org.eclipse.jetty.server.SecureRequestCustomizer Java Examples

The following examples show how to use org.eclipse.jetty.server.SecureRequestCustomizer. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ServerDaemon.java    From cloudstack with Apache License 2.0 6 votes vote down vote up
private void createHttpsConnector(final HttpConfiguration httpConfig) {
    // Configure SSL
    if (httpsEnable && !Strings.isNullOrEmpty(keystoreFile) && new File(keystoreFile).exists()) {
        // SSL Context
        final SslContextFactory sslContextFactory = new SslContextFactory();

        // Define keystore path and passwords
        sslContextFactory.setKeyStorePath(keystoreFile);
        sslContextFactory.setKeyStorePassword(keystorePassword);
        sslContextFactory.setKeyManagerPassword(keystorePassword);

        // HTTPS config
        final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
        httpsConfig.addCustomizer(new SecureRequestCustomizer());

        // HTTPS Connector
        final ServerConnector sslConnector = new ServerConnector(server,
                new SslConnectionFactory(sslContextFactory, "http/1.1"),
                new HttpConnectionFactory(httpsConfig));
        sslConnector.setPort(httpsPort);
        sslConnector.setHost(bindInterface);
        server.addConnector(sslConnector);
    }
}
 
Example #2
Source File: TlsCertificateAuthorityService.java    From nifi with Apache License 2.0 6 votes vote down vote up
private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception {
    Server server = new Server();

    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setIncludeProtocols(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion());
    sslContextFactory.setKeyStore(keyStore);
    sslContextFactory.setKeyManagerPassword(keyPassword);

    // Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server,
    // not a client.  Server does not need to perform hostname verification on the client.
    // Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS".
    sslContextFactory.setEndpointIdentificationAlgorithm(null);

    HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());

    ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    sslConnector.setPort(port);

    server.addConnector(sslConnector);
    server.setHandler(handler);

    return server;
}
 
Example #3
Source File: JettyWebServer.java    From Doradus with Apache License 2.0 6 votes vote down vote up
private ServerConnector createSSLConnector() {
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(m_keystore);
    sslContextFactory.setKeyStorePassword(m_keystorepassword);
    sslContextFactory.setTrustStorePath(m_truststore);
    sslContextFactory.setTrustStorePassword(m_truststorepassword);
    sslContextFactory.setNeedClientAuth(m_clientauthentication);
    sslContextFactory.setIncludeCipherSuites(m_tls_cipher_suites);

    HttpConfiguration http_config = new HttpConfiguration();
    http_config.setSecureScheme("https");
    HttpConfiguration https_config = new HttpConfiguration(http_config);
    https_config.addCustomizer(new SecureRequestCustomizer());
    SslConnectionFactory sslConnFactory = new SslConnectionFactory(sslContextFactory, "http/1.1");
    HttpConnectionFactory httpConnFactory = new HttpConnectionFactory(https_config);
    ServerConnector sslConnector = new ServerConnector(m_jettyServer, sslConnFactory, httpConnFactory);
    return sslConnector;
}
 
Example #4
Source File: JettyWebSocketServer.java    From sequenceiq-samples with Apache License 2.0 6 votes vote down vote up
@Override
public void startSSL(String keyStoreLocation, String keyStorePassword) throws Exception {
    Server server = new Server();

    HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());
    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(keyStoreLocation);
    sslContextFactory.setKeyStorePassword(keyStorePassword);
    ServerConnector https = new ServerConnector(server,
            new SslConnectionFactory(sslContextFactory, "http/1.1"),
            new HttpConnectionFactory(httpsConfig));
    https.setHost(host);
    https.setPort(port);
    server.setConnectors(new Connector[]{https});

    configureContextHandler(server);
    startServer(server);
}
 
Example #5
Source File: HelixRestServer.java    From helix with Apache License 2.0 6 votes vote down vote up
public void setupSslServer(int port, SslContextFactory sslContextFactory) {
  if (_server != null && port > 0) {
    try {
      HttpConfiguration https = new HttpConfiguration();
      https.addCustomizer(new SecureRequestCustomizer());
      ServerConnector sslConnector = new ServerConnector(
          _server,
          new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
          new HttpConnectionFactory(https));
      sslConnector.setPort(port);

      _server.addConnector(sslConnector);

      LOG.info("Helix SSL rest server is ready to start.");
    } catch (Exception ex) {
      LOG.error("Failed to setup Helix SSL rest server, " + ex);
    }
  }
}
 
Example #6
Source File: PrometheusServer.java    From nifi with Apache License 2.0 6 votes vote down vote up
public PrometheusServer(int addr, SSLContextService sslContextService, ComponentLog logger, boolean needClientAuth, boolean wantClientAuth) throws Exception {
    PrometheusServer.logger = logger;
    this.server = new Server();
    this.handler = new ServletContextHandler(server, "/metrics");
    this.handler.addServlet(new ServletHolder(new MetricsServlet()), "/");

    SslContextFactory sslFactory = createSslFactory(sslContextService, needClientAuth, wantClientAuth);
    HttpConfiguration httpsConfiguration = new HttpConfiguration();
    httpsConfiguration.setSecureScheme("https");
    httpsConfiguration.setSecurePort(addr);
    httpsConfiguration.addCustomizer(new SecureRequestCustomizer());

    ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslFactory, "http/1.1"),
            new HttpConnectionFactory(httpsConfiguration));
    https.setPort(addr);
    this.server.setConnectors(new Connector[]{https});
    this.server.start();

}
 
Example #7
Source File: App.java    From mysql_perf_analyzer with Apache License 2.0 6 votes vote down vote up
/**
 * Create ssl connector if https is used
 * @return
 */
private ServerConnector sslConnector() {
	HttpConfiguration http_config = new HttpConfiguration();
	http_config.setSecureScheme("https");
	http_config.setSecurePort(this.getPort());
	
	HttpConfiguration https_config = new HttpConfiguration(http_config);
	https_config.addCustomizer(new SecureRequestCustomizer());
	
	SslContextFactory sslContextFactory = new SslContextFactory(this.getCertKeyStorePath());
	sslContextFactory.setKeyStorePassword(this.getCertKeyStorePassword());
	//exclude weak ciphers
	sslContextFactory.setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
	//only support tlsv1.2
	sslContextFactory.addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1");
	
	ServerConnector connector = new ServerConnector(jettyServer, 
			new SslConnectionFactory(sslContextFactory, "http/1.1"),
			new HttpConnectionFactory(https_config));
	connector.setPort(this.getPort());
	connector.setIdleTimeout(50000);
	return connector;
}
 
Example #8
Source File: ErrorCases.java    From scheduling with GNU Affero General Public License v3.0 6 votes vote down vote up
@BeforeClass
public static void startHttpsServer() throws Exception {
    skipIfHeadlessEnvironment();
    server = new Server();

    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(ErrorCases.class.getResource("keystore").getPath());
    sslContextFactory.setKeyStorePassword("activeeon");

    HttpConfiguration httpConfig = new HttpConfiguration();
    HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
    httpsConfig.addCustomizer(new SecureRequestCustomizer());

    ServerConnector sslConnector = new ServerConnector(server,
                                                       new ConnectionFactory[] { new SslConnectionFactory(sslContextFactory,
                                                                                                          HttpVersion.HTTP_1_1.asString()),
                                                                                 new HttpConnectionFactory(httpsConfig) });

    server.addConnector(sslConnector);
    server.start();
    serverUrl = "https://localhost:" + sslConnector.getLocalPort() + "/rest";
}
 
Example #9
Source File: TlsCertificateAuthorityService.java    From localization_nifi with Apache License 2.0 6 votes vote down vote up
private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception {
    Server server = new Server();

    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setIncludeProtocols("TLSv1.2");
    sslContextFactory.setKeyStore(keyStore);
    sslContextFactory.setKeyManagerPassword(keyPassword);

    HttpConfiguration httpsConfig = new HttpConfiguration();
    httpsConfig.addCustomizer(new SecureRequestCustomizer());

    ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig));
    sslConnector.setPort(port);

    server.addConnector(sslConnector);
    server.setHandler(handler);

    return server;
}
 
Example #10
Source File: JettyServer.java    From nifi with Apache License 2.0 5 votes vote down vote up
private ServerConnector createUnconfiguredSslServerConnector(Server server, HttpConfiguration httpConfiguration, int port) {
    // add some secure config
    final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
    httpsConfiguration.setSecureScheme("https");
    httpsConfiguration.setSecurePort(port);
    httpsConfiguration.setSendServerVersion(props.shouldSendServerVersion());
    httpsConfiguration.addCustomizer(new SecureRequestCustomizer());

    // build the connector
    return new ServerConnector(server,
            new SslConnectionFactory(createSslContextFactory(), "http/1.1"),
            new HttpConnectionFactory(httpsConfiguration));
}
 
Example #11
Source File: ServersUtil.java    From joynr with Apache License 2.0 5 votes vote down vote up
private static Server startSSLServer(ContextHandlerCollection contexts,
                                     SSLSettings settings,
                                     int port) throws IOException, Exception {

    System.setProperty(MessagingPropertyKeys.PROPERTY_SERVLET_HOST_PATH, "http://localhost:" + port);
    logger.info("PORT: {}", System.getProperty(MessagingPropertyKeys.PROPERTY_SERVLET_HOST_PATH));
    final Server jettyServer = new Server();

    HttpConfiguration https_config = new HttpConfiguration();
    https_config.setSecureScheme("https");
    https_config.setSecurePort(port);
    https_config.setOutputBufferSize(32768);
    https_config.addCustomizer(new SecureRequestCustomizer());

    // Configure SSL
    final SslContextFactory contextFactory = new SslContextFactory();
    contextFactory.setKeyStorePath(settings.getKeyStorePath());
    contextFactory.setTrustStorePath(settings.getTrustStorePath());
    contextFactory.setKeyStorePassword(settings.getKeyStorePassword());
    contextFactory.setTrustStorePassword(settings.getKeyStorePassword());
    contextFactory.setNeedClientAuth(true);

    // Create and use an SSL connector
    ServerConnector connector = new ServerConnector(jettyServer,
                                                    new SslConnectionFactory(contextFactory, "http/1.1"),
                                                    new HttpConnectionFactory(https_config));
    connector.setPort(port);
    connector.setAcceptQueueSize(1);
    jettyServer.setConnectors(new Connector[]{ connector });

    String serverUrl = "https://localhost:" + port;
    System.getProperties().setProperty(MessagingPropertyKeys.PROPERTY_SERVLET_HOST_PATH, serverUrl);

    jettyServer.setHandler(contexts);
    jettyServer.start();

    return jettyServer;
}
 
Example #12
Source File: ReporterFactoryTest.java    From apm-agent-java with Apache License 2.0 5 votes vote down vote up
@BeforeEach
void setUp() throws Exception {
    server = new Server();

    Path keyStorePath = Paths.get(ReporterFactoryTest.class.getResource("/keystore").toURI());
    final SslContextFactory sslContextFactory = new SslContextFactory(keyStorePath.toAbsolutePath().toString());
    sslContextFactory.setKeyStorePassword("password");
    sslContextFactory.getSslContext();

    final HttpConfiguration httpConfiguration = new HttpConfiguration();
    httpConfiguration.setSecureScheme("https");
    httpConfiguration.setSecurePort(0);

    final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
    httpsConfiguration.addCustomizer(new SecureRequestCustomizer());
    final ServerConnector httpsConnector = new ServerConnector(server,
        new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
        new HttpConnectionFactory(httpsConfiguration));
    httpsConnector.setPort(0);
    server.addConnector(httpsConnector);
    server.setHandler(new AbstractHandler() {
        @Override
        public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) {
            baseRequest.setHandled(true);
            requestHandled.set(true);
        }
    });
    server.start();
    configuration = SpyConfiguration.createSpyConfig();
    reporterConfiguration = configuration.getConfig(ReporterConfiguration.class);
    when(reporterConfiguration.getServerUrls()).thenReturn(Collections.singletonList(new URL("https://localhost:" + getPort())));
}
 
Example #13
Source File: HttpServer2.java    From knox with Apache License 2.0 5 votes vote down vote up
private ServerConnector createHttpsChannelConnector(
    Server server, HttpConfiguration httpConfig) {
  httpConfig.setSecureScheme(HTTPS_SCHEME);
  httpConfig.addCustomizer(new SecureRequestCustomizer());
  ServerConnector conn = createHttpChannelConnector(server, httpConfig);

  SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
  sslContextFactory.setNeedClientAuth(needsClientAuth);
  sslContextFactory.setKeyManagerPassword(keyPassword);
  if (keyStore != null) {
    sslContextFactory.setKeyStorePath(keyStore);
    sslContextFactory.setKeyStoreType(keyStoreType);
    sslContextFactory.setKeyStorePassword(keyStorePassword);
  }
  if (trustStore != null) {
    sslContextFactory.setTrustStorePath(trustStore);
    sslContextFactory.setTrustStoreType(trustStoreType);
    sslContextFactory.setTrustStorePassword(trustStorePassword);
  }
  if(null != excludeCiphers && !excludeCiphers.isEmpty()) {
    sslContextFactory.setExcludeCipherSuites(
        StringUtils.getTrimmedStrings(excludeCiphers));
    LOG.info("Excluded Cipher List:" + excludeCiphers);
  }

  conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory,
      HttpVersion.HTTP_1_1.asString()));

  return conn;
}
 
Example #14
Source File: HttpServer2.java    From knox with Apache License 2.0 5 votes vote down vote up
private ServerConnector createHttpsChannelConnector(
    Server server, HttpConfiguration httpConfig) {
  httpConfig.setSecureScheme(HTTPS_SCHEME);
  httpConfig.addCustomizer(new SecureRequestCustomizer());
  ServerConnector conn = createHttpChannelConnector(server, httpConfig);

  SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
  sslContextFactory.setNeedClientAuth(needsClientAuth);
  sslContextFactory.setKeyManagerPassword(keyPassword);
  if (keyStore != null) {
    sslContextFactory.setKeyStorePath(keyStore);
    sslContextFactory.setKeyStoreType(keyStoreType);
    sslContextFactory.setKeyStorePassword(keyStorePassword);
  }
  if (trustStore != null) {
    sslContextFactory.setTrustStorePath(trustStore);
    sslContextFactory.setTrustStoreType(trustStoreType);
    sslContextFactory.setTrustStorePassword(trustStorePassword);
  }
  if(null != excludeCiphers && !excludeCiphers.isEmpty()) {
    sslContextFactory.setExcludeCipherSuites(
        StringUtils.getTrimmedStrings(excludeCiphers));
    LOG.info("Excluded Cipher List:" + excludeCiphers);
  }

  conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory,
      HttpVersion.HTTP_1_1.asString()));

  return conn;
}
 
Example #15
Source File: HttpBindManager.java    From Openfire with Apache License 2.0 5 votes vote down vote up
private Connector createSSLConnector( final Server httpBindServer ) {
    final int securePort = getHttpBindSecurePort();
    try {
        final IdentityStore identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore( ConnectionType.BOSH_C2S );

        if (securePort > 0 && identityStore.getStore().aliases().hasMoreElements() ) {
            if ( !identityStore.containsDomainCertificate( ) ) {
                Log.warn("HTTP binding: Using certificates but they are not valid for the hosted domain");
            }

            final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager());
            final ConnectionConfiguration configuration = connectionManager.getListener( ConnectionType.BOSH_C2S, true ).generateConnectionConfiguration();
            final SslContextFactory sslContextFactory = new EncryptionArtifactFactory(configuration).getSslContextFactory();

            final HttpConfiguration httpsConfig = new HttpConfiguration();
            httpsConfig.setSecureScheme("https");
            httpsConfig.setSecurePort(securePort);
            configureProxiedConnector(httpsConfig);
            httpsConfig.addCustomizer(new SecureRequestCustomizer());
            httpsConfig.setSendServerVersion( false );

            final ServerConnector sslConnector = new ServerConnector(httpBindServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig));
            sslConnector.setHost(getBindInterface());
            sslConnector.setPort(securePort);
            return sslConnector;
        }
    }
    catch (Exception e) {
        Log.error("Error creating SSL connector for Http bind", e);
    }

    return null;
}
 
Example #16
Source File: HttpServer2.java    From hadoop-ozone with Apache License 2.0 5 votes vote down vote up
private ServerConnector createHttpsChannelConnector(
    Server server, HttpConfiguration httpConfig) {
  httpConfig.setSecureScheme(HTTPS_SCHEME);
  httpConfig.addCustomizer(new SecureRequestCustomizer());
  ServerConnector conn = createHttpChannelConnector(server, httpConfig);

  SslContextFactory.Server sslContextFactory =
      new SslContextFactory.Server();
  sslContextFactory.setNeedClientAuth(needsClientAuth);
  if (keyPassword != null) {
    sslContextFactory.setKeyManagerPassword(keyPassword);
  }
  if (keyStore != null) {
    sslContextFactory.setKeyStorePath(keyStore);
    sslContextFactory.setKeyStoreType(keyStoreType);
    if (keyStorePassword != null) {
      sslContextFactory.setKeyStorePassword(keyStorePassword);
    }
  }
  if (trustStore != null) {
    sslContextFactory.setTrustStorePath(trustStore);
    sslContextFactory.setTrustStoreType(trustStoreType);
    if (trustStorePassword != null) {
      sslContextFactory.setTrustStorePassword(trustStorePassword);
    }
  }
  if (null != excludeCiphers && !excludeCiphers.isEmpty()) {
    sslContextFactory.setExcludeCipherSuites(
        StringUtils.getTrimmedStrings(excludeCiphers));
    LOG.info("Excluded Cipher List: {}", excludeCiphers);
  }

  conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory,
      HttpVersion.HTTP_1_1.asString()));

  return conn;
}
 
Example #17
Source File: SecureJettyMixin.java    From attic-polygene-java with Apache License 2.0 5 votes vote down vote up
@Override
protected HttpConfiguration specializeHttp( HttpConfiguration httpConfig )
{
    HttpConfiguration httpsConfig = new HttpConfiguration( httpConfig );
    httpsConfig.addCustomizer( new SecureRequestCustomizer() );
    return httpsConfig;
}
 
Example #18
Source File: JettyServer.java    From localization_nifi with Apache License 2.0 5 votes vote down vote up
private ServerConnector createUnconfiguredSslServerConnector(Server server, HttpConfiguration httpConfiguration) {
    // add some secure config
    final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
    httpsConfiguration.setSecureScheme("https");
    httpsConfiguration.setSecurePort(props.getSslPort());
    httpsConfiguration.addCustomizer(new SecureRequestCustomizer());

    // build the connector
    return new ServerConnector(server,
            new SslConnectionFactory(createSslContextFactory(), "http/1.1"),
            new HttpConnectionFactory(httpsConfiguration));
}
 
Example #19
Source File: JettyAppServer.java    From selenium with Apache License 2.0 5 votes vote down vote up
@Override
public void start() {
  HttpConfiguration httpConfig = new HttpConfiguration();
  httpConfig.setSecureScheme("https");
  httpConfig.setSecurePort(securePort);

  ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(httpConfig));
  http.setPort(port);
  http.setIdleTimeout(500000);

  Path keystore = getKeyStore();
  if (!Files.exists(keystore)) {
    throw new RuntimeException(
        "Cannot find keystore for SSL cert: " + keystore.toAbsolutePath());
  }

  SslContextFactory sslContextFactory = new SslContextFactory();
  sslContextFactory.setKeyStorePath(keystore.toAbsolutePath().toString());
  sslContextFactory.setKeyStorePassword("password");
  sslContextFactory.setKeyManagerPassword("password");

  HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
  httpsConfig.addCustomizer(new SecureRequestCustomizer());

  ServerConnector https = new ServerConnector(
      server,
      new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
      new HttpConnectionFactory(httpsConfig));
  https.setPort(securePort);
  https.setIdleTimeout(500000);

  server.setConnectors(new Connector[]{http, https});

  try {
    server.start();
  } catch (Exception e) {
    throw new RuntimeException(e);
  }
}
 
Example #20
Source File: ConsoleProxyNoVNCServer.java    From cloudstack with Apache License 2.0 5 votes vote down vote up
public ConsoleProxyNoVNCServer(byte[] ksBits, String ksPassword) {
    this.server = new Server();
    ConsoleProxyNoVNCHandler handler = new ConsoleProxyNoVNCHandler();
    this.server.setHandler(handler);

    try {
        final HttpConfiguration httpConfig = new HttpConfiguration();
        httpConfig.setSecureScheme("https");
        httpConfig.setSecurePort(wsPort);

        final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
        httpsConfig.addCustomizer(new SecureRequestCustomizer());

        final SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
        char[] passphrase = ksPassword != null ? ksPassword.toCharArray() : null;
        KeyStore ks = KeyStore.getInstance("JKS");
        ks.load(new ByteArrayInputStream(ksBits), passphrase);
        sslContextFactory.setKeyStore(ks);
        sslContextFactory.setKeyStorePassword(ksPassword);
        sslContextFactory.setKeyManagerPassword(ksPassword);

        final ServerConnector sslConnector = new ServerConnector(server,
            new SslConnectionFactory(sslContextFactory, "http/1.1"),
            new HttpConnectionFactory(httpsConfig));
        sslConnector.setPort(wsPort);
        server.addConnector(sslConnector);
    } catch (Exception e) {
        s_logger.error("Unable to secure server due to exception ", e);
    }
}
 
Example #21
Source File: ConnectorFactory.java    From vespa with Apache License 2.0 5 votes vote down vote up
private HttpConnectionFactory newHttpConnectionFactory() {
    HttpConfiguration httpConfig = new HttpConfiguration();
    httpConfig.setSendDateHeader(true);
    httpConfig.setSendServerVersion(false);
    httpConfig.setSendXPoweredBy(false);
    httpConfig.setHeaderCacheSize(connectorConfig.headerCacheSize());
    httpConfig.setOutputBufferSize(connectorConfig.outputBufferSize());
    httpConfig.setRequestHeaderSize(connectorConfig.requestHeaderSize());
    httpConfig.setResponseHeaderSize(connectorConfig.responseHeaderSize());
    if (connectorConfig.ssl().enabled() || TransportSecurityUtils.isTransportSecurityEnabled()) { // TODO Cleanup once mixed mode is gone
        httpConfig.addCustomizer(new SecureRequestCustomizer());
    }
    return new HttpConnectionFactory(httpConfig);
}
 
Example #22
Source File: WebSocketServerEcho.java    From quarks with Apache License 2.0 5 votes vote down vote up
private Server createServer(URI endpointURI, boolean needClientAuth) {
    if ("ws".equals(endpointURI.getScheme())) {
        return new Server(endpointURI.getPort());
    }
    else if ("wss".equals(endpointURI.getScheme())) {
        // see http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/ManyConnectors.java
        //     http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java
        
        Server server = new Server();
        
        SslContextFactory sslContextFactory = new SslContextFactory();
        sslContextFactory.setKeyStorePath(getStorePath("serverKeyStore.jks"));
        sslContextFactory.setKeyStorePassword("passw0rd");
        sslContextFactory.setKeyManagerPassword("passw0rd");
        sslContextFactory.setCertAlias("default");
        sslContextFactory.setNeedClientAuth(needClientAuth);
        sslContextFactory.setTrustStorePath(getStorePath("serverTrustStore.jks"));
        sslContextFactory.setTrustStorePassword("passw0rd");
        
        HttpConfiguration httpsConfig = new HttpConfiguration();
        httpsConfig.addCustomizer(new SecureRequestCustomizer());
        
        ServerConnector https= new ServerConnector(server,
                new SslConnectionFactory(sslContextFactory,
                        HttpVersion.HTTP_1_1.asString()),
                new HttpConnectionFactory(httpsConfig));
        https.setPort(endpointURI.getPort());
        
        server.addConnector(https);
        return server;
    }
    else
        throw new IllegalArgumentException("unrecognized uri: "+endpointURI);
}
 
Example #23
Source File: HttpServer2.java    From lucene-solr with Apache License 2.0 5 votes vote down vote up
private ServerConnector createHttpsChannelConnector(
    Server server, HttpConfiguration httpConfig) {
  httpConfig.setSecureScheme(HTTPS_SCHEME);
  httpConfig.addCustomizer(new SecureRequestCustomizer());
  ServerConnector conn = createHttpChannelConnector(server, httpConfig);

  SslContextFactory.Server sslContextFactory = new SslContextFactory.Server();
  sslContextFactory.setNeedClientAuth(needsClientAuth);
  sslContextFactory.setKeyManagerPassword(keyPassword);
  if (keyStore != null) {
    sslContextFactory.setKeyStorePath(keyStore);
    sslContextFactory.setKeyStoreType(keyStoreType);
    sslContextFactory.setKeyStorePassword(keyStorePassword);
  }
  if (trustStore != null) {
    sslContextFactory.setTrustStorePath(trustStore);
    sslContextFactory.setTrustStoreType(trustStoreType);
    sslContextFactory.setTrustStorePassword(trustStorePassword);
  }
  if(null != excludeCiphers && !excludeCiphers.isEmpty()) {
    sslContextFactory.setExcludeCipherSuites(
        StringUtils.getTrimmedStrings(excludeCiphers));
    LOG.info("Excluded Cipher List:{}", excludeCiphers);
  }

  conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory,
      HttpVersion.HTTP_1_1.asString()));

  return conn;
}
 
Example #24
Source File: JettyITServerCustomizer.java    From nifi-registry with Apache License 2.0 5 votes vote down vote up
@Override
public void customize(final JettyServletWebServerFactory factory) {
    LOGGER.info("Customizing Jetty server for integration tests...");

    factory.addServerCustomizers((server) -> {
        final Ssl sslProperties = serverProperties.getSsl();
        if (sslProperties != null) {
            createSslContextFactory(sslProperties);
            ServerConnector con = (ServerConnector) server.getConnectors()[0];
            int existingConnectorPort = con.getLocalPort();

            // create the http configuration
            final HttpConfiguration httpConfiguration = new HttpConfiguration();
            httpConfiguration.setRequestHeaderSize(HEADER_BUFFER_SIZE);
            httpConfiguration.setResponseHeaderSize(HEADER_BUFFER_SIZE);

            // add some secure config
            final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
            httpsConfiguration.setSecureScheme("https");
            httpsConfiguration.setSecurePort(existingConnectorPort);
            httpsConfiguration.addCustomizer(new SecureRequestCustomizer());

            // build the connector with the endpoint identification algorithm set to null
            final ServerConnector httpsConnector = new ServerConnector(server,
                    new SslConnectionFactory(createSslContextFactory(sslProperties), "http/1.1"),
                    new HttpConnectionFactory(httpsConfiguration));
            server.removeConnector(con);
            server.addConnector(httpsConnector);
        }
    });

    LOGGER.info("JettyServer is customized");
}
 
Example #25
Source File: MockServer.java    From aws-sdk-java-v2 with Apache License 2.0 5 votes vote down vote up
public MockServer() throws IOException {
    server = new Server();
    connector = new ServerConnector(server);
    connector.setPort(httpPort);

    HttpConfiguration https = new HttpConfiguration();
    https.addCustomizer(new SecureRequestCustomizer());

    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setTrustAll(true);
    sslContextFactory.setValidateCerts(false);
    sslContextFactory.setNeedClientAuth(false);
    sslContextFactory.setWantClientAuth(false);
    sslContextFactory.setValidatePeerCerts(false);
    sslContextFactory.setKeyStorePassword("password");
    sslContextFactory.setKeyStorePath(MockServer.class.getResource("mock-keystore.jks").toExternalForm());

    sslConnector = new ServerConnector(server,
                                       new SslConnectionFactory(sslContextFactory,
                                                                HttpVersion.HTTP_1_1.asString()),
                                       new HttpConnectionFactory(https));
    sslConnector.setPort(httpsPort);

    server.setConnectors(new Connector[] {connector, sslConnector});

    ServletContextHandler context = new ServletContextHandler(server, "/", ServletContextHandler.SESSIONS);
    context.addServlet(new ServletHolder(new AlwaysSuccessServlet()), "/*");
    server.setHandler(context);
}
 
Example #26
Source File: Launcher.java    From EchoQuery with GNU General Public License v2.0 4 votes vote down vote up
/**
 * Configures and sets up a Jetty server.
 * @param args
 * @throws Exception
 */
public static void main(final String[] args) throws Exception {
  // Configure logging to output to the console with default level of
  // INFO.
  BasicConfigurator.configure();

  Server server = new Server();

  // Configure SSL from system properties.
  SslConnectionFactory sslConnectionFactory = new SslConnectionFactory();
  SslContextFactory sslContextFactory =
      sslConnectionFactory.getSslContextFactory();
  sslContextFactory.setKeyStorePath(
      System.getProperty("javax.net.ssl.keyStore"));
  sslContextFactory.setKeyStorePassword(
      System.getProperty("javax.net.ssl.keyStorePassword"));
  sslContextFactory.setIncludeCipherSuites(Sdk.SUPPORTED_CIPHER_SUITES);

  // Configure HTTPS server.
  HttpConfiguration httpConf = new HttpConfiguration();
  httpConf.setSecurePort(PORT);
  httpConf.setSecureScheme(HTTPS_SCHEME);
  httpConf.addCustomizer(new SecureRequestCustomizer());
  HttpConnectionFactory httpConnectionFactory =
      new HttpConnectionFactory(httpConf);

  // Set up the servlets.
  ServerConnector serverConnector = new ServerConnector(
      server, sslConnectionFactory, httpConnectionFactory);
  serverConnector.setPort(PORT);

  Connector[] connectors = new Connector[1];
  connectors[0] = serverConnector;
  server.setConnectors(connectors);

  ServletContextHandler context =
      new ServletContextHandler(ServletContextHandler.SESSIONS);
  context.setContextPath("/");
  server.setHandler(context);
  context.addServlet(new ServletHolder(
      createServlet(new EchoQuerySpeechlet())), "/echoquery");
  server.start();
  server.join();
}
 
Example #27
Source File: CipherAndProtocolSelectionTest.java    From apiman with Apache License 2.0 4 votes vote down vote up
@Before
public void setupJetty() throws Exception {
    server = new Server();
    server.setStopAtShutdown(true);

    http_config = new HttpConfiguration();
    http_config.setSecureScheme("https");

    jettySslContextFactory = new SslContextFactory();
    jettySslContextFactory.setTrustStorePath(getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks"));
    jettySslContextFactory.setTrustStorePassword("password");
    jettySslContextFactory.setKeyStorePath(getResourcePath("2waytest/mutual_trust_via_ca/service_ks.jks"));
    jettySslContextFactory.setKeyStorePassword("password");
    jettySslContextFactory.setKeyManagerPassword("password");
    // Use default trust store
    // No client auth
    jettySslContextFactory.setNeedClientAuth(false);
    jettySslContextFactory.setWantClientAuth(false);

    HttpConfiguration https_config = new HttpConfiguration(http_config);
    https_config.addCustomizer(new SecureRequestCustomizer());

    ServerConnector sslConnector = new ServerConnector(server,
        new SslConnectionFactory(jettySslContextFactory,"http/1.1"),
        new HttpConnectionFactory(https_config));
    sslConnector.setPort(8008);

    server.addConnector(sslConnector);
    // Thanks to Jetty getting started guide.
    server.setHandler(new AbstractHandler() {

        @Override
        public void handle(String target, Request baseRequest, HttpServletRequest request,
                HttpServletResponse response) throws IOException, ServletException {

            jettyRequestAttributes = new HashMap<>();
            Enumeration<String> requestAttrNames = request.getAttributeNames();

            while (requestAttrNames.hasMoreElements()) {
                String elem = requestAttrNames.nextElement();
                jettyRequestAttributes.put(elem, request.getAttribute(elem).toString());
                System.out.println(elem + " - " + request.getAttribute(elem).toString());
            }

            response.setStatus(HttpServletResponse.SC_OK);
            baseRequest.setHandled(true);
            response.getWriter().println("apiman");
        }
    });
}
 
Example #28
Source File: CAMutualAuthTest.java    From apiman with Apache License 2.0 4 votes vote down vote up
@Before
public void setupJetty() throws Exception {
    server = new Server();
    server.setStopAtShutdown(true);

    http_config = new HttpConfiguration();
    http_config.setSecureScheme("https");

    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(getResourcePath("2waytest/mutual_trust_via_ca/service_ks.jks"));
    sslContextFactory.setKeyStorePassword("password");
    sslContextFactory.setKeyManagerPassword("password");
    sslContextFactory.setTrustStorePath(getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks"));
    sslContextFactory.setTrustStorePassword("password");
    sslContextFactory.setNeedClientAuth(true);

    HttpConfiguration https_config = new HttpConfiguration(http_config);
    https_config.addCustomizer(new SecureRequestCustomizer());

    ServerConnector sslConnector = new ServerConnector(server,
        new SslConnectionFactory(sslContextFactory,"http/1.1"),
        new HttpConnectionFactory(https_config));
    sslConnector.setPort(8008);

    server.addConnector(sslConnector);
    // Thanks to Jetty getting started guide.
    server.setHandler(new AbstractHandler() {

        @Override
        public void handle(String target, Request baseRequest, HttpServletRequest request,
                HttpServletResponse response) throws IOException, ServletException {

            Enumeration<String> z = request.getAttributeNames();

            while (z.hasMoreElements()) {
                String elem = z.nextElement();
                System.out.println(elem + " - " + request.getAttribute(elem));
            }

            response.setStatus(HttpServletResponse.SC_OK);
            baseRequest.setHandled(true);
            response.getWriter().println("apiman");
        }
    });
    server.start();
}
 
Example #29
Source File: JettyServerWrapper.java    From cougar with Apache License 2.0 4 votes vote down vote up
protected ServerConnector createHttpsConnector(Server server, HttpConfiguration httpConfiguration, int httpsAcceptors, int httpsSelectors, SslContextFactory sslContextFactory) {
    httpConfiguration.addCustomizer(new SecureRequestCustomizer());
    return new ServerConnector(server, null, null, null, httpsAcceptors, httpsSelectors, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpConfiguration));
}
 
Example #30
Source File: NiFiTestServer.java    From nifi with Apache License 2.0 4 votes vote down vote up
private void createSecureConnector() {
    org.eclipse.jetty.util.ssl.SslContextFactory contextFactory = new org.eclipse.jetty.util.ssl.SslContextFactory();

    // Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server,
    // not a client.  Server does not need to perform hostname verification on the client.
    // Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS".
    contextFactory.setEndpointIdentificationAlgorithm(null);

    // require client auth when not supporting login or anonymous access
    if (StringUtils.isBlank(properties.getProperty(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER))) {
        contextFactory.setNeedClientAuth(true);
    } else {
        contextFactory.setWantClientAuth(true);
    }

    /* below code sets JSSE system properties when values are provided */
    // keystore properties
    if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE))) {
        contextFactory.setKeyStorePath(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE));
    }
    if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE))) {
        contextFactory.setKeyStoreType(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE));
    }
    final String keystorePassword = properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD);
    final String keyPassword = properties.getProperty(NiFiProperties.SECURITY_KEY_PASSWD);
    if (StringUtils.isNotBlank(keystorePassword)) {
        // if no key password was provided, then assume the keystore password is the same as the key password.
        final String defaultKeyPassword = (StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword;
        contextFactory.setKeyManagerPassword(keystorePassword);
        contextFactory.setKeyStorePassword(defaultKeyPassword);
    } else if (StringUtils.isNotBlank(keyPassword)) {
        // since no keystore password was provided, there will be no keystore integrity check
        contextFactory.setKeyStorePassword(keyPassword);
    }

    // truststore properties
    if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE))) {
        contextFactory.setTrustStorePath(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE));
    }
    if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE))) {
        contextFactory.setTrustStoreType(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE));
    }
    if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD))) {
        contextFactory.setTrustStorePassword(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD));
    }

    // add some secure config
    final HttpConfiguration httpsConfiguration = new HttpConfiguration();
    httpsConfiguration.setSecureScheme("https");
    httpsConfiguration.setSecurePort(0);
    httpsConfiguration.addCustomizer(new SecureRequestCustomizer());

    // build the connector
    final ServerConnector https = new ServerConnector(jetty,
            new SslConnectionFactory(contextFactory, "http/1.1"),
            new HttpConnectionFactory(httpsConfiguration));

    // set host and port
    https.setPort(0);

    // add the connector
    jetty.addConnector(https);
}