use of org.eclipse.jetty.server.SecureRequestCustomizer in project nifi by apache.
the class WebSocketServerExample method setup.
@BeforeClass
public static void setup() throws Exception {
server = new Server(0);
final ContextHandlerCollection handlerCollection = new ContextHandlerCollection();
final ServletContextHandler contextHandler = new ServletContextHandler();
servletHandler = new ServletHandler();
contextHandler.insertHandler(servletHandler);
handlerCollection.setHandlers(new Handler[] { contextHandler });
server.setHandler(handlerCollection);
httpConnector = new ServerConnector(server);
httpConnector.setPort(50010);
final SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath("src/test/resources/certs/localhost-ks.jks");
sslContextFactory.setKeyStorePassword("localtest");
sslContextFactory.setKeyStoreType("JKS");
final HttpConfiguration https = new HttpConfiguration();
https.addCustomizer(new SecureRequestCustomizer());
sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https));
sslConnector.setPort(50011);
server.setConnectors(new Connector[] { httpConnector, sslConnector });
servletHolder = servletHandler.addServletWithMapping(WSServlet.class, "/test");
servletHolder = servletHandler.addServletWithMapping(ConnectionCheckServlet.class, "/check");
server.start();
logger.info("Starting server on port {} for HTTP, and {} for HTTPS", httpConnector.getLocalPort(), sslConnector.getLocalPort());
}
use of org.eclipse.jetty.server.SecureRequestCustomizer in project nifi by apache.
the class TlsCertificateAuthorityService method createServer.
private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception {
Server server = new Server();
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setIncludeProtocols("TLSv1.2");
sslContextFactory.setKeyStore(keyStore);
sslContextFactory.setKeyManagerPassword(keyPassword);
HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.addCustomizer(new SecureRequestCustomizer());
ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
sslConnector.setPort(port);
server.addConnector(sslConnector);
server.setHandler(handler);
return server;
}
use of org.eclipse.jetty.server.SecureRequestCustomizer in project nifi by apache.
the class NiFiTestServer method createSecureConnector.
private void createSecureConnector() {
org.eclipse.jetty.util.ssl.SslContextFactory contextFactory = new org.eclipse.jetty.util.ssl.SslContextFactory();
// require client auth when not supporting login or anonymous access
if (StringUtils.isBlank(properties.getProperty(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER))) {
contextFactory.setNeedClientAuth(true);
} else {
contextFactory.setWantClientAuth(true);
}
// keystore properties
if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE))) {
contextFactory.setKeyStorePath(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE));
}
if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE))) {
contextFactory.setKeyStoreType(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE));
}
final String keystorePassword = properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD);
final String keyPassword = properties.getProperty(NiFiProperties.SECURITY_KEY_PASSWD);
if (StringUtils.isNotBlank(keystorePassword)) {
// if no key password was provided, then assume the keystore password is the same as the key password.
final String defaultKeyPassword = (StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword;
contextFactory.setKeyManagerPassword(keystorePassword);
contextFactory.setKeyStorePassword(defaultKeyPassword);
} else if (StringUtils.isNotBlank(keyPassword)) {
// since no keystore password was provided, there will be no keystore integrity check
contextFactory.setKeyStorePassword(keyPassword);
}
// truststore properties
if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE))) {
contextFactory.setTrustStorePath(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE));
}
if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE))) {
contextFactory.setTrustStoreType(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE));
}
if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD))) {
contextFactory.setTrustStorePassword(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD));
}
// add some secure config
final HttpConfiguration httpsConfiguration = new HttpConfiguration();
httpsConfiguration.setSecureScheme("https");
httpsConfiguration.setSecurePort(0);
httpsConfiguration.addCustomizer(new SecureRequestCustomizer());
// build the connector
final ServerConnector https = new ServerConnector(jetty, new SslConnectionFactory(contextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfiguration));
// set host and port
https.setPort(0);
// add the connector
jetty.addConnector(https);
}
use of org.eclipse.jetty.server.SecureRequestCustomizer in project opennms by OpenNMS.
the class JUnitServer method initializeServerWithConfig.
protected void initializeServerWithConfig(final JUnitHttpServer config) {
Server server = null;
if (config.https()) {
server = new Server();
// SSL context configuration
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(config.keystore());
sslContextFactory.setKeyStorePassword(config.keystorePassword());
sslContextFactory.setKeyManagerPassword(config.keyPassword());
sslContextFactory.setTrustStorePath(config.keystore());
sslContextFactory.setTrustStorePassword(config.keystorePassword());
// HTTP Configuration
HttpConfiguration http_config = new HttpConfiguration();
http_config.setSecureScheme("https");
http_config.setSecurePort(config.port());
http_config.setOutputBufferSize(32768);
http_config.setRequestHeaderSize(8192);
http_config.setResponseHeaderSize(8192);
http_config.setSendServerVersion(true);
http_config.setSendDateHeader(false);
// SSL HTTP Configuration
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());
// SSL Connector
ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https_config));
sslConnector.setPort(config.port());
server.addConnector(sslConnector);
} else {
server = new Server(config.port());
}
m_server = server;
final ContextHandler context1 = new ContextHandler();
context1.setContextPath("/");
context1.setWelcomeFiles(new String[] { "index.html" });
context1.setResourceBase(config.resource());
context1.setClassLoader(Thread.currentThread().getContextClassLoader());
context1.setVirtualHosts(config.vhosts());
final ContextHandler context = context1;
Handler topLevelHandler = null;
final HandlerList handlers = new HandlerList();
if (config.basicAuth()) {
// check for basic auth if we're configured to do so
LOG.debug("configuring basic auth");
final HashLoginService loginService = new HashLoginService("MyRealm", config.basicAuthFile());
loginService.setHotReload(true);
m_server.addBean(loginService);
final ConstraintSecurityHandler security = new ConstraintSecurityHandler();
final Set<String> knownRoles = new HashSet<>();
knownRoles.add("user");
knownRoles.add("admin");
knownRoles.add("moderator");
final Constraint constraint = new Constraint();
constraint.setName("auth");
constraint.setAuthenticate(true);
constraint.setRoles(knownRoles.toArray(new String[0]));
final ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec("/*");
mapping.setConstraint(constraint);
security.setConstraintMappings(Collections.singletonList(mapping), knownRoles);
security.setAuthenticator(new BasicAuthenticator());
security.setLoginService(loginService);
security.setRealmName("MyRealm");
security.setHandler(context);
topLevelHandler = security;
} else {
topLevelHandler = context;
}
final Webapp[] webapps = config.webapps();
if (webapps != null) {
for (final Webapp webapp : webapps) {
final WebAppContext wac = new WebAppContext();
String path = null;
if (!"".equals(webapp.pathSystemProperty()) && System.getProperty(webapp.pathSystemProperty()) != null) {
path = System.getProperty(webapp.pathSystemProperty());
} else {
path = webapp.path();
}
if (path == null || "".equals(path)) {
throw new IllegalArgumentException("path or pathSystemProperty of @Webapp points to a null or blank value");
}
wac.setWar(path);
wac.setContextPath(webapp.context());
handlers.addHandler(wac);
}
}
final ResourceHandler rh = new ResourceHandler();
rh.setWelcomeFiles(new String[] { "index.html" });
rh.setResourceBase(config.resource());
handlers.addHandler(rh);
// fall through to default
handlers.addHandler(new DefaultHandler());
context.setHandler(handlers);
m_server.setHandler(topLevelHandler);
}
use of org.eclipse.jetty.server.SecureRequestCustomizer in project athenz by yahoo.
the class AthenzJettyContainer method addHTTPSConnector.
void addHTTPSConnector(HttpConfiguration httpConfig, int httpsPort, boolean proxyProtocol, String listenHost, int idleTimeout, boolean needClientAuth) {
// SSL Context Factory
SslContextFactory sslContextFactory = createSSLContextObject(needClientAuth);
// SSL HTTP Configuration
HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
httpsConfig.setSecureScheme("https");
httpsConfig.setSecurePort(httpsPort);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// SSL Connector
ServerConnector sslConnector = null;
if (proxyProtocol) {
sslConnector = new ServerConnector(server, new ProxyConnectionFactory(), new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
} else {
sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
}
sslConnector.setPort(httpsPort);
sslConnector.setIdleTimeout(idleTimeout);
server.addConnector(sslConnector);
}
Aggregations