org.eclipse.jetty.server.SecureRequestCustomizer Java Examples
The following examples show how to use
org.eclipse.jetty.server.SecureRequestCustomizer.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ServerDaemon.java From cloudstack with Apache License 2.0 | 6 votes |
private void createHttpsConnector(final HttpConfiguration httpConfig) { // Configure SSL if (httpsEnable && !Strings.isNullOrEmpty(keystoreFile) && new File(keystoreFile).exists()) { // SSL Context final SslContextFactory sslContextFactory = new SslContextFactory(); // Define keystore path and passwords sslContextFactory.setKeyStorePath(keystoreFile); sslContextFactory.setKeyStorePassword(keystorePassword); sslContextFactory.setKeyManagerPassword(keystorePassword); // HTTPS config final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); // HTTPS Connector final ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig)); sslConnector.setPort(httpsPort); sslConnector.setHost(bindInterface); server.addConnector(sslConnector); } }
Example #2
Source File: TlsCertificateAuthorityService.java From nifi with Apache License 2.0 | 6 votes |
private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception { Server server = new Server(); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setIncludeProtocols(CertificateUtils.getHighestCurrentSupportedTlsProtocolVersion()); sslContextFactory.setKeyStore(keyStore); sslContextFactory.setKeyManagerPassword(keyPassword); // Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server, // not a client. Server does not need to perform hostname verification on the client. // Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS". sslContextFactory.setEndpointIdentificationAlgorithm(null); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig)); sslConnector.setPort(port); server.addConnector(sslConnector); server.setHandler(handler); return server; }
Example #3
Source File: JettyWebServer.java From Doradus with Apache License 2.0 | 6 votes |
private ServerConnector createSSLConnector() { SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(m_keystore); sslContextFactory.setKeyStorePassword(m_keystorepassword); sslContextFactory.setTrustStorePath(m_truststore); sslContextFactory.setTrustStorePassword(m_truststorepassword); sslContextFactory.setNeedClientAuth(m_clientauthentication); sslContextFactory.setIncludeCipherSuites(m_tls_cipher_suites); HttpConfiguration http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); SslConnectionFactory sslConnFactory = new SslConnectionFactory(sslContextFactory, "http/1.1"); HttpConnectionFactory httpConnFactory = new HttpConnectionFactory(https_config); ServerConnector sslConnector = new ServerConnector(m_jettyServer, sslConnFactory, httpConnFactory); return sslConnector; }
Example #4
Source File: JettyWebSocketServer.java From sequenceiq-samples with Apache License 2.0 | 6 votes |
@Override public void startSSL(String keyStoreLocation, String keyStorePassword) throws Exception { Server server = new Server(); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.addCustomizer(new SecureRequestCustomizer()); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(keyStoreLocation); sslContextFactory.setKeyStorePassword(keyStorePassword); ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig)); https.setHost(host); https.setPort(port); server.setConnectors(new Connector[]{https}); configureContextHandler(server); startServer(server); }
Example #5
Source File: HelixRestServer.java From helix with Apache License 2.0 | 6 votes |
public void setupSslServer(int port, SslContextFactory sslContextFactory) { if (_server != null && port > 0) { try { HttpConfiguration https = new HttpConfiguration(); https.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector( _server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https)); sslConnector.setPort(port); _server.addConnector(sslConnector); LOG.info("Helix SSL rest server is ready to start."); } catch (Exception ex) { LOG.error("Failed to setup Helix SSL rest server, " + ex); } } }
Example #6
Source File: PrometheusServer.java From nifi with Apache License 2.0 | 6 votes |
public PrometheusServer(int addr, SSLContextService sslContextService, ComponentLog logger, boolean needClientAuth, boolean wantClientAuth) throws Exception { PrometheusServer.logger = logger; this.server = new Server(); this.handler = new ServletContextHandler(server, "/metrics"); this.handler.addServlet(new ServletHolder(new MetricsServlet()), "/"); SslContextFactory sslFactory = createSslFactory(sslContextService, needClientAuth, wantClientAuth); HttpConfiguration httpsConfiguration = new HttpConfiguration(); httpsConfiguration.setSecureScheme("https"); httpsConfiguration.setSecurePort(addr); httpsConfiguration.addCustomizer(new SecureRequestCustomizer()); ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslFactory, "http/1.1"), new HttpConnectionFactory(httpsConfiguration)); https.setPort(addr); this.server.setConnectors(new Connector[]{https}); this.server.start(); }
Example #7
Source File: App.java From mysql_perf_analyzer with Apache License 2.0 | 6 votes |
/** * Create ssl connector if https is used * @return */ private ServerConnector sslConnector() { HttpConfiguration http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); http_config.setSecurePort(this.getPort()); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); SslContextFactory sslContextFactory = new SslContextFactory(this.getCertKeyStorePath()); sslContextFactory.setKeyStorePassword(this.getCertKeyStorePassword()); //exclude weak ciphers sslContextFactory.setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$"); //only support tlsv1.2 sslContextFactory.addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1"); ServerConnector connector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https_config)); connector.setPort(this.getPort()); connector.setIdleTimeout(50000); return connector; }
Example #8
Source File: ErrorCases.java From scheduling with GNU Affero General Public License v3.0 | 6 votes |
@BeforeClass public static void startHttpsServer() throws Exception { skipIfHeadlessEnvironment(); server = new Server(); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(ErrorCases.class.getResource("keystore").getPath()); sslContextFactory.setKeyStorePassword("activeeon"); HttpConfiguration httpConfig = new HttpConfiguration(); HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new ConnectionFactory[] { new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig) }); server.addConnector(sslConnector); server.start(); serverUrl = "https://localhost:" + sslConnector.getLocalPort() + "/rest"; }
Example #9
Source File: TlsCertificateAuthorityService.java From localization_nifi with Apache License 2.0 | 6 votes |
private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception { Server server = new Server(); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setIncludeProtocols("TLSv1.2"); sslContextFactory.setKeyStore(keyStore); sslContextFactory.setKeyManagerPassword(keyPassword); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig)); sslConnector.setPort(port); server.addConnector(sslConnector); server.setHandler(handler); return server; }
Example #10
Source File: JettyServer.java From nifi with Apache License 2.0 | 5 votes |
private ServerConnector createUnconfiguredSslServerConnector(Server server, HttpConfiguration httpConfiguration, int port) { // add some secure config final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration); httpsConfiguration.setSecureScheme("https"); httpsConfiguration.setSecurePort(port); httpsConfiguration.setSendServerVersion(props.shouldSendServerVersion()); httpsConfiguration.addCustomizer(new SecureRequestCustomizer()); // build the connector return new ServerConnector(server, new SslConnectionFactory(createSslContextFactory(), "http/1.1"), new HttpConnectionFactory(httpsConfiguration)); }
Example #11
Source File: ServersUtil.java From joynr with Apache License 2.0 | 5 votes |
private static Server startSSLServer(ContextHandlerCollection contexts, SSLSettings settings, int port) throws IOException, Exception { System.setProperty(MessagingPropertyKeys.PROPERTY_SERVLET_HOST_PATH, "http://localhost:" + port); logger.info("PORT: {}", System.getProperty(MessagingPropertyKeys.PROPERTY_SERVLET_HOST_PATH)); final Server jettyServer = new Server(); HttpConfiguration https_config = new HttpConfiguration(); https_config.setSecureScheme("https"); https_config.setSecurePort(port); https_config.setOutputBufferSize(32768); https_config.addCustomizer(new SecureRequestCustomizer()); // Configure SSL final SslContextFactory contextFactory = new SslContextFactory(); contextFactory.setKeyStorePath(settings.getKeyStorePath()); contextFactory.setTrustStorePath(settings.getTrustStorePath()); contextFactory.setKeyStorePassword(settings.getKeyStorePassword()); contextFactory.setTrustStorePassword(settings.getKeyStorePassword()); contextFactory.setNeedClientAuth(true); // Create and use an SSL connector ServerConnector connector = new ServerConnector(jettyServer, new SslConnectionFactory(contextFactory, "http/1.1"), new HttpConnectionFactory(https_config)); connector.setPort(port); connector.setAcceptQueueSize(1); jettyServer.setConnectors(new Connector[]{ connector }); String serverUrl = "https://localhost:" + port; System.getProperties().setProperty(MessagingPropertyKeys.PROPERTY_SERVLET_HOST_PATH, serverUrl); jettyServer.setHandler(contexts); jettyServer.start(); return jettyServer; }
Example #12
Source File: ReporterFactoryTest.java From apm-agent-java with Apache License 2.0 | 5 votes |
@BeforeEach void setUp() throws Exception { server = new Server(); Path keyStorePath = Paths.get(ReporterFactoryTest.class.getResource("/keystore").toURI()); final SslContextFactory sslContextFactory = new SslContextFactory(keyStorePath.toAbsolutePath().toString()); sslContextFactory.setKeyStorePassword("password"); sslContextFactory.getSslContext(); final HttpConfiguration httpConfiguration = new HttpConfiguration(); httpConfiguration.setSecureScheme("https"); httpConfiguration.setSecurePort(0); final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration); httpsConfiguration.addCustomizer(new SecureRequestCustomizer()); final ServerConnector httpsConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfiguration)); httpsConnector.setPort(0); server.addConnector(httpsConnector); server.setHandler(new AbstractHandler() { @Override public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) { baseRequest.setHandled(true); requestHandled.set(true); } }); server.start(); configuration = SpyConfiguration.createSpyConfig(); reporterConfiguration = configuration.getConfig(ReporterConfiguration.class); when(reporterConfiguration.getServerUrls()).thenReturn(Collections.singletonList(new URL("https://localhost:" + getPort()))); }
Example #13
Source File: HttpServer2.java From knox with Apache License 2.0 | 5 votes |
private ServerConnector createHttpsChannelConnector( Server server, HttpConfiguration httpConfig) { httpConfig.setSecureScheme(HTTPS_SCHEME); httpConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector conn = createHttpChannelConnector(server, httpConfig); SslContextFactory.Server sslContextFactory = new SslContextFactory.Server(); sslContextFactory.setNeedClientAuth(needsClientAuth); sslContextFactory.setKeyManagerPassword(keyPassword); if (keyStore != null) { sslContextFactory.setKeyStorePath(keyStore); sslContextFactory.setKeyStoreType(keyStoreType); sslContextFactory.setKeyStorePassword(keyStorePassword); } if (trustStore != null) { sslContextFactory.setTrustStorePath(trustStore); sslContextFactory.setTrustStoreType(trustStoreType); sslContextFactory.setTrustStorePassword(trustStorePassword); } if(null != excludeCiphers && !excludeCiphers.isEmpty()) { sslContextFactory.setExcludeCipherSuites( StringUtils.getTrimmedStrings(excludeCiphers)); LOG.info("Excluded Cipher List:" + excludeCiphers); } conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString())); return conn; }
Example #14
Source File: HttpServer2.java From knox with Apache License 2.0 | 5 votes |
private ServerConnector createHttpsChannelConnector( Server server, HttpConfiguration httpConfig) { httpConfig.setSecureScheme(HTTPS_SCHEME); httpConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector conn = createHttpChannelConnector(server, httpConfig); SslContextFactory.Server sslContextFactory = new SslContextFactory.Server(); sslContextFactory.setNeedClientAuth(needsClientAuth); sslContextFactory.setKeyManagerPassword(keyPassword); if (keyStore != null) { sslContextFactory.setKeyStorePath(keyStore); sslContextFactory.setKeyStoreType(keyStoreType); sslContextFactory.setKeyStorePassword(keyStorePassword); } if (trustStore != null) { sslContextFactory.setTrustStorePath(trustStore); sslContextFactory.setTrustStoreType(trustStoreType); sslContextFactory.setTrustStorePassword(trustStorePassword); } if(null != excludeCiphers && !excludeCiphers.isEmpty()) { sslContextFactory.setExcludeCipherSuites( StringUtils.getTrimmedStrings(excludeCiphers)); LOG.info("Excluded Cipher List:" + excludeCiphers); } conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString())); return conn; }
Example #15
Source File: HttpBindManager.java From Openfire with Apache License 2.0 | 5 votes |
private Connector createSSLConnector( final Server httpBindServer ) { final int securePort = getHttpBindSecurePort(); try { final IdentityStore identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore( ConnectionType.BOSH_C2S ); if (securePort > 0 && identityStore.getStore().aliases().hasMoreElements() ) { if ( !identityStore.containsDomainCertificate( ) ) { Log.warn("HTTP binding: Using certificates but they are not valid for the hosted domain"); } final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager()); final ConnectionConfiguration configuration = connectionManager.getListener( ConnectionType.BOSH_C2S, true ).generateConnectionConfiguration(); final SslContextFactory sslContextFactory = new EncryptionArtifactFactory(configuration).getSslContextFactory(); final HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.setSecureScheme("https"); httpsConfig.setSecurePort(securePort); configureProxiedConnector(httpsConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); httpsConfig.setSendServerVersion( false ); final ServerConnector sslConnector = new ServerConnector(httpBindServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig)); sslConnector.setHost(getBindInterface()); sslConnector.setPort(securePort); return sslConnector; } } catch (Exception e) { Log.error("Error creating SSL connector for Http bind", e); } return null; }
Example #16
Source File: HttpServer2.java From hadoop-ozone with Apache License 2.0 | 5 votes |
private ServerConnector createHttpsChannelConnector( Server server, HttpConfiguration httpConfig) { httpConfig.setSecureScheme(HTTPS_SCHEME); httpConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector conn = createHttpChannelConnector(server, httpConfig); SslContextFactory.Server sslContextFactory = new SslContextFactory.Server(); sslContextFactory.setNeedClientAuth(needsClientAuth); if (keyPassword != null) { sslContextFactory.setKeyManagerPassword(keyPassword); } if (keyStore != null) { sslContextFactory.setKeyStorePath(keyStore); sslContextFactory.setKeyStoreType(keyStoreType); if (keyStorePassword != null) { sslContextFactory.setKeyStorePassword(keyStorePassword); } } if (trustStore != null) { sslContextFactory.setTrustStorePath(trustStore); sslContextFactory.setTrustStoreType(trustStoreType); if (trustStorePassword != null) { sslContextFactory.setTrustStorePassword(trustStorePassword); } } if (null != excludeCiphers && !excludeCiphers.isEmpty()) { sslContextFactory.setExcludeCipherSuites( StringUtils.getTrimmedStrings(excludeCiphers)); LOG.info("Excluded Cipher List: {}", excludeCiphers); } conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString())); return conn; }
Example #17
Source File: SecureJettyMixin.java From attic-polygene-java with Apache License 2.0 | 5 votes |
@Override protected HttpConfiguration specializeHttp( HttpConfiguration httpConfig ) { HttpConfiguration httpsConfig = new HttpConfiguration( httpConfig ); httpsConfig.addCustomizer( new SecureRequestCustomizer() ); return httpsConfig; }
Example #18
Source File: JettyServer.java From localization_nifi with Apache License 2.0 | 5 votes |
private ServerConnector createUnconfiguredSslServerConnector(Server server, HttpConfiguration httpConfiguration) { // add some secure config final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration); httpsConfiguration.setSecureScheme("https"); httpsConfiguration.setSecurePort(props.getSslPort()); httpsConfiguration.addCustomizer(new SecureRequestCustomizer()); // build the connector return new ServerConnector(server, new SslConnectionFactory(createSslContextFactory(), "http/1.1"), new HttpConnectionFactory(httpsConfiguration)); }
Example #19
Source File: JettyAppServer.java From selenium with Apache License 2.0 | 5 votes |
@Override public void start() { HttpConfiguration httpConfig = new HttpConfiguration(); httpConfig.setSecureScheme("https"); httpConfig.setSecurePort(securePort); ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(httpConfig)); http.setPort(port); http.setIdleTimeout(500000); Path keystore = getKeyStore(); if (!Files.exists(keystore)) { throw new RuntimeException( "Cannot find keystore for SSL cert: " + keystore.toAbsolutePath()); } SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(keystore.toAbsolutePath().toString()); sslContextFactory.setKeyStorePassword("password"); sslContextFactory.setKeyManagerPassword("password"); HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector https = new ServerConnector( server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig)); https.setPort(securePort); https.setIdleTimeout(500000); server.setConnectors(new Connector[]{http, https}); try { server.start(); } catch (Exception e) { throw new RuntimeException(e); } }
Example #20
Source File: ConsoleProxyNoVNCServer.java From cloudstack with Apache License 2.0 | 5 votes |
public ConsoleProxyNoVNCServer(byte[] ksBits, String ksPassword) { this.server = new Server(); ConsoleProxyNoVNCHandler handler = new ConsoleProxyNoVNCHandler(); this.server.setHandler(handler); try { final HttpConfiguration httpConfig = new HttpConfiguration(); httpConfig.setSecureScheme("https"); httpConfig.setSecurePort(wsPort); final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); final SslContextFactory.Server sslContextFactory = new SslContextFactory.Server(); char[] passphrase = ksPassword != null ? ksPassword.toCharArray() : null; KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new ByteArrayInputStream(ksBits), passphrase); sslContextFactory.setKeyStore(ks); sslContextFactory.setKeyStorePassword(ksPassword); sslContextFactory.setKeyManagerPassword(ksPassword); final ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig)); sslConnector.setPort(wsPort); server.addConnector(sslConnector); } catch (Exception e) { s_logger.error("Unable to secure server due to exception ", e); } }
Example #21
Source File: ConnectorFactory.java From vespa with Apache License 2.0 | 5 votes |
private HttpConnectionFactory newHttpConnectionFactory() { HttpConfiguration httpConfig = new HttpConfiguration(); httpConfig.setSendDateHeader(true); httpConfig.setSendServerVersion(false); httpConfig.setSendXPoweredBy(false); httpConfig.setHeaderCacheSize(connectorConfig.headerCacheSize()); httpConfig.setOutputBufferSize(connectorConfig.outputBufferSize()); httpConfig.setRequestHeaderSize(connectorConfig.requestHeaderSize()); httpConfig.setResponseHeaderSize(connectorConfig.responseHeaderSize()); if (connectorConfig.ssl().enabled() || TransportSecurityUtils.isTransportSecurityEnabled()) { // TODO Cleanup once mixed mode is gone httpConfig.addCustomizer(new SecureRequestCustomizer()); } return new HttpConnectionFactory(httpConfig); }
Example #22
Source File: WebSocketServerEcho.java From quarks with Apache License 2.0 | 5 votes |
private Server createServer(URI endpointURI, boolean needClientAuth) { if ("ws".equals(endpointURI.getScheme())) { return new Server(endpointURI.getPort()); } else if ("wss".equals(endpointURI.getScheme())) { // see http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/ManyConnectors.java // http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree/examples/embedded/src/main/java/org/eclipse/jetty/embedded/LikeJettyXml.java Server server = new Server(); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(getStorePath("serverKeyStore.jks")); sslContextFactory.setKeyStorePassword("passw0rd"); sslContextFactory.setKeyManagerPassword("passw0rd"); sslContextFactory.setCertAlias("default"); sslContextFactory.setNeedClientAuth(needClientAuth); sslContextFactory.setTrustStorePath(getStorePath("serverTrustStore.jks")); sslContextFactory.setTrustStorePassword("passw0rd"); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector https= new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig)); https.setPort(endpointURI.getPort()); server.addConnector(https); return server; } else throw new IllegalArgumentException("unrecognized uri: "+endpointURI); }
Example #23
Source File: HttpServer2.java From lucene-solr with Apache License 2.0 | 5 votes |
private ServerConnector createHttpsChannelConnector( Server server, HttpConfiguration httpConfig) { httpConfig.setSecureScheme(HTTPS_SCHEME); httpConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector conn = createHttpChannelConnector(server, httpConfig); SslContextFactory.Server sslContextFactory = new SslContextFactory.Server(); sslContextFactory.setNeedClientAuth(needsClientAuth); sslContextFactory.setKeyManagerPassword(keyPassword); if (keyStore != null) { sslContextFactory.setKeyStorePath(keyStore); sslContextFactory.setKeyStoreType(keyStoreType); sslContextFactory.setKeyStorePassword(keyStorePassword); } if (trustStore != null) { sslContextFactory.setTrustStorePath(trustStore); sslContextFactory.setTrustStoreType(trustStoreType); sslContextFactory.setTrustStorePassword(trustStorePassword); } if(null != excludeCiphers && !excludeCiphers.isEmpty()) { sslContextFactory.setExcludeCipherSuites( StringUtils.getTrimmedStrings(excludeCiphers)); LOG.info("Excluded Cipher List:{}", excludeCiphers); } conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString())); return conn; }
Example #24
Source File: JettyITServerCustomizer.java From nifi-registry with Apache License 2.0 | 5 votes |
@Override public void customize(final JettyServletWebServerFactory factory) { LOGGER.info("Customizing Jetty server for integration tests..."); factory.addServerCustomizers((server) -> { final Ssl sslProperties = serverProperties.getSsl(); if (sslProperties != null) { createSslContextFactory(sslProperties); ServerConnector con = (ServerConnector) server.getConnectors()[0]; int existingConnectorPort = con.getLocalPort(); // create the http configuration final HttpConfiguration httpConfiguration = new HttpConfiguration(); httpConfiguration.setRequestHeaderSize(HEADER_BUFFER_SIZE); httpConfiguration.setResponseHeaderSize(HEADER_BUFFER_SIZE); // add some secure config final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration); httpsConfiguration.setSecureScheme("https"); httpsConfiguration.setSecurePort(existingConnectorPort); httpsConfiguration.addCustomizer(new SecureRequestCustomizer()); // build the connector with the endpoint identification algorithm set to null final ServerConnector httpsConnector = new ServerConnector(server, new SslConnectionFactory(createSslContextFactory(sslProperties), "http/1.1"), new HttpConnectionFactory(httpsConfiguration)); server.removeConnector(con); server.addConnector(httpsConnector); } }); LOGGER.info("JettyServer is customized"); }
Example #25
Source File: MockServer.java From aws-sdk-java-v2 with Apache License 2.0 | 5 votes |
public MockServer() throws IOException { server = new Server(); connector = new ServerConnector(server); connector.setPort(httpPort); HttpConfiguration https = new HttpConfiguration(); https.addCustomizer(new SecureRequestCustomizer()); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setTrustAll(true); sslContextFactory.setValidateCerts(false); sslContextFactory.setNeedClientAuth(false); sslContextFactory.setWantClientAuth(false); sslContextFactory.setValidatePeerCerts(false); sslContextFactory.setKeyStorePassword("password"); sslContextFactory.setKeyStorePath(MockServer.class.getResource("mock-keystore.jks").toExternalForm()); sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https)); sslConnector.setPort(httpsPort); server.setConnectors(new Connector[] {connector, sslConnector}); ServletContextHandler context = new ServletContextHandler(server, "/", ServletContextHandler.SESSIONS); context.addServlet(new ServletHolder(new AlwaysSuccessServlet()), "/*"); server.setHandler(context); }
Example #26
Source File: Launcher.java From EchoQuery with GNU General Public License v2.0 | 4 votes |
/** * Configures and sets up a Jetty server. * @param args * @throws Exception */ public static void main(final String[] args) throws Exception { // Configure logging to output to the console with default level of // INFO. BasicConfigurator.configure(); Server server = new Server(); // Configure SSL from system properties. SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(); SslContextFactory sslContextFactory = sslConnectionFactory.getSslContextFactory(); sslContextFactory.setKeyStorePath( System.getProperty("javax.net.ssl.keyStore")); sslContextFactory.setKeyStorePassword( System.getProperty("javax.net.ssl.keyStorePassword")); sslContextFactory.setIncludeCipherSuites(Sdk.SUPPORTED_CIPHER_SUITES); // Configure HTTPS server. HttpConfiguration httpConf = new HttpConfiguration(); httpConf.setSecurePort(PORT); httpConf.setSecureScheme(HTTPS_SCHEME); httpConf.addCustomizer(new SecureRequestCustomizer()); HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConf); // Set up the servlets. ServerConnector serverConnector = new ServerConnector( server, sslConnectionFactory, httpConnectionFactory); serverConnector.setPort(PORT); Connector[] connectors = new Connector[1]; connectors[0] = serverConnector; server.setConnectors(connectors); ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS); context.setContextPath("/"); server.setHandler(context); context.addServlet(new ServletHolder( createServlet(new EchoQuerySpeechlet())), "/echoquery"); server.start(); server.join(); }
Example #27
Source File: CipherAndProtocolSelectionTest.java From apiman with Apache License 2.0 | 4 votes |
@Before public void setupJetty() throws Exception { server = new Server(); server.setStopAtShutdown(true); http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); jettySslContextFactory = new SslContextFactory(); jettySslContextFactory.setTrustStorePath(getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks")); jettySslContextFactory.setTrustStorePassword("password"); jettySslContextFactory.setKeyStorePath(getResourcePath("2waytest/mutual_trust_via_ca/service_ks.jks")); jettySslContextFactory.setKeyStorePassword("password"); jettySslContextFactory.setKeyManagerPassword("password"); // Use default trust store // No client auth jettySslContextFactory.setNeedClientAuth(false); jettySslContextFactory.setWantClientAuth(false); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(jettySslContextFactory,"http/1.1"), new HttpConnectionFactory(https_config)); sslConnector.setPort(8008); server.addConnector(sslConnector); // Thanks to Jetty getting started guide. server.setHandler(new AbstractHandler() { @Override public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { jettyRequestAttributes = new HashMap<>(); Enumeration<String> requestAttrNames = request.getAttributeNames(); while (requestAttrNames.hasMoreElements()) { String elem = requestAttrNames.nextElement(); jettyRequestAttributes.put(elem, request.getAttribute(elem).toString()); System.out.println(elem + " - " + request.getAttribute(elem).toString()); } response.setStatus(HttpServletResponse.SC_OK); baseRequest.setHandled(true); response.getWriter().println("apiman"); } }); }
Example #28
Source File: CAMutualAuthTest.java From apiman with Apache License 2.0 | 4 votes |
@Before public void setupJetty() throws Exception { server = new Server(); server.setStopAtShutdown(true); http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(getResourcePath("2waytest/mutual_trust_via_ca/service_ks.jks")); sslContextFactory.setKeyStorePassword("password"); sslContextFactory.setKeyManagerPassword("password"); sslContextFactory.setTrustStorePath(getResourcePath("2waytest/mutual_trust_via_ca/common_ts.jks")); sslContextFactory.setTrustStorePassword("password"); sslContextFactory.setNeedClientAuth(true); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory,"http/1.1"), new HttpConnectionFactory(https_config)); sslConnector.setPort(8008); server.addConnector(sslConnector); // Thanks to Jetty getting started guide. server.setHandler(new AbstractHandler() { @Override public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { Enumeration<String> z = request.getAttributeNames(); while (z.hasMoreElements()) { String elem = z.nextElement(); System.out.println(elem + " - " + request.getAttribute(elem)); } response.setStatus(HttpServletResponse.SC_OK); baseRequest.setHandled(true); response.getWriter().println("apiman"); } }); server.start(); }
Example #29
Source File: JettyServerWrapper.java From cougar with Apache License 2.0 | 4 votes |
protected ServerConnector createHttpsConnector(Server server, HttpConfiguration httpConfiguration, int httpsAcceptors, int httpsSelectors, SslContextFactory sslContextFactory) { httpConfiguration.addCustomizer(new SecureRequestCustomizer()); return new ServerConnector(server, null, null, null, httpsAcceptors, httpsSelectors, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpConfiguration)); }
Example #30
Source File: NiFiTestServer.java From nifi with Apache License 2.0 | 4 votes |
private void createSecureConnector() { org.eclipse.jetty.util.ssl.SslContextFactory contextFactory = new org.eclipse.jetty.util.ssl.SslContextFactory(); // Need to set SslContextFactory's endpointIdentificationAlgorithm to null; this is a server, // not a client. Server does not need to perform hostname verification on the client. // Previous to Jetty 9.4.15.v20190215, this defaulted to null, and now defaults to "HTTPS". contextFactory.setEndpointIdentificationAlgorithm(null); // require client auth when not supporting login or anonymous access if (StringUtils.isBlank(properties.getProperty(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER))) { contextFactory.setNeedClientAuth(true); } else { contextFactory.setWantClientAuth(true); } /* below code sets JSSE system properties when values are provided */ // keystore properties if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE))) { contextFactory.setKeyStorePath(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE)); } if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE))) { contextFactory.setKeyStoreType(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE)); } final String keystorePassword = properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD); final String keyPassword = properties.getProperty(NiFiProperties.SECURITY_KEY_PASSWD); if (StringUtils.isNotBlank(keystorePassword)) { // if no key password was provided, then assume the keystore password is the same as the key password. final String defaultKeyPassword = (StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword; contextFactory.setKeyManagerPassword(keystorePassword); contextFactory.setKeyStorePassword(defaultKeyPassword); } else if (StringUtils.isNotBlank(keyPassword)) { // since no keystore password was provided, there will be no keystore integrity check contextFactory.setKeyStorePassword(keyPassword); } // truststore properties if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE))) { contextFactory.setTrustStorePath(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE)); } if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE))) { contextFactory.setTrustStoreType(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE)); } if (StringUtils.isNotBlank(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD))) { contextFactory.setTrustStorePassword(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD)); } // add some secure config final HttpConfiguration httpsConfiguration = new HttpConfiguration(); httpsConfiguration.setSecureScheme("https"); httpsConfiguration.setSecurePort(0); httpsConfiguration.addCustomizer(new SecureRequestCustomizer()); // build the connector final ServerConnector https = new ServerConnector(jetty, new SslConnectionFactory(contextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfiguration)); // set host and port https.setPort(0); // add the connector jetty.addConnector(https); }