getEndpoint().getAddress()).configureNewSslContextFactory();
    final HttpConfiguration httpsConfig = baseHttpConfig();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    // SSL Connector
    final ServerConnector sslConnector = new ServerConnector(embeddedJetty, null, null, null, acceptors, selectors, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    sslConnector.setPort(port);
    return sslConnector;
}