Search in sources :

Example 11 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project Openfire by igniterealtime.

the class AdminConsolePlugin method startup.

/**
     * Starts the Jetty instance.
     */
public void startup() {
    restartNeeded = false;
    // Add listener for certificate events
    certificateListener = new CertificateListener();
    CertificateManager.addListener(certificateListener);
    // the number of threads allocated to each connector/port
    int serverThreads = JiveGlobals.getXMLProperty("adminConsole.serverThreads", 2);
    adminPort = JiveGlobals.getXMLProperty("adminConsole.port", 9090);
    adminSecurePort = JiveGlobals.getXMLProperty("adminConsole.securePort", 9091);
    final QueuedThreadPool tp = new QueuedThreadPool();
    tp.setName("Jetty-QTP-AdminConsole");
    adminServer = new Server(tp);
    if (JMXManager.isEnabled()) {
        JMXManager jmx = JMXManager.getInstance();
        adminServer.addBean(jmx.getContainer());
    }
    // Create connector for http traffic if it's enabled.
    if (adminPort > 0) {
        final HttpConfiguration httpConfig = new HttpConfiguration();
        // Do not send Jetty info in HTTP headers
        httpConfig.setSendServerVersion(false);
        final ServerConnector httpConnector = new ServerConnector(adminServer, null, null, null, -1, serverThreads, new HttpConnectionFactory(httpConfig));
        // Listen on a specific network interface if it has been set.
        String bindInterface = getBindInterface();
        httpConnector.setHost(bindInterface);
        httpConnector.setPort(adminPort);
        adminServer.addConnector(httpConnector);
    }
    // Create a connector for https traffic if it's enabled.
    sslEnabled = false;
    try {
        IdentityStore identityStore = null;
        if (XMPPServer.getInstance().getCertificateStoreManager() == null) {
            Log.warn("Admin console: CertifcateStoreManager has not been initialized yet. HTTPS will be unavailable.");
        } else {
            identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore(ConnectionType.WEBADMIN);
        }
        if (identityStore != null && adminSecurePort > 0) {
            if (identityStore.getAllCertificates().isEmpty()) {
                Log.warn("Admin console: Identity store does not have any certificates. HTTPS will be unavailable.");
            } else {
                if (!identityStore.containsDomainCertificate("RSA")) {
                    Log.warn("Admin console: Using RSA certificates but they are not valid for the hosted domain");
                }
                final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());
                final ConnectionConfiguration configuration = connectionManager.getListener(ConnectionType.WEBADMIN, true).generateConnectionConfiguration();
                final SslContextFactory sslContextFactory = new EncryptionArtifactFactory(configuration).getSslContextFactory();
                final ServerConnector httpsConnector;
                if ("npn".equals(JiveGlobals.getXMLProperty("spdy.protocol", ""))) {
                    httpsConnector = new HTTPSPDYServerConnector(adminServer, sslContextFactory);
                } else {
                    final HttpConfiguration httpsConfig = new HttpConfiguration();
                    httpsConfig.setSendServerVersion(false);
                    httpsConfig.setSecureScheme("https");
                    httpsConfig.setSecurePort(adminSecurePort);
                    httpsConfig.addCustomizer(new SecureRequestCustomizer());
                    final HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpsConfig);
                    final SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, org.eclipse.jetty.http.HttpVersion.HTTP_1_1.toString());
                    httpsConnector = new ServerConnector(adminServer, null, null, null, -1, serverThreads, sslConnectionFactory, httpConnectionFactory);
                }
                final String bindInterface = getBindInterface();
                httpsConnector.setHost(bindInterface);
                httpsConnector.setPort(adminSecurePort);
                adminServer.addConnector(httpsConnector);
                sslEnabled = true;
            }
        }
    } catch (Exception e) {
        Log.error("An exception occurred while trying to make available the admin console via HTTPS.", e);
    }
    // Make sure that at least one connector was registered.
    if (adminServer.getConnectors() == null || adminServer.getConnectors().length == 0) {
        adminServer = null;
        // Log warning.
        log(LocaleUtils.getLocalizedString("admin.console.warning"));
        return;
    }
    HandlerCollection collection = new HandlerCollection();
    adminServer.setHandler(collection);
    collection.setHandlers(new Handler[] { contexts, new DefaultHandler() });
    try {
        adminServer.start();
        // Log the ports that the admin server is listening on.
        logAdminConsolePorts();
    } catch (Exception e) {
        Log.error("Could not start admin console server", e);
    }
}
Also used : JMXManager(org.jivesoftware.openfire.JMXManager) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) XMPPServer(org.jivesoftware.openfire.XMPPServer) Server(org.eclipse.jetty.server.Server) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) ConnectionManagerImpl(org.jivesoftware.openfire.spi.ConnectionManagerImpl) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) HTTPSPDYServerConnector(org.eclipse.jetty.spdy.server.http.HTTPSPDYServerConnector) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) DefaultHandler(org.eclipse.jetty.server.handler.DefaultHandler) HTTPSPDYServerConnector(org.eclipse.jetty.spdy.server.http.HTTPSPDYServerConnector) ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) ConnectionConfiguration(org.jivesoftware.openfire.spi.ConnectionConfiguration) QueuedThreadPool(org.eclipse.jetty.util.thread.QueuedThreadPool) EncryptionArtifactFactory(org.jivesoftware.openfire.spi.EncryptionArtifactFactory) ContextHandlerCollection(org.eclipse.jetty.server.handler.ContextHandlerCollection) HandlerCollection(org.eclipse.jetty.server.handler.HandlerCollection) IdentityStore(org.jivesoftware.openfire.keystore.IdentityStore)

Example 12 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project jersey by jersey.

the class JettyHttpContainerFactory method createServer.

/**
     * Create a {@link Server} that registers an {@link org.eclipse.jetty.server.Handler} that
     * in turn manages all root resource and provider classes found by searching the
     * classes referenced in the java classpath.
     *
     * @param uri               the URI to create the http server. The URI scheme must be
     *                          equal to {@code https}. The URI user information and host
     *                          are ignored. If the URI port is not present then port
     *                          {@value org.glassfish.jersey.server.spi.Container#DEFAULT_HTTPS_PORT} will be
     *                          used. The URI path, query and fragment components are ignored.
     * @param sslContextFactory this is the SSL context factory used to configure SSL connector
     * @param handler           the container that handles all HTTP requests
     * @param start             if set to false, server will not get started, this allows end users to set
     *                          additional properties on the underlying listener.
     * @return newly created {@link Server}.
     *
     * @throws ProcessingException      in case of any failure when creating a new Jetty {@code Server} instance.
     * @throws IllegalArgumentException if {@code uri} is {@code null}.
     * @see JettyHttpContainer
     */
public static Server createServer(final URI uri, final SslContextFactory sslContextFactory, final JettyHttpContainer handler, final boolean start) {
    if (uri == null) {
        throw new IllegalArgumentException(LocalizationMessages.URI_CANNOT_BE_NULL());
    }
    final String scheme = uri.getScheme();
    int defaultPort = Container.DEFAULT_HTTP_PORT;
    if (sslContextFactory == null) {
        if (!"http".equalsIgnoreCase(scheme)) {
            throw new IllegalArgumentException(LocalizationMessages.WRONG_SCHEME_WHEN_USING_HTTP());
        }
    } else {
        if (!"https".equalsIgnoreCase(scheme)) {
            throw new IllegalArgumentException(LocalizationMessages.WRONG_SCHEME_WHEN_USING_HTTPS());
        }
        defaultPort = Container.DEFAULT_HTTPS_PORT;
    }
    final int port = (uri.getPort() == -1) ? defaultPort : uri.getPort();
    final Server server = new Server(new JettyConnectorThreadPool());
    final HttpConfiguration config = new HttpConfiguration();
    if (sslContextFactory != null) {
        config.setSecureScheme("https");
        config.setSecurePort(port);
        config.addCustomizer(new SecureRequestCustomizer());
        final ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(config));
        https.setPort(port);
        server.setConnectors(new Connector[] { https });
    } else {
        final ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(config));
        http.setPort(port);
        server.setConnectors(new Connector[] { http });
    }
    if (handler != null) {
        server.setHandler(handler);
    }
    if (start) {
        try {
            // Start the server.
            server.start();
        } catch (final Exception e) {
            throw new ProcessingException(LocalizationMessages.ERROR_WHEN_CREATING_SERVER(), e);
        }
    }
    return server;
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) Server(org.eclipse.jetty.server.Server) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) ProcessingException(javax.ws.rs.ProcessingException) ProcessingException(javax.ws.rs.ProcessingException)

Example 13 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project killbill by killbill.

the class HttpServer method configureSslConnector.

private ServerConnector configureSslConnector(final HttpConfiguration httpConfiguration, final boolean isStatsOn, final int localSslPort, final String sslKeyStorePath, final String sslKeyStorePassword) {
    // SSL Context Factory for HTTPS
    final SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(sslKeyStorePath);
    sslContextFactory.setKeyStorePassword(sslKeyStorePassword);
    // HTTPS Configuration
    final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfiguration);
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    // HTTPS connector
    final ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    https.setPort(localSslPort);
    if (isStatsOn) {
        final ConnectorStatistics stats = new ConnectorStatistics();
        https.addBean(stats);
    }
    return https;
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) ConnectorStatistics(org.eclipse.jetty.server.ConnectorStatistics) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)

Example 14 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project ninja by ninjaframework.

the class NinjaJetty method doConfigure.

@Override
protected void doConfigure() throws Exception {
    // current value or system property or conf/application.conf or default value
    jettyConfiguration(overlayedNinjaProperties.get(KEY_NINJA_JETTY_CONFIGURATION, this.jettyConfiguration, DEFAULT_JETTY_CONFIGURATION));
    // build jetty server, context, and servlet
    if (this.jettyConfiguration != null) {
        String[] configs = this.jettyConfiguration.split(",");
        for (String config : configs) {
            jetty = buildServerOrApplyConfiguration(config, jetty);
        }
        // since we don't know host and port, try to get it from jetty
        tryToSetHostAndPortFromJetty();
    } else {
        // create very simple jetty configuration
        jetty = new Server();
        if (port > -1) {
            // build http cleartext connector
            ServerConnector http = new ServerConnector(jetty);
            http.setPort(port);
            http.setIdleTimeout(idleTimeout);
            if (host != null) {
                http.setHost(host);
            }
            jetty.addConnector(http);
        }
        if (sslPort > -1) {
            // build https secure connector
            // http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/ManyConnectors.java
            HttpConfiguration httpConfig = new HttpConfiguration();
            httpConfig.setSecureScheme("https");
            httpConfig.setSecurePort(sslPort);
            httpConfig.setOutputBufferSize(32768);
            HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
            httpsConfig.addCustomizer(new SecureRequestCustomizer());
            // unfortunately jetty seems to only work when we pass a keystore
            // and truststore (as opposed to our own prepared SSLContext)
            // call createSSLContext() to simply verify configuration is correct
            this.createSSLContext();
            SslContextFactory sslContextFactory = new SslContextFactory();
            sslContextFactory.setKeyStore(StandaloneHelper.loadKeyStore(this.sslKeystoreUri, this.sslKeystorePassword.toCharArray()));
            sslContextFactory.setKeyManagerPassword(this.sslKeystorePassword);
            sslContextFactory.setTrustStore(StandaloneHelper.loadKeyStore(this.sslTruststoreUri, this.sslTruststorePassword.toCharArray()));
            ServerConnector https = new ServerConnector(jetty, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
            https.setPort(sslPort);
            https.setIdleTimeout(idleTimeout);
            jetty.addConnector(https);
        }
    }
    this.ninjaServletListener.setNinjaProperties(ninjaProperties);
    this.contextHandler = new ServletContextHandler(jetty, getContextPath());
    this.contextHandler.addEventListener(ninjaServletListener);
    this.contextHandler.addFilter(GuiceFilter.class, "/*", null);
    this.contextHandler.addServlet(DefaultServlet.class, "/");
    // disable directory browsing
    this.contextHandler.setInitParameter("org.eclipse.jetty.servlet.Default.dirAllowed", "false");
    // Add an error handler that does not print stack traces in case
    // something happens that is not under control of Ninja
    this.contextHandler.setErrorHandler(new SilentErrorHandler());
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory) SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer) Server(org.eclipse.jetty.server.Server) HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory) HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) ServletContextHandler(org.eclipse.jetty.servlet.ServletContextHandler)

Example 15 with SslConnectionFactory

use of org.eclipse.jetty.server.SslConnectionFactory in project spring-boot by spring-projects.

the class JettyServletWebServerFactoryTests method sslEnabledProtocolsConfiguration.

@Test
public void sslEnabledProtocolsConfiguration() throws Exception {
    Ssl ssl = new Ssl();
    ssl.setKeyStore("src/test/resources/test.jks");
    ssl.setKeyStorePassword("secret");
    ssl.setKeyPassword("password");
    ssl.setCiphers(new String[] { "ALPHA", "BRAVO", "CHARLIE" });
    ssl.setEnabledProtocols(new String[] { "TLSv1.1" });
    JettyServletWebServerFactory factory = getFactory();
    factory.setSsl(ssl);
    this.webServer = factory.getWebServer();
    this.webServer.start();
    JettyWebServer jettyWebServer = (JettyWebServer) this.webServer;
    ServerConnector connector = (ServerConnector) jettyWebServer.getServer().getConnectors()[0];
    SslConnectionFactory connectionFactory = connector.getConnectionFactory(SslConnectionFactory.class);
    assertThat(connectionFactory.getSslContextFactory().getIncludeProtocols()).isEqualTo(new String[] { "TLSv1.1" });
}
Also used : ServerConnector(org.eclipse.jetty.server.ServerConnector) SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory) Ssl(org.springframework.boot.web.server.Ssl) Test(org.junit.Test)

Aggregations

SslConnectionFactory (org.eclipse.jetty.server.SslConnectionFactory)51 ServerConnector (org.eclipse.jetty.server.ServerConnector)48 HttpConnectionFactory (org.eclipse.jetty.server.HttpConnectionFactory)44 SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)41 HttpConfiguration (org.eclipse.jetty.server.HttpConfiguration)40 SecureRequestCustomizer (org.eclipse.jetty.server.SecureRequestCustomizer)37 Server (org.eclipse.jetty.server.Server)30 QueuedThreadPool (org.eclipse.jetty.util.thread.QueuedThreadPool)11 ServletContextHandler (org.eclipse.jetty.servlet.ServletContextHandler)8 File (java.io.File)7 ServletHolder (org.eclipse.jetty.servlet.ServletHolder)7 HTTP2ServerConnectionFactory (org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory)6 Test (org.junit.Test)6 ServletException (javax.servlet.ServletException)5 ALPNServerConnectionFactory (org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory)5 ConnectionFactory (org.eclipse.jetty.server.ConnectionFactory)5 DefaultHandler (org.eclipse.jetty.server.handler.DefaultHandler)5 FileNotFoundException (java.io.FileNotFoundException)4 IOException (java.io.IOException)4 URI (java.net.URI)4