Example 1 with ConnectionConfiguration
use of org.jivesoftware.openfire.spi.ConnectionConfiguration in project Openfire by igniterealtime.
the class AdminConsolePlugin method startup.
/**
* Starts the Jetty instance.
*/
public void startup() {
restartNeeded = false;
// Add listener for certificate events
certificateListener = new CertificateListener();
CertificateManager.addListener(certificateListener);
// the number of threads allocated to each connector/port
int serverThreads = JiveGlobals.getXMLProperty("adminConsole.serverThreads", 2);
adminPort = JiveGlobals.getXMLProperty("adminConsole.port", 9090);
adminSecurePort = JiveGlobals.getXMLProperty("adminConsole.securePort", 9091);
final QueuedThreadPool tp = new QueuedThreadPool();
tp.setName("Jetty-QTP-AdminConsole");
adminServer = new Server(tp);
if (JMXManager.isEnabled()) {
JMXManager jmx = JMXManager.getInstance();
adminServer.addBean(jmx.getContainer());
}
// Create connector for http traffic if it's enabled.
if (adminPort > 0) {
final HttpConfiguration httpConfig = new HttpConfiguration();
// Do not send Jetty info in HTTP headers
httpConfig.setSendServerVersion(false);
final ServerConnector httpConnector = new ServerConnector(adminServer, null, null, null, -1, serverThreads, new HttpConnectionFactory(httpConfig));
// Listen on a specific network interface if it has been set.
String bindInterface = getBindInterface();
httpConnector.setHost(bindInterface);
httpConnector.setPort(adminPort);
adminServer.addConnector(httpConnector);
}
// Create a connector for https traffic if it's enabled.
sslEnabled = false;
try {
IdentityStore identityStore = null;
if (XMPPServer.getInstance().getCertificateStoreManager() == null) {
Log.warn("Admin console: CertifcateStoreManager has not been initialized yet. HTTPS will be unavailable.");
} else {
identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore(ConnectionType.WEBADMIN);
}
if (identityStore != null && adminSecurePort > 0) {
if (identityStore.getAllCertificates().isEmpty()) {
Log.warn("Admin console: Identity store does not have any certificates. HTTPS will be unavailable.");
} else {
if (!identityStore.containsDomainCertificate("RSA")) {
Log.warn("Admin console: Using RSA certificates but they are not valid for the hosted domain");
}
final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());
final ConnectionConfiguration configuration = connectionManager.getListener(ConnectionType.WEBADMIN, true).generateConnectionConfiguration();
final SslContextFactory sslContextFactory = new EncryptionArtifactFactory(configuration).getSslContextFactory();
final ServerConnector httpsConnector;
if ("npn".equals(JiveGlobals.getXMLProperty("spdy.protocol", ""))) {
httpsConnector = new HTTPSPDYServerConnector(adminServer, sslContextFactory);
} else {
final HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.setSendServerVersion(false);
httpsConfig.setSecureScheme("https");
httpsConfig.setSecurePort(adminSecurePort);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
final HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpsConfig);
final SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, org.eclipse.jetty.http.HttpVersion.HTTP_1_1.toString());
httpsConnector = new ServerConnector(adminServer, null, null, null, -1, serverThreads, sslConnectionFactory, httpConnectionFactory);
}
final String bindInterface = getBindInterface();
httpsConnector.setHost(bindInterface);
httpsConnector.setPort(adminSecurePort);
adminServer.addConnector(httpsConnector);
sslEnabled = true;
}
}
} catch (Exception e) {
Log.error("An exception occurred while trying to make available the admin console via HTTPS.", e);
}
// Make sure that at least one connector was registered.
if (adminServer.getConnectors() == null || adminServer.getConnectors().length == 0) {
adminServer = null;
// Log warning.
log(LocaleUtils.getLocalizedString("admin.console.warning"));
return;
}
HandlerCollection collection = new HandlerCollection();
adminServer.setHandler(collection);
collection.setHandlers(new Handler[] { contexts, new DefaultHandler() });
try {
adminServer.start();
// Log the ports that the admin server is listening on.
logAdminConsolePorts();
} catch (Exception e) {
Log.error("Could not start admin console server", e);
}
}
Also used :
JMXManager(org.jivesoftware.openfire.JMXManager)
SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer)
XMPPServer(org.jivesoftware.openfire.XMPPServer)
Server(org.eclipse.jetty.server.Server)
HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory)
ConnectionManagerImpl(org.jivesoftware.openfire.spi.ConnectionManagerImpl)
HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration)
HTTPSPDYServerConnector(org.eclipse.jetty.spdy.server.http.HTTPSPDYServerConnector)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
DefaultHandler(org.eclipse.jetty.server.handler.DefaultHandler)
HTTPSPDYServerConnector(org.eclipse.jetty.spdy.server.http.HTTPSPDYServerConnector)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
ConnectionConfiguration(org.jivesoftware.openfire.spi.ConnectionConfiguration)
QueuedThreadPool(org.eclipse.jetty.util.thread.QueuedThreadPool)
EncryptionArtifactFactory(org.jivesoftware.openfire.spi.EncryptionArtifactFactory)
ContextHandlerCollection(org.eclipse.jetty.server.handler.ContextHandlerCollection)
HandlerCollection(org.eclipse.jetty.server.handler.HandlerCollection)
IdentityStore(org.jivesoftware.openfire.keystore.IdentityStore)
Example 2 with ConnectionConfiguration
use of org.jivesoftware.openfire.spi.ConnectionConfiguration in project Openfire by igniterealtime.
the class HttpBindManager method isHttpCompressionEnabled.
// NOTE: enabled by default
private boolean isHttpCompressionEnabled() {
final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());
final ConnectionConfiguration configuration = connectionManager.getListener(ConnectionType.BOSH_C2S, true).generateConnectionConfiguration();
return configuration.getCompressionPolicy() == null || configuration.getCompressionPolicy().equals(Connection.CompressionPolicy.optional);
}
Also used :
ConnectionManagerImpl(org.jivesoftware.openfire.spi.ConnectionManagerImpl)
ConnectionConfiguration(org.jivesoftware.openfire.spi.ConnectionConfiguration)
Example 3 with ConnectionConfiguration
use of org.jivesoftware.openfire.spi.ConnectionConfiguration in project Openfire by igniterealtime.
the class HttpBindManager method createSSLConnector.
private void createSSLConnector(int securePort) {
httpsConnector = null;
try {
final IdentityStore identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore(ConnectionType.BOSH_C2S);
if (securePort > 0 && identityStore.getStore().aliases().hasMoreElements()) {
if (!identityStore.containsDomainCertificate("RSA")) {
Log.warn("HTTP binding: Using RSA certificates but they are not valid for " + "the hosted domain");
}
final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());
final ConnectionConfiguration configuration = connectionManager.getListener(ConnectionType.BOSH_C2S, true).generateConnectionConfiguration();
final SslContextFactory sslContextFactory = new EncryptionArtifactFactory(configuration).getSslContextFactory();
final HttpConfiguration httpsConfig = new HttpConfiguration();
httpsConfig.setSecureScheme("https");
httpsConfig.setSecurePort(securePort);
configureProxiedConnector(httpsConfig);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
final ServerConnector sslConnector;
if ("npn".equals(JiveGlobals.getXMLProperty("spdy.protocol", ""))) {
sslConnector = new HTTPSPDYServerConnector(httpBindServer, sslContextFactory);
} else {
sslConnector = new ServerConnector(httpBindServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig));
}
sslConnector.setHost(getBindInterface());
sslConnector.setPort(securePort);
httpsConnector = sslConnector;
}
} catch (Exception e) {
Log.error("Error creating SSL connector for Http bind", e);
}
}
Also used :
HTTPSPDYServerConnector(org.eclipse.jetty.spdy.server.http.HTTPSPDYServerConnector)
ServerConnector(org.eclipse.jetty.server.ServerConnector)
SslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory)
SecureRequestCustomizer(org.eclipse.jetty.server.SecureRequestCustomizer)
ConnectionManagerImpl(org.jivesoftware.openfire.spi.ConnectionManagerImpl)
ConnectionConfiguration(org.jivesoftware.openfire.spi.ConnectionConfiguration)
HttpConnectionFactory(org.eclipse.jetty.server.HttpConnectionFactory)
EncryptionArtifactFactory(org.jivesoftware.openfire.spi.EncryptionArtifactFactory)
HttpConfiguration(org.eclipse.jetty.server.HttpConfiguration)
HTTPSPDYServerConnector(org.eclipse.jetty.spdy.server.http.HTTPSPDYServerConnector)
SslConnectionFactory(org.eclipse.jetty.server.SslConnectionFactory)
IdentityStore(org.jivesoftware.openfire.keystore.IdentityStore)
ServletException(javax.servlet.ServletException)
Example 4 with ConnectionConfiguration
use of org.jivesoftware.openfire.spi.ConnectionConfiguration in project Openfire by igniterealtime.
the class LocalClientSession method createSession.
/**
* Returns a newly created session between the server and a client. The session will
* be created and returned only if correct name/prefix (i.e. 'stream' or 'flash')
* and namespace were provided by the client.
*
* @param serverName the name of the server where the session is connecting to.
* @param xpp the parser that is reading the provided XML through the connection.
* @param connection the connection with the client.
* @return a newly created session between the server and a client.
* @throws org.xmlpull.v1.XmlPullParserException if an error occurs while parsing incoming data.
*/
public static LocalClientSession createSession(String serverName, XmlPullParser xpp, Connection connection) throws XmlPullParserException {
boolean isFlashClient = xpp.getPrefix().equals("flash");
connection.setFlashClient(isFlashClient);
// in the 'etherx' namespace
if (!xpp.getName().equals("stream") && !isFlashClient) {
throw new XmlPullParserException(LocaleUtils.getLocalizedString("admin.error.bad-stream"));
}
if (!xpp.getNamespace(xpp.getPrefix()).equals(ETHERX_NAMESPACE) && !(isFlashClient && xpp.getNamespace(xpp.getPrefix()).equals(FLASH_NAMESPACE))) {
throw new XmlPullParserException(LocaleUtils.getLocalizedString("admin.error.bad-namespace"));
}
if (!isAllowed(connection)) {
// Client cannot connect from this IP address so end the stream and TCP connection.
String hostAddress = "Unknown";
try {
hostAddress = connection.getHostAddress();
} catch (UnknownHostException e) {
// Do nothing
}
Log.debug("LocalClientSession: Closed connection to client attempting to connect from: " + hostAddress);
// Include the not-authorized error in the response
StreamError error = new StreamError(StreamError.Condition.not_authorized);
connection.deliverRawText(error.toXML());
// Close the underlying connection
connection.close();
return null;
}
// Default language is English ("en").
Locale language = Locale.forLanguageTag("en");
// Default to a version of "0.0". Clients written before the XMPP 1.0 spec may
// not report a version in which case "0.0" should be assumed (per rfc3920
// section 4.4.1).
int majorVersion = 0;
int minorVersion = 0;
for (int i = 0; i < xpp.getAttributeCount(); i++) {
if ("lang".equals(xpp.getAttributeName(i))) {
language = Locale.forLanguageTag(xpp.getAttributeValue(i));
}
if ("version".equals(xpp.getAttributeName(i))) {
try {
int[] version = decodeVersion(xpp.getAttributeValue(i));
majorVersion = version[0];
minorVersion = version[1];
} catch (Exception e) {
Log.error(e.getMessage(), e);
}
}
}
// set the version to the highest one the server supports.
if (majorVersion > MAJOR_VERSION) {
majorVersion = MAJOR_VERSION;
minorVersion = MINOR_VERSION;
} else if (majorVersion == MAJOR_VERSION) {
// supports.
if (minorVersion > MINOR_VERSION) {
minorVersion = MINOR_VERSION;
}
}
connection.setXMPPVersion(majorVersion, minorVersion);
final ConnectionConfiguration connectionConfiguration = connection.getConfiguration();
// Indicate the TLS policy to use for this connection
if (!connection.isSecure()) {
boolean hasCertificates = false;
try {
hasCertificates = connectionConfiguration.getIdentityStore().getAllCertificates().size() > 0;
} catch (Exception e) {
Log.error(e.getMessage(), e);
}
Connection.TLSPolicy tlsPolicy = connectionConfiguration.getTlsPolicy();
if (Connection.TLSPolicy.required == tlsPolicy && !hasCertificates) {
Log.error("Client session rejected. TLS is required but no certificates " + "were created.");
return null;
}
// Set default TLS policy
connection.setTlsPolicy(hasCertificates ? tlsPolicy : Connection.TLSPolicy.disabled);
} else {
// Set default TLS policy
connection.setTlsPolicy(Connection.TLSPolicy.disabled);
}
// Indicate the compression policy to use for this connection
connection.setCompressionPolicy(connectionConfiguration.getCompressionPolicy());
// Create a ClientSession for this user.
LocalClientSession session = SessionManager.getInstance().createClientSession(connection, language);
// Build the start packet response
StringBuilder sb = new StringBuilder(200);
sb.append("<?xml version='1.0' encoding='");
sb.append(CHARSET);
sb.append("'?>");
if (isFlashClient) {
sb.append("<flash:stream xmlns:flash=\"http://www.jabber.com/streams/flash\" ");
} else {
sb.append("<stream:stream ");
}
sb.append("xmlns:stream=\"http://etherx.jabber.org/streams\" xmlns=\"jabber:client\" from=\"");
sb.append(serverName);
sb.append("\" id=\"");
sb.append(session.getStreamID().toString());
sb.append("\" xml:lang=\"");
sb.append(language.toLanguageTag());
// Don't include version info if the version is 0.0.
if (majorVersion != 0) {
sb.append("\" version=\"");
sb.append(majorVersion).append('.').append(minorVersion);
}
sb.append("\">");
connection.deliverRawText(sb.toString());
// return to allow normal packet parsing.
if (majorVersion == 0) {
return session;
}
// Otherwise, this is at least XMPP 1.0 so we need to announce stream features.
sb = new StringBuilder(490);
sb.append("<stream:features>");
if (connection.getTlsPolicy() != Connection.TLSPolicy.disabled) {
sb.append("<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\">");
if (connection.getTlsPolicy() == Connection.TLSPolicy.required) {
sb.append("<required/>");
}
sb.append("</starttls>");
}
// Include available SASL Mechanisms
sb.append(SASLAuthentication.getSASLMechanisms(session));
// Include Stream features
String specificFeatures = session.getAvailableStreamFeatures();
if (specificFeatures != null) {
sb.append(specificFeatures);
}
sb.append("</stream:features>");
connection.deliverRawText(sb.toString());
return session;
}
Also used :
UnknownHostException(java.net.UnknownHostException)
Connection(org.jivesoftware.openfire.Connection)
UnauthorizedException(org.jivesoftware.openfire.auth.UnauthorizedException)
UnknownHostException(java.net.UnknownHostException)
UserNotFoundException(org.jivesoftware.openfire.user.UserNotFoundException)
XmlPullParserException(org.xmlpull.v1.XmlPullParserException)
StreamError(org.xmpp.packet.StreamError)
ConnectionConfiguration(org.jivesoftware.openfire.spi.ConnectionConfiguration)
XmlPullParserException(org.xmlpull.v1.XmlPullParserException)
Example 5 with ConnectionConfiguration
use of org.jivesoftware.openfire.spi.ConnectionConfiguration in project Openfire by igniterealtime.
the class LocalConnectionMultiplexerSession method sendClientOptions.
/**
* Send to the Connection Manager the connection options available for clients. The info
* to send includes:
* <ul>
* <li>if TLS is available, optional or required
* <li>SASL mechanisms available before TLS is negotiated
* <li>if compression is available
* <li>if Non-SASL authentication is available
* <li>if In-Band Registration is available
* </ul
*/
private void sendClientOptions() {
final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());
final ConnectionConfiguration configuration = connectionManager.getListener(ConnectionType.SOCKET_C2S, false).generateConnectionConfiguration();
IQ options = new IQ(IQ.Type.set);
Element child = options.setChildElement("configuration", "http://jabber.org/protocol/connectionmanager");
// Add info about TLS
if (configuration.getTlsPolicy() != Connection.TLSPolicy.disabled) {
Element tls = child.addElement("starttls", "urn:ietf:params:xml:ns:xmpp-tls");
if (configuration.getTlsPolicy() == Connection.TLSPolicy.required) {
tls.addElement("required");
}
}
// Add info about SASL mechanisms
Collection<String> mechanisms = SASLAuthentication.getSupportedMechanisms();
if (!mechanisms.isEmpty()) {
Element sasl = child.addElement("mechanisms", "urn:ietf:params:xml:ns:xmpp-sasl");
for (String mechanism : mechanisms) {
sasl.addElement("mechanism").setText(mechanism);
}
}
// Add info about Stream Compression
if (configuration.getCompressionPolicy() == Connection.CompressionPolicy.optional) {
Element comp = child.addElement("compression", "http://jabber.org/features/compress");
comp.addElement("method").setText("zlib");
}
// Add info about Non-SASL authentication
if (XMPPServer.getInstance().getIQRouter().supports("jabber:iq:auth")) {
child.addElement("auth", "http://jabber.org/features/iq-auth");
}
// Add info about In-Band Registration
if (XMPPServer.getInstance().getIQRegisterHandler().isInbandRegEnabled()) {
child.addElement("register", "http://jabber.org/features/iq-register");
}
// Send the options
process(options);
}
Also used :
ConnectionManagerImpl(org.jivesoftware.openfire.spi.ConnectionManagerImpl)
ConnectionConfiguration(org.jivesoftware.openfire.spi.ConnectionConfiguration)
Element(org.dom4j.Element)
IQ(org.xmpp.packet.IQ)
Aggregations
ConnectionConfiguration (org.jivesoftware.openfire.spi.ConnectionConfiguration)5
ConnectionManagerImpl (org.jivesoftware.openfire.spi.ConnectionManagerImpl)4
HttpConfiguration (org.eclipse.jetty.server.HttpConfiguration)2
HttpConnectionFactory (org.eclipse.jetty.server.HttpConnectionFactory)2
SecureRequestCustomizer (org.eclipse.jetty.server.SecureRequestCustomizer)2
ServerConnector (org.eclipse.jetty.server.ServerConnector)2
SslConnectionFactory (org.eclipse.jetty.server.SslConnectionFactory)2
HTTPSPDYServerConnector (org.eclipse.jetty.spdy.server.http.HTTPSPDYServerConnector)2
SslContextFactory (org.eclipse.jetty.util.ssl.SslContextFactory)2
IdentityStore (org.jivesoftware.openfire.keystore.IdentityStore)2
EncryptionArtifactFactory (org.jivesoftware.openfire.spi.EncryptionArtifactFactory)2
UnknownHostException (java.net.UnknownHostException)1
ServletException (javax.servlet.ServletException)1
Element (org.dom4j.Element)1
Server (org.eclipse.jetty.server.Server)1
ContextHandlerCollection (org.eclipse.jetty.server.handler.ContextHandlerCollection)1
DefaultHandler (org.eclipse.jetty.server.handler.DefaultHandler)1
HandlerCollection (org.eclipse.jetty.server.handler.HandlerCollection)1
QueuedThreadPool (org.eclipse.jetty.util.thread.QueuedThreadPool)1
Connection (org.jivesoftware.openfire.Connection)1
