Search in sources :

Example 11 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project nifi by apache.

the class WebSocketServerExample method setup.

@BeforeClass
public static void setup() throws Exception {
    server = new Server(0);
    final ContextHandlerCollection handlerCollection = new ContextHandlerCollection();
    final ServletContextHandler contextHandler = new ServletContextHandler();
    servletHandler = new ServletHandler();
    contextHandler.insertHandler(servletHandler);
    handlerCollection.setHandlers(new Handler[] { contextHandler });
    server.setHandler(handlerCollection);
    httpConnector = new ServerConnector(server);
    httpConnector.setPort(50010);
    final SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath("src/test/resources/certs/localhost-ks.jks");
    sslContextFactory.setKeyStorePassword("localtest");
    sslContextFactory.setKeyStoreType("JKS");
    final HttpConfiguration https = new HttpConfiguration();
    https.addCustomizer(new SecureRequestCustomizer());
    sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https));
    sslConnector.setPort(50011);
    server.setConnectors(new Connector[] { httpConnector, sslConnector });
    servletHolder = servletHandler.addServletWithMapping(WSServlet.class, "/test");
    servletHolder = servletHandler.addServletWithMapping(ConnectionCheckServlet.class, "/check");
    server.start();
    logger.info("Starting server on port {} for HTTP, and {} for HTTPS", httpConnector.getLocalPort(), sslConnector.getLocalPort());
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) ServletHandler(org.eclipse.jetty.servlet.ServletHandler) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) Server(org.eclipse.jetty.server.Server) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) ContextHandlerCollection(org.eclipse.jetty.server.handler.ContextHandlerCollection) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) BeforeClass(org.junit.BeforeClass)

Example 12 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project nifi by apache.

the class TlsCertificateAuthorityService method createServer.

private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception {
    Server server = new Server();
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setIncludeProtocols("TLSv1.2");
    sslContextFactory.setKeyStore(keyStore);
    sslContextFactory.setKeyManagerPassword(keyPassword);
    HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    sslConnector.setPort(port);
    server.addConnector(sslConnector);
    server.setHandler(handler);
    return server;
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) Server(org.eclipse.jetty.server.Server) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)

Example 13 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project nifi by apache.

the class NiFiTestServer method createSecureConnector.

private void createSecureConnector() {
    org.eclipse.jetty.util.ssl.SslContextFactory contextFactory = new org.eclipse.jetty.util.ssl.SslContextFactory();
    // require client auth when not supporting login or anonymous access
    if (StringUtils.isBlank(properties.getProperty(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER))) {
        contextFactory.setNeedClientAuth(true);
    } else {
        contextFactory.setWantClientAuth(true);
    }
    // keystore properties
    if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE))) {
        contextFactory.setKeyStorePath(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE));
    }
    if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE))) {
        contextFactory.setKeyStoreType(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE));
    }
    final String keystorePassword = properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD);
    final String keyPassword = properties.getProperty(NiFiProperties.SECURITY_KEY_PASSWD);
    if (StringUtils.isNotBlank(keystorePassword)) {
        // if no key password was provided, then assume the keystore password is the same as the key password.
        final String defaultKeyPassword = (StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword;
        contextFactory.setKeyManagerPassword(keystorePassword);
        contextFactory.setKeyStorePassword(defaultKeyPassword);
    } else if (StringUtils.isNotBlank(keyPassword)) {
        // since no keystore password was provided, there will be no keystore integrity check
        contextFactory.setKeyStorePassword(keyPassword);
    }
    // truststore properties
    if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE))) {
        contextFactory.setTrustStorePath(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE));
    }
    if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE))) {
        contextFactory.setTrustStoreType(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE));
    }
    if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD))) {
        contextFactory.setTrustStorePassword(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD));
    }
    // add some secure config
    final HttpConfiguration httpsConfiguration = new HttpConfiguration();
    httpsConfiguration.setSecureScheme("https");
    httpsConfiguration.setSecurePort(0);
    httpsConfiguration.addCustomizer(new SecureRequestCustomizer());
    // build the connector
    final ServerConnector https = new ServerConnector(jetty, new SslConnectionFactory(contextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfiguration));
    // set host and port
    https.setPort(0);
    // add the connector
    jetty.addConnector(https);
}
Also used : SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.apache.nifi.framework.security.util.SslContextFactory)

Example 14 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project opennms by OpenNMS.

the class JUnitServer method initializeServerWithConfig.

protected void initializeServerWithConfig(final JUnitHttpServer config) {
    Server server = null;
    if (config.https()) {
        server = new Server();
        // SSL context configuration
        SslContextFactory sslContextFactory = new SslContextFactory();
        sslContextFactory.setKeyStorePath(config.keystore());
        sslContextFactory.setKeyStorePassword(config.keystorePassword());
        sslContextFactory.setKeyManagerPassword(config.keyPassword());
        sslContextFactory.setTrustStorePath(config.keystore());
        sslContextFactory.setTrustStorePassword(config.keystorePassword());
        // HTTP Configuration
        HttpConfiguration http_config = new HttpConfiguration();
        http_config.setSecureScheme("https");
        http_config.setSecurePort(config.port());
        http_config.setOutputBufferSize(32768);
        http_config.setRequestHeaderSize(8192);
        http_config.setResponseHeaderSize(8192);
        http_config.setSendServerVersion(true);
        http_config.setSendDateHeader(false);
        // SSL HTTP Configuration
        HttpConfiguration https_config = new HttpConfiguration(http_config);
        https_config.addCustomizer(new SecureRequestCustomizer());
        // SSL Connector
        ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https_config));
        sslConnector.setPort(config.port());
        server.addConnector(sslConnector);
    } else {
        server = new Server(config.port());
    }
    m_server = server;
    final ContextHandler context1 = new ContextHandler();
    context1.setContextPath("/");
    context1.setWelcomeFiles(new String[] { "index.html" });
    context1.setResourceBase(config.resource());
    context1.setClassLoader(Thread.currentThread().getContextClassLoader());
    context1.setVirtualHosts(config.vhosts());
    final ContextHandler context = context1;
    Handler topLevelHandler = null;
    final HandlerList handlers = new HandlerList();
    if (config.basicAuth()) {
        // check for basic auth if we're configured to do so
        LOG.debug("configuring basic auth");
        final HashLoginService loginService = new HashLoginService("MyRealm", config.basicAuthFile());
        loginService.setHotReload(true);
        m_server.addBean(loginService);
        final ConstraintSecurityHandler security = new ConstraintSecurityHandler();
        final Set<String> knownRoles = new HashSet<>();
        knownRoles.add("user");
        knownRoles.add("admin");
        knownRoles.add("moderator");
        final Constraint constraint = new Constraint();
        constraint.setName("auth");
        constraint.setAuthenticate(true);
        constraint.setRoles(knownRoles.toArray(new String[0]));
        final ConstraintMapping mapping = new ConstraintMapping();
        mapping.setPathSpec("/*");
        mapping.setConstraint(constraint);
        security.setConstraintMappings(Collections.singletonList(mapping), knownRoles);
        security.setAuthenticator(new BasicAuthenticator());
        security.setLoginService(loginService);
        security.setRealmName("MyRealm");
        security.setHandler(context);
        topLevelHandler = security;
    } else {
        topLevelHandler = context;
    }
    final Webapp[] webapps = config.webapps();
    if (webapps != null) {
        for (final Webapp webapp : webapps) {
            final WebAppContext wac = new WebAppContext();
            String path = null;
            if (!"".equals(webapp.pathSystemProperty()) && System.getProperty(webapp.pathSystemProperty()) != null) {
                path = System.getProperty(webapp.pathSystemProperty());
            } else {
                path = webapp.path();
            }
            if (path == null || "".equals(path)) {
                throw new IllegalArgumentException("path or pathSystemProperty of @Webapp points to a null or blank value");
            }
            wac.setWar(path);
            wac.setContextPath(webapp.context());
            handlers.addHandler(wac);
        }
    }
    final ResourceHandler rh = new ResourceHandler();
    rh.setWelcomeFiles(new String[] { "index.html" });
    rh.setResourceBase(config.resource());
    handlers.addHandler(rh);
    // fall through to default
    handlers.addHandler(new DefaultHandler());
    context.setHandler(handlers);
    m_server.setHandler(topLevelHandler);
}
Also used : HandlerList(org.eclipse.jetty.server.handler.HandlerList) ConstraintMapping(org.eclipse.jetty.security.ConstraintMapping) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) JUnitHttpServer(org.opennms.core.test.http.annotations.JUnitHttpServer) Server(org.eclipse.jetty.server.Server) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) Constraint(org.eclipse.jetty.util.security.Constraint) Handler(org.eclipse.jetty.server.Handler) ResourceHandler(org.eclipse.jetty.server.handler.ResourceHandler) DefaultHandler(org.eclipse.jetty.server.handler.DefaultHandler) ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler) ContextHandler(org.eclipse.jetty.server.handler.ContextHandler) ResourceHandler(org.eclipse.jetty.server.handler.ResourceHandler) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) DefaultHandler(org.eclipse.jetty.server.handler.DefaultHandler) ServerConnector(org.eclipse.jetty.server.ServerConnector) ContextHandler(org.eclipse.jetty.server.handler.ContextHandler) WebAppContext(org.eclipse.jetty.webapp.WebAppContext) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) HashLoginService(org.eclipse.jetty.security.HashLoginService) BasicAuthenticator(org.eclipse.jetty.security.authentication.BasicAuthenticator) ConstraintSecurityHandler(org.eclipse.jetty.security.ConstraintSecurityHandler) HashSet(java.util.HashSet) Webapp(org.opennms.core.test.http.annotations.Webapp)

Example 15 with SecureRequestCustomizer

use of org.eclipse.jetty.server.SecureRequestCustomizer in project athenz by yahoo.

the class AthenzJettyContainer method addHTTPSConnector.

void addHTTPSConnector(HttpConfiguration httpConfig, int httpsPort, boolean proxyProtocol, String listenHost, int idleTimeout, boolean needClientAuth) {
    // SSL Context Factory
    SslContextFactory sslContextFactory = createSSLContextObject(needClientAuth);
    // SSL HTTP Configuration
    HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
    httpsConfig.setSecureScheme("https");
    httpsConfig.setSecurePort(httpsPort);
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    // SSL Connector
    ServerConnector sslConnector = null;
    if (proxyProtocol) {
        sslConnector = new ServerConnector(server, new ProxyConnectionFactory(), new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    } else {
        sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    }
    sslConnector.setPort(httpsPort);
    sslConnector.setIdleTimeout(idleTimeout);
    server.addConnector(sslConnector);
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) ProxyConnectionFactory(org.eclipse.jetty.server.ProxyConnectionFactory)

Aggregations

SecureRequestCustomizer (org.eclipse.jetty.server.SecureRequestCustomizer)91 HttpConfiguration (org.eclipse.jetty.server.HttpConfiguration)89 ServerConnector (org.eclipse.jetty.server.ServerConnector)87 HttpConnectionFactory (org.eclipse.jetty.server.HttpConnectionFactory)85 SslConnectionFactory (org.eclipse.jetty.server.SslConnectionFactory)82 SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)74 Server (org.eclipse.jetty.server.Server)50 ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)16 QueuedThreadPool (org.eclipse.jetty.util.thread.QueuedThreadPool)16 ServletHolder (org.eclipse.jetty.servlet.ServletHolder)13 File (java.io.File)12 IOException (java.io.IOException)12 MBeanContainer (org.eclipse.jetty.jmx.MBeanContainer)10 Connector (org.eclipse.jetty.server.Connector)10 WebAppContext (org.eclipse.jetty.webapp.WebAppContext)10 ServletException (javax.servlet.ServletException)9 HTTP2ServerConnectionFactory (org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory)8 ContextHandlerCollection (org.eclipse.jetty.server.handler.ContextHandlerCollection)8 DefaultHandler (org.eclipse.jetty.server.handler.DefaultHandler)8 HttpServletRequest (javax.servlet.http.HttpServletRequest)6