Example 86 with SecureRequestCustomizer
use of org.eclipse.jetty.server.SecureRequestCustomizer in project drill by apache.
the class WebServer method createHttpsConnector.
/**
* Create an HTTPS connector for given jetty server instance. If the admin has
* specified keystore/truststore settings they will be used else a self-signed
* certificate is generated and used.
* <p>
* This is a shameless copy of
* org.apache.drill.exec.server.rest.WebServer#createHttpsConnector(int, int, int).
* The two should be merged at some point. The primary issue is that the Drill
* version is tightly coupled to Drillbit configuration.
*
* @return Initialized {@link ServerConnector} for HTTPS connections.
* @throws Exception when unable to create HTTPS connector
*/
private ServerConnector createHttpsConnector(Config config) throws Exception {
LOG.info("Setting up HTTPS connector for web server");
final SslContextFactory sslContextFactory = new SslContextFactory();
// if (config.hasPath(ExecConstants.HTTP_KEYSTORE_PATH) &&
// !Strings.isNullOrEmpty(config.getString(ExecConstants.HTTP_KEYSTORE_PATH)))
// {
// LOG.info("Using configured SSL settings for web server");
// sslContextFactory.setKeyStorePath(config.getString(ExecConstants.HTTP_KEYSTORE_PATH));
// sslContextFactory.setKeyStorePassword(config.getString(ExecConstants.HTTP_KEYSTORE_PASSWORD));
//
// // TrustStore and TrustStore password are optional
// if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PATH)) {
// sslContextFactory.setTrustStorePath(config.getString(ExecConstants.HTTP_TRUSTSTORE_PATH));
// if (config.hasPath(ExecConstants.HTTP_TRUSTSTORE_PASSWORD)) {
// sslContextFactory.setTrustStorePassword(config.getString(ExecConstants.HTTP_TRUSTSTORE_PASSWORD));
// }
// }
// } else {
LOG.info("Using generated self-signed SSL settings for web server");
final SecureRandom random = new SecureRandom();
// Generate a private-public key pair
final KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024, random);
final KeyPair keyPair = keyPairGenerator.generateKeyPair();
final DateTime now = DateTime.now();
// Create builder for certificate attributes
final X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.OU, "Apache Drill (auth-generated)").addRDN(BCStyle.O, "Apache Software Foundation (auto-generated)").addRDN(BCStyle.CN, "Drill AM");
final Date notBefore = now.minusMinutes(1).toDate();
final Date notAfter = now.plusYears(5).toDate();
final BigInteger serialNumber = new BigInteger(128, random);
// Create a certificate valid for 5years from now.
final X509v3CertificateBuilder certificateBuilder = new JcaX509v3CertificateBuilder(// attributes
nameBuilder.build(), serialNumber, notBefore, notAfter, nameBuilder.build(), keyPair.getPublic());
// Sign the certificate using the private key
final ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate());
final X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(certificateBuilder.build(contentSigner));
// Check the validity
certificate.checkValidity(now.toDate());
// Make sure the certificate is self-signed.
certificate.verify(certificate.getPublicKey());
// Generate a random password for keystore protection
final String keyStorePasswd = RandomStringUtils.random(20);
final KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null, null);
keyStore.setKeyEntry("DrillAutoGeneratedCert", keyPair.getPrivate(), keyStorePasswd.toCharArray(), new java.security.cert.Certificate[] { certificate });
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyStorePassword(keyStorePasswd);
// }
final HttpConfiguration httpsConfig = baseHttpConfig();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// SSL Connector
final ServerConnector sslConnector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
sslConnector.setPort(config.getInt(DrillOnYarnConfig.HTTP_PORT));
return sslConnector;
}
Also used :
KeyPair(java.security.KeyPair)
X500NameBuilder(org.bouncycastle.asn1.x500.X500NameBuilder)
SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer)
HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory)
JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder)
ContentSigner(org.bouncycastle.operator.ContentSigner)
SecureRandom(java.security.SecureRandom)
KeyPairGenerator(java.security.KeyPairGenerator)
HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
KeyStore(java.security.KeyStore)
DateTime(org.joda.time.DateTime)
Date(java.util.Date)
X509Certificate(java.security.cert.X509Certificate)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder)
JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)
JcaX509v3CertificateBuilder(org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder)
BigInteger(java.math.BigInteger)
Example 87 with SecureRequestCustomizer
use of org.eclipse.jetty.server.SecureRequestCustomizer in project XRTB by benmfaul.
the class AddShutdownHook method startSeparateAdminServer.
/**
* Start a different handler for control and reporting functions
*
* @throws Exception
* if SSL is specified but is not configured
*/
void startSeparateAdminServer() throws Exception {
SSL ssl = Configuration.getInstance().ssl;
QueuedThreadPool threadPool = new QueuedThreadPool(threads, 50);
Server server = new Server(threadPool);
ServerConnector connector;
if (Configuration.getInstance().adminPort == 0)
return;
logger.info("Admin functions are available on port: {}", Configuration.getInstance().adminPort);
if (!Configuration.getInstance().adminSSL) {
// adminPort
connector = new ServerConnector(server);
connector.setPort(Configuration.getInstance().adminPort);
connector.setIdleTimeout(60000);
server.setConnectors(new Connector[] { connector });
} else {
if (config.getInstance().ssl == null) {
throw new Exception("Admin port set to SSL but no SSL credentials are configured.");
}
logger.info("Admin functions are available by SSL only");
HttpConfiguration https = new HttpConfiguration();
https.addCustomizer(new SecureRequestCustomizer());
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(ssl.setKeyStorePath);
sslContextFactory.setKeyStorePassword(ssl.setKeyStorePassword);
sslContextFactory.setKeyManagerPassword(ssl.setKeyManagerPassword);
ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https));
sslConnector.setPort(Configuration.getInstance().adminPort);
server.setConnectors(new Connector[] { sslConnector });
}
adminHandler = new AdminHandler();
// org.eclipse.jetty.server.session.SessionHandler
SessionHandler sh = new SessionHandler();
sh.setHandler(adminHandler);
// set session handle
server.setHandler(sh);
server.start();
server.join();
}
Also used :
ServerConnector(org.eclipse.jetty.server.ServerConnector)
SessionHandler(org.eclipse.jetty.server.session.SessionHandler)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer)
Server(org.eclipse.jetty.server.Server)
HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory)
QueuedThreadPool(org.eclipse.jetty.util.thread.QueuedThreadPool)
HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
SSL(com.xrtb.common.SSL)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 88 with SecureRequestCustomizer
use of org.eclipse.jetty.server.SecureRequestCustomizer in project cayenne by apache.
the class Http2Server method main.
public static void main(String... args) throws Exception {
// Setting Protostuff properties
System.setProperty("protostuff.runtime.collection_schema_on_repeated_fields", "true");
System.setProperty("protostuff.runtime.morph_collection_interfaces", "true");
System.setProperty("protostuff.runtime.morph_map_interfaces", "true");
System.setProperty("protostuff.runtime.pojo_schema_on_collection_fields", "true");
System.setProperty("protostuff.runtime.pojo_schema_on_map_fields", "true");
Server server = new Server();
ServletContextHandler context = new ServletContextHandler(server, "/", ServletContextHandler.SESSIONS);
context.addServlet(new ServletHolder("cayenne-project", new Http2ROPServlet()), "/");
context.setSecurityHandler(basicAuth("cayenne-user", "secret", "Cayenne Realm"));
server.setHandler(context);
// HTTPS Configuration
HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.setSecureScheme("https");
httpsConfig.setSecurePort(8443);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// SSL Context Factory for HTTPS and HTTP/2
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStoreResource(newClassPathResource("keystore"));
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR);
// SSL Connection Factory
SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, "h2");
// HTTP/2 Connector
ServerConnector http2Connector = new ServerConnector(server, ssl, new HTTP2ServerConnectionFactory(httpsConfig));
http2Connector.setPort(8443);
server.addConnector(http2Connector);
server.start();
server.join();
}
Also used :
ServerConnector(org.eclipse.jetty.server.ServerConnector)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer)
Server(org.eclipse.jetty.server.Server)
ServletHolder(org.eclipse.jetty.servlet.ServletHolder)
HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration)
HTTP2ServerConnectionFactory(org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory)
ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
Example 89 with SecureRequestCustomizer
use of org.eclipse.jetty.server.SecureRequestCustomizer in project athenz by yahoo.
the class AthenzJettyContainer method addHTTPSConnector.
void addHTTPSConnector(HttpConfiguration httpConfig, int httpsPort, boolean proxyProtocol, String listenHost, int idleTimeout, boolean needClientAuth, JettyConnectionLogger connectionLogger) {
// SSL Context Factory
SslContextFactory.Server sslContextFactory = createSSLContextObject(needClientAuth);
// SSL HTTP Configuration
HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
httpsConfig.setSecureScheme("https");
httpsConfig.setSecurePort(httpsPort);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// SSL Connector
ServerConnector sslConnector;
if (proxyProtocol) {
sslConnector = new ServerConnector(server, new ProxyConnectionFactory(), new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
} else {
sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
}
sslConnector.setPort(httpsPort);
sslConnector.setIdleTimeout(idleTimeout);
if (listenHost != null) {
sslConnector.setHost(listenHost);
}
if (connectionLogger != null) {
sslConnector.addBean(connectionLogger);
}
server.addConnector(sslConnector);
// Reload the key-store if the file is changed
final int reloadSslContextSeconds = Integer.parseInt(System.getProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_RELOAD_SEC, "0"));
if ((reloadSslContextSeconds > 0) && (sslContextFactory.getKeyStorePath() != null)) {
try {
KeyStoreScanner keystoreScanner = new KeyStoreScanner(sslContextFactory);
keystoreScanner.setScanInterval(reloadSslContextSeconds);
server.addBean(keystoreScanner);
} catch (IllegalArgumentException exception) {
LOG.error("Keystore cant be automatically reloaded when \"{}\" is changed: {}", sslContextFactory.getKeyStorePath(), exception.getMessage());
throw exception;
}
}
}
Also used :
ServerConnector(org.eclipse.jetty.server.ServerConnector)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer)
HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory)
KeyStoreScanner(org.eclipse.jetty.util.ssl.KeyStoreScanner)
HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
ProxyConnectionFactory(org.eclipse.jetty.server.ProxyConnectionFactory)
Example 90 with SecureRequestCustomizer
use of org.eclipse.jetty.server.SecureRequestCustomizer in project parseq by linkedin.
the class TracevisHttpsServer method getConnectors.
@Override
protected Connector[] getConnectors(Server server) {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(_keyStorePath);
sslContextFactory.setKeyStorePassword(_keyStorePassword);
sslContextFactory.setTrustStorePath(_trustStorePath);
sslContextFactory.setTrustStorePassword(_trustStorePassword);
HttpConfiguration config = new HttpConfiguration();
config.setSecureScheme(HttpScheme.HTTPS.asString());
config.addCustomizer(new SecureRequestCustomizer());
ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(config));
sslConnector.setPort(_sslPort);
Connector[] httpConnectors = super.getConnectors(server);
Connector[] connectors = Arrays.copyOf(httpConnectors, httpConnectors.length + 1);
connectors[httpConnectors.length] = sslConnector;
return connectors;
}
Also used :
ServerConnector(org.eclipse.jetty.server.ServerConnector)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
Connector(org.eclipse.jetty.server.Connector)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer)
HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory)
HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
Aggregations
SecureRequestCustomizer (org.eclipse.jetty.server.SecureRequestCustomizer)91
HttpConfiguration (org.eclipse.jetty.server.HttpConfiguration)89
ServerConnector (org.eclipse.jetty.server.ServerConnector)87
HttpConnectionFactory (org.eclipse.jetty.server.HttpConnectionFactory)85
SslConnectionFactory (org.eclipse.jetty.server.SslConnectionFactory)82
SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)74
Server (org.eclipse.jetty.server.Server)50
ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)16
QueuedThreadPool (org.eclipse.jetty.util.thread.QueuedThreadPool)16
ServletHolder (org.eclipse.jetty.servlet.ServletHolder)13
File (java.io.File)12
IOException (java.io.IOException)12
MBeanContainer (org.eclipse.jetty.jmx.MBeanContainer)10
Connector (org.eclipse.jetty.server.Connector)10
WebAppContext (org.eclipse.jetty.webapp.WebAppContext)10
ServletException (javax.servlet.ServletException)9
HTTP2ServerConnectionFactory (org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory)8
ContextHandlerCollection (org.eclipse.jetty.server.handler.ContextHandlerCollection)8
DefaultHandler (org.eclipse.jetty.server.handler.DefaultHandler)8
HttpServletRequest (javax.servlet.http.HttpServletRequest)6
