use of org.eclipse.jetty.server.SslConnectionFactory in project Openfire by igniterealtime.
the class AdminConsolePlugin method startup.
/**
* Starts the Jetty instance.
*/
public void startup() {
restartNeeded = false;
// Add listener for certificate events
certificateListener = new CertificateListener();
CertificateManager.addListener(certificateListener);
// the number of threads allocated to each connector/port
int serverThreads = JiveGlobals.getXMLProperty("adminConsole.serverThreads", 2);
adminPort = JiveGlobals.getXMLProperty("adminConsole.port", 9090);
adminSecurePort = JiveGlobals.getXMLProperty("adminConsole.securePort", 9091);
final QueuedThreadPool tp = new QueuedThreadPool();
tp.setName("Jetty-QTP-AdminConsole");
adminServer = new Server(tp);
if (JMXManager.isEnabled()) {
JMXManager jmx = JMXManager.getInstance();
adminServer.addBean(jmx.getContainer());
}
// Create connector for http traffic if it's enabled.
if (adminPort > 0) {
final HttpConfiguration httpConfig = new HttpConfiguration();
// Do not send Jetty info in HTTP headers
httpConfig.setSendServerVersion(false);
final ServerConnector httpConnector = new ServerConnector(adminServer, null, null, null, -1, serverThreads, new HttpConnectionFactory(httpConfig));
// Listen on a specific network interface if it has been set.
String bindInterface = getBindInterface();
httpConnector.setHost(bindInterface);
httpConnector.setPort(adminPort);
adminServer.addConnector(httpConnector);
}
// Create a connector for https traffic if it's enabled.
sslEnabled = false;
try {
IdentityStore identityStore = null;
if (XMPPServer.getInstance().getCertificateStoreManager() == null) {
Log.warn("Admin console: CertifcateStoreManager has not been initialized yet. HTTPS will be unavailable.");
} else {
identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore(ConnectionType.WEBADMIN);
}
if (identityStore != null && adminSecurePort > 0) {
if (identityStore.getAllCertificates().isEmpty()) {
Log.warn("Admin console: Identity store does not have any certificates. HTTPS will be unavailable.");
} else {
if (!identityStore.containsDomainCertificate("RSA")) {
Log.warn("Admin console: Using RSA certificates but they are not valid for the hosted domain");
}
final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());
final ConnectionConfiguration configuration = connectionManager.getListener(ConnectionType.WEBADMIN, true).generateConnectionConfiguration();
final SslContextFactory sslContextFactory = new EncryptionArtifactFactory(configuration).getSslContextFactory();
final ServerConnector httpsConnector;
if ("npn".equals(JiveGlobals.getXMLProperty("spdy.protocol", ""))) {
httpsConnector = new HTTPSPDYServerConnector(adminServer, sslContextFactory);
} else {
final HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.setSendServerVersion(false);
httpsConfig.setSecureScheme("https");
httpsConfig.setSecurePort(adminSecurePort);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
final HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpsConfig);
final SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, org.eclipse.jetty.http.HttpVersion.HTTP_1_1.toString());
httpsConnector = new ServerConnector(adminServer, null, null, null, -1, serverThreads, sslConnectionFactory, httpConnectionFactory);
}
final String bindInterface = getBindInterface();
httpsConnector.setHost(bindInterface);
httpsConnector.setPort(adminSecurePort);
adminServer.addConnector(httpsConnector);
sslEnabled = true;
}
}
} catch (Exception e) {
Log.error("An exception occurred while trying to make available the admin console via HTTPS.", e);
}
// Make sure that at least one connector was registered.
if (adminServer.getConnectors() == null || adminServer.getConnectors().length == 0) {
adminServer = null;
// Log warning.
log(LocaleUtils.getLocalizedString("admin.console.warning"));
return;
}
HandlerCollection collection = new HandlerCollection();
adminServer.setHandler(collection);
collection.setHandlers(new Handler[] { contexts, new DefaultHandler() });
try {
adminServer.start();
// Log the ports that the admin server is listening on.
logAdminConsolePorts();
} catch (Exception e) {
Log.error("Could not start admin console server", e);
}
}
use of org.eclipse.jetty.server.SslConnectionFactory in project jersey by jersey.
the class JettyHttpContainerFactory method createServer.
/**
* Create a {@link Server} that registers an {@link org.eclipse.jetty.server.Handler} that
* in turn manages all root resource and provider classes found by searching the
* classes referenced in the java classpath.
*
* @param uri the URI to create the http server. The URI scheme must be
* equal to {@code https}. The URI user information and host
* are ignored. If the URI port is not present then port
* {@value org.glassfish.jersey.server.spi.Container#DEFAULT_HTTPS_PORT} will be
* used. The URI path, query and fragment components are ignored.
* @param sslContextFactory this is the SSL context factory used to configure SSL connector
* @param handler the container that handles all HTTP requests
* @param start if set to false, server will not get started, this allows end users to set
* additional properties on the underlying listener.
* @return newly created {@link Server}.
*
* @throws ProcessingException in case of any failure when creating a new Jetty {@code Server} instance.
* @throws IllegalArgumentException if {@code uri} is {@code null}.
* @see JettyHttpContainer
*/
public static Server createServer(final URI uri, final SslContextFactory sslContextFactory, final JettyHttpContainer handler, final boolean start) {
if (uri == null) {
throw new IllegalArgumentException(LocalizationMessages.URI_CANNOT_BE_NULL());
}
final String scheme = uri.getScheme();
int defaultPort = Container.DEFAULT_HTTP_PORT;
if (sslContextFactory == null) {
if (!"http".equalsIgnoreCase(scheme)) {
throw new IllegalArgumentException(LocalizationMessages.WRONG_SCHEME_WHEN_USING_HTTP());
}
} else {
if (!"https".equalsIgnoreCase(scheme)) {
throw new IllegalArgumentException(LocalizationMessages.WRONG_SCHEME_WHEN_USING_HTTPS());
}
defaultPort = Container.DEFAULT_HTTPS_PORT;
}
final int port = (uri.getPort() == -1) ? defaultPort : uri.getPort();
final Server server = new Server(new JettyConnectorThreadPool());
final HttpConfiguration config = new HttpConfiguration();
if (sslContextFactory != null) {
config.setSecureScheme("https");
config.setSecurePort(port);
config.addCustomizer(new SecureRequestCustomizer());
final ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(config));
https.setPort(port);
server.setConnectors(new Connector[] { https });
} else {
final ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(config));
http.setPort(port);
server.setConnectors(new Connector[] { http });
}
if (handler != null) {
server.setHandler(handler);
}
if (start) {
try {
// Start the server.
server.start();
} catch (final Exception e) {
throw new ProcessingException(LocalizationMessages.ERROR_WHEN_CREATING_SERVER(), e);
}
}
return server;
}
use of org.eclipse.jetty.server.SslConnectionFactory in project killbill by killbill.
the class HttpServer method configureSslConnector.
private ServerConnector configureSslConnector(final HttpConfiguration httpConfiguration, final boolean isStatsOn, final int localSslPort, final String sslKeyStorePath, final String sslKeyStorePassword) {
// SSL Context Factory for HTTPS
final SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(sslKeyStorePath);
sslContextFactory.setKeyStorePassword(sslKeyStorePassword);
// HTTPS Configuration
final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfiguration);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// HTTPS connector
final ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
https.setPort(localSslPort);
if (isStatsOn) {
final ConnectorStatistics stats = new ConnectorStatistics();
https.addBean(stats);
}
return https;
}
use of org.eclipse.jetty.server.SslConnectionFactory in project ninja by ninjaframework.
the class NinjaJetty method doConfigure.
@Override
protected void doConfigure() throws Exception {
// current value or system property or conf/application.conf or default value
jettyConfiguration(overlayedNinjaProperties.get(KEY_NINJA_JETTY_CONFIGURATION, this.jettyConfiguration, DEFAULT_JETTY_CONFIGURATION));
// build jetty server, context, and servlet
if (this.jettyConfiguration != null) {
String[] configs = this.jettyConfiguration.split(",");
for (String config : configs) {
jetty = buildServerOrApplyConfiguration(config, jetty);
}
// since we don't know host and port, try to get it from jetty
tryToSetHostAndPortFromJetty();
} else {
// create very simple jetty configuration
jetty = new Server();
if (port > -1) {
// build http cleartext connector
ServerConnector http = new ServerConnector(jetty);
http.setPort(port);
http.setIdleTimeout(idleTimeout);
if (host != null) {
http.setHost(host);
}
jetty.addConnector(http);
}
if (sslPort > -1) {
// build https secure connector
// http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/ManyConnectors.java
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSecureScheme("https");
httpConfig.setSecurePort(sslPort);
httpConfig.setOutputBufferSize(32768);
HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// unfortunately jetty seems to only work when we pass a keystore
// and truststore (as opposed to our own prepared SSLContext)
// call createSSLContext() to simply verify configuration is correct
this.createSSLContext();
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStore(StandaloneHelper.loadKeyStore(this.sslKeystoreUri, this.sslKeystorePassword.toCharArray()));
sslContextFactory.setKeyManagerPassword(this.sslKeystorePassword);
sslContextFactory.setTrustStore(StandaloneHelper.loadKeyStore(this.sslTruststoreUri, this.sslTruststorePassword.toCharArray()));
ServerConnector https = new ServerConnector(jetty, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
https.setPort(sslPort);
https.setIdleTimeout(idleTimeout);
jetty.addConnector(https);
}
}
this.ninjaServletListener.setNinjaProperties(ninjaProperties);
this.contextHandler = new ServletContextHandler(jetty, getContextPath());
this.contextHandler.addEventListener(ninjaServletListener);
this.contextHandler.addFilter(GuiceFilter.class, "/*", null);
this.contextHandler.addServlet(DefaultServlet.class, "/");
// disable directory browsing
this.contextHandler.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
// Add an error handler that does not print stack traces in case
// something happens that is not under control of Ninja
this.contextHandler.setErrorHandler(new SilentErrorHandler());
}
use of org.eclipse.jetty.server.SslConnectionFactory in project spring-boot by spring-projects.
the class JettyServletWebServerFactoryTests method sslEnabledProtocolsConfiguration.
@Test
public void sslEnabledProtocolsConfiguration() throws Exception {
Ssl ssl = new Ssl();
ssl.setKeyStore("src/test/resources/test.jks");
ssl.setKeyStorePassword("secret");
ssl.setKeyPassword("password");
ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" });
ssl.setEnabledProtocols(new String[] { "TLSv1.1" });
JettyServletWebServerFactory factory = getFactory();
factory.setSsl(ssl);
this.webServer = factory.getWebServer();
this.webServer.start();
JettyWebServer jettyWebServer = (JettyWebServer) this.webServer;
ServerConnector connector = (ServerConnector) jettyWebServer.getServer().getConnectors()[0];
SslConnectionFactory connectionFactory = connector.getConnectionFactory(SslConnectionFactory.class);
assertThat(connectionFactory.getSslContextFactory().getIncludeProtocols()).isEqualTo(new String[] { "TLSv1.1" });
}
Aggregations