/** * Creates a server connector. * * If an HTTPS key store is configured, returns a SSL connector for HTTPS. * * Otherwise, returns a normal HTTP connector by default. * * @param server The server. * @return The server connector. */ @SuppressWarnings("squid:S2095") private ServerConnector createConnector(final Server server) { final String keyStorePath = (String) configuration.get(MinijaxProperties.SSL_KEY_STORE_PATH); if (keyStorePath == null || keyStorePath.isEmpty()) { // Normal HTTP return new ServerConnector(server); } final String keyStorePassword = (String) configuration.get(MinijaxProperties.SSL_KEY_STORE_PASSWORD); final String keyManagerPassword = (String) configuration.get(MinijaxProperties.SSL_KEY_MANAGER_PASSWORD); final HttpConfiguration https = new HttpConfiguration(); https.addCustomizer(new SecureRequestCustomizer()); final SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(Minijax.class.getClassLoader().getResource(keyStorePath).toExternalForm()); sslContextFactory.setKeyStorePassword(keyStorePassword); sslContextFactory.setKeyManagerPassword(keyManagerPassword); return new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https)); }
private void setupSSL(Server server,HttpConfiguration http_config) { SslContextFactory sslContextFactory = new SslContextFactory(); if (sslKeyStoreFile!=null) sslContextFactory.setKeyStorePath(sslKeyStoreFile); else if (sslKeyStore!=null) sslContextFactory.setKeyStore(sslKeyStore); else { log.log(Level.SEVERE,"Error while configuring SSL connection. Missing KeyStore!"); return; } sslContextFactory.setKeyStorePassword(new String(sslKeyStorePassword)); sslContextFactory.setExcludeCipherSuites("SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https_config)); sslConnector.setPort(daemonPortSecure); server.addConnector(sslConnector); }
public void start() throws Exception { URL keystoreUrl = IntegrationTestServer.class.getClassLoader().getResource("keystore.jks"); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(keystoreUrl.getPath()); sslContextFactory.setKeyStorePassword("keystore"); SecureRequestCustomizer src = new SecureRequestCustomizer(); HttpConfiguration httpsConfiguration = new HttpConfiguration(); httpsConfiguration.setSecureScheme("https"); httpsConfiguration.addCustomizer(src); ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfiguration)); https.setPort(this.httpsPort); this.server.setConnectors(new Connector[] { https }); ResourceConfig resourceConfig = new ResourceConfig(this.resourceClass); ServletContainer servletContainer = new ServletContainer(resourceConfig); ServletHolder servletHolder = new ServletHolder(servletContainer); ServletContextHandler servletContextHandler = new ServletContextHandler(server, "/*"); servletContextHandler.addServlet(servletHolder, "/*"); this.server.start(); }
@Override public void customize(Server server) { // HTTPS Configuration HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.setSecureScheme("https"); httpsConfig.setSecurePort(8443); httpsConfig.addCustomizer(new SecureRequestCustomizer()); // SSL Context Factory for HTTPS and HTTP/2 SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStoreResource(newClassPathResource("keystore")); sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4"); sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g"); sslContextFactory.setCipherComparator(HTTP2Cipher.COMPARATOR); // SSL Connection Factory SslConnectionFactory ssl = new SslConnectionFactory(sslContextFactory, "h2"); // HTTP/2 Connector ServerConnector http2Connector = new ServerConnector(server, ssl, new HTTP2ServerConnectionFactory(httpsConfig)); http2Connector.setPort(8443); server.addConnector(http2Connector); }
public static void addHttpsConnector(Server server, int port) throws IOException, URISyntaxException { String keyStoreFile = resourceAsFile("ssltest-keystore.jks").getAbsolutePath(); SslContextFactory sslContextFactory = new SslContextFactory(keyStoreFile); sslContextFactory.setKeyStorePassword("changeit"); String trustStoreFile = resourceAsFile("ssltest-cacerts.jks").getAbsolutePath(); sslContextFactory.setTrustStorePath(trustStoreFile); sslContextFactory.setTrustStorePassword("changeit"); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.setSecureScheme("https"); httpsConfig.setSecurePort(port); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig)); connector.setPort(port); server.addConnector(connector); }
public HttpConfiguration newHttpConfiguration() { // HTTP Configuration boolean sendServerVersion = Boolean.parseBoolean( System.getProperty(AthenzConsts.ATHENZ_PROP_SEND_SERVER_VERSION, "false")); boolean sendDateHeader = Boolean.parseBoolean( System.getProperty(AthenzConsts.ATHENZ_PROP_SEND_DATE_HEADER, "false")); int outputBufferSize = Integer.parseInt( System.getProperty(AthenzConsts.ATHENZ_PROP_OUTPUT_BUFFER_SIZE, "32768")); int requestHeaderSize = Integer.parseInt( System.getProperty(AthenzConsts.ATHENZ_PROP_REQUEST_HEADER_SIZE, "8192")); int responseHeaderSize = Integer.parseInt( System.getProperty(AthenzConsts.ATHENZ_PROP_RESPONSE_HEADER_SIZE, "8192")); HttpConfiguration httpConfig = new HttpConfiguration(); httpConfig.setOutputBufferSize(outputBufferSize); httpConfig.setRequestHeaderSize(requestHeaderSize); httpConfig.setResponseHeaderSize(responseHeaderSize); httpConfig.setSendServerVersion(sendServerVersion); httpConfig.setSendDateHeader(sendDateHeader); return httpConfig; }
@Test public void testHttpConfigurationValidHttpsPort() { AthenzJettyContainer container = new AthenzJettyContainer(); container.createServer(100); System.setProperty(AthenzConsts.ATHENZ_PROP_SEND_SERVER_VERSION, "true"); System.setProperty(AthenzConsts.ATHENZ_PROP_SEND_DATE_HEADER, "false"); System.setProperty(AthenzConsts.ATHENZ_PROP_OUTPUT_BUFFER_SIZE, "128"); System.setProperty(AthenzConsts.ATHENZ_PROP_REQUEST_HEADER_SIZE, "256"); System.setProperty(AthenzConsts.ATHENZ_PROP_RESPONSE_HEADER_SIZE, "512"); HttpConfiguration httpConfig = container.newHttpConfiguration(); assertNotNull(httpConfig); assertEquals(httpConfig.getOutputBufferSize(), 128); assertFalse(httpConfig.getSendDateHeader()); assertTrue(httpConfig.getSendServerVersion()); assertEquals(httpConfig.getRequestHeaderSize(), 256); assertEquals(httpConfig.getResponseHeaderSize(), 512); // it defaults to https even if we have no value specified assertEquals(httpConfig.getSecureScheme(), "https"); }
@Test public void testHttpConfigurationNoHttpsPort() { AthenzJettyContainer container = new AthenzJettyContainer(); container.createServer(100); System.setProperty(AthenzConsts.ATHENZ_PROP_SEND_SERVER_VERSION, "false"); System.setProperty(AthenzConsts.ATHENZ_PROP_SEND_DATE_HEADER, "true"); System.setProperty(AthenzConsts.ATHENZ_PROP_OUTPUT_BUFFER_SIZE, "64"); System.setProperty(AthenzConsts.ATHENZ_PROP_REQUEST_HEADER_SIZE, "128"); System.setProperty(AthenzConsts.ATHENZ_PROP_RESPONSE_HEADER_SIZE, "256"); HttpConfiguration httpConfig = container.newHttpConfiguration(); assertNotNull(httpConfig); assertEquals(httpConfig.getOutputBufferSize(), 64); assertTrue(httpConfig.getSendDateHeader()); assertFalse(httpConfig.getSendServerVersion()); assertEquals(httpConfig.getRequestHeaderSize(), 128); assertEquals(httpConfig.getResponseHeaderSize(), 256); assertEquals(httpConfig.getSecurePort(), 0); // it defaults to https even if we have no value specified assertEquals(httpConfig.getSecureScheme(), "https"); }
@Test public void testHttpConnectorsHttpsOnly() { System.setProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_PATH, "file:///tmp/keystore"); System.setProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_TYPE, "PKCS12"); System.setProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_PASSWORD, "pass123"); System.setProperty(AthenzConsts.ATHENZ_PROP_TRUSTSTORE_PATH, "file:///tmp/truststore"); System.setProperty(AthenzConsts.ATHENZ_PROP_TRUSTSTORE_TYPE, "PKCS12"); System.setProperty(AthenzConsts.ATHENZ_PROP_TRUSTSTORE_PASSWORD, "pass123"); System.setProperty(AthenzConsts.ATHENZ_PROP_KEYMANAGER_PASSWORD, "pass123"); System.setProperty(AthenzConsts.ATHENZ_PROP_IDLE_TIMEOUT, "10001"); AthenzJettyContainer container = new AthenzJettyContainer(); container.createServer(100); HttpConfiguration httpConfig = container.newHttpConfiguration(); container.addHTTPConnectors(httpConfig, 0, 8082, 0); Server server = container.getServer(); Connector[] connectors = server.getConnectors(); assertEquals(connectors.length, 1); assertTrue(connectors[0].getProtocols().contains("http/1.1")); assertTrue(connectors[0].getProtocols().contains("ssl")); }
@Test public void testHttpConnectorsHttpOnly() { System.setProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_PATH, "file:///tmp/keystore"); System.setProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_TYPE, "PKCS12"); System.setProperty(AthenzConsts.ATHENZ_PROP_KEYSTORE_PASSWORD, "pass123"); System.setProperty(AthenzConsts.ATHENZ_PROP_TRUSTSTORE_PATH, "file:///tmp/truststore"); System.setProperty(AthenzConsts.ATHENZ_PROP_TRUSTSTORE_TYPE, "PKCS12"); System.setProperty(AthenzConsts.ATHENZ_PROP_TRUSTSTORE_PASSWORD, "pass123"); System.setProperty(AthenzConsts.ATHENZ_PROP_KEYMANAGER_PASSWORD, "pass123"); System.setProperty(AthenzConsts.ATHENZ_PROP_IDLE_TIMEOUT, "10001"); AthenzJettyContainer container = new AthenzJettyContainer(); container.createServer(100); HttpConfiguration httpConfig = container.newHttpConfiguration(); container.addHTTPConnectors(httpConfig, 8081, 0, 0); Server server = container.getServer(); Connector[] connectors = server.getConnectors(); assertEquals(connectors.length, 1); assertEquals(connectors[0].getIdleTimeout(), 10001); assertTrue(connectors[0].getProtocols().contains("http/1.1")); assertFalse(connectors[0].getProtocols().contains("ssl")); }
/** * Verifies all the needed bits are present in Jetty XML configuration (as HTTPS must be enabled by users). */ private void verifyConfiguration(final HttpScheme httpScheme) { try { if (HttpScheme.HTTP == httpScheme) { bean(HTTP_CONFIG_ID, HttpConfiguration.class); bean(HTTP_CONNECTOR_ID, ServerConnector.class); } else if (HttpScheme.HTTPS == httpScheme) { bean(SSL_CONTEXT_FACTORY_ID, SslContextFactory.class); bean(HTTPS_CONFIG_ID, HttpConfiguration.class); bean(HTTPS_CONNECTOR_ID, ServerConnector.class); } else { throw new UnsupportedHttpSchemeException(httpScheme); } } catch (IllegalStateException e) { throw new IllegalStateException("Jetty HTTPS is not enabled in Nexus", e); } }
protected HttpConfiguration buildHttpConfiguration() { HttpConfiguration httpConfig = new HttpConfiguration(); // most parameters are hardcoded for now... we should turn these // into properties httpConfig.setHeaderCacheSize(512); httpConfig.setOutputBufferSize(32 * 1024); httpConfig.setRequestHeaderSize(requestHeaderSize); httpConfig.setResponseHeaderSize(responseHeaderSize); httpConfig.setSendDateHeader(true); httpConfig.setSendServerVersion(true); httpConfig.addCustomizer(new ForwardedRequestCustomizer()); return httpConfig; }
public ServerConnector setup(final Server server, final InetSocketAddress address) { final HttpConfiguration config = this.config.build(); final ConnectionFactory[] factories = this.factories .stream() .map(f -> f.setup(config)) .toArray(size -> new ConnectionFactory[size]); final ServerConnector c = new ServerConnector(server, factories); c.setHost(this.address.map(a -> a.getHostString()).orElseGet(address::getHostString)); c.setPort(this.address.map(a -> a.getPort()).orElseGet(address::getPort)); defaultProtocol.ifPresent(c::setDefaultProtocol); return c; }
@BeforeClass public static void startHttpsServer() throws Exception { skipIfHeadlessEnvironment(); server = new Server(); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(ErrorCases.class.getResource("keystore").getPath()); sslContextFactory.setKeyStorePassword("activeeon"); HttpConfiguration httpConfig = new HttpConfiguration(); HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new ConnectionFactory[] { new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig) }); server.addConnector(sslConnector); server.start(); serverUrl = "https://localhost:" + sslConnector.getLocalPort() + "/rest"; }
public void listener(int port) { initJettyConfig(); this.port = port; HttpConfiguration httpConfiguration = initHttpConfiguration(); HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfiguration); QueuedThreadPool threadPool = this.initThreadPool(); this.server = new Server(threadPool); int cores = Runtime.getRuntime().availableProcessors(); ServerConnector connector = new ServerConnector(server, null, null, null, 1 + cores / 2, -1, httpConnectionFactory); initConnector(connector); connector.setPort(this.port); server.setConnectors(new Connector[] { connector }); logger.info("Application listen on " + port); }
/** * Create ssl connector if https is used * @return */ private ServerConnector sslConnector() { HttpConfiguration http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); http_config.setSecurePort(this.getPort()); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); SslContextFactory sslContextFactory = new SslContextFactory(this.getCertKeyStorePath()); sslContextFactory.setKeyStorePassword(this.getCertKeyStorePassword()); //exclude weak ciphers sslContextFactory.setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$"); //only support tlsv1.2 sslContextFactory.addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1"); ServerConnector connector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https_config)); connector.setPort(this.getPort()); connector.setIdleTimeout(50000); return connector; }
/** * Start the Jetty Server on the specified port * @throws Exception */ private static void startServer() throws Exception { HttpConfiguration http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); http_config.setSecurePort(8443); http_config.setOutputBufferSize(32768); Server server = new Server(); ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(http_config)); http.setPort(_port); http.setIdleTimeout(30000); server.setConnectors(new Connector[] { http }); // Set a handler server.setHandler(new PoolWatcher()); // Start the server server.start(); }
private static Server startHttp2() throws Exception { Server server = new Server(); // Common HTTP configuration. HttpConfiguration config = new HttpConfiguration(); // HTTP/1.1 support. HttpConnectionFactory http1 = new HttpConnectionFactory(config); // HTTP/2 cleartext support. HTTP2CServerConnectionFactory http2c = new HTTP2CServerConnectionFactory(config); // Add the connector. ServerConnector connector = new ServerConnector(server, http1, http2c); connector.setPort(0); server.addConnector(connector); // Add the servlet. ServletHandler handler = new ServletHandler(); handler.addServletWithMapping(newServletHolder(thriftServlet), TSERVLET_PATH); server.setHandler(handler); // Start the server. server.start(); return server; }
ArmeriaConnector(Server server) { this.server = server; executor = server.getThreadPool(); final HttpConfiguration httpConfig = server.getBean(HttpConfiguration.class); this.httpConfig = httpConfig != null ? httpConfig : new HttpConfiguration(); final Scheduler scheduler = server.getBean(Scheduler.class); this.scheduler = scheduler != null ? scheduler : new ScheduledExecutorScheduler(); final ByteBufferPool byteBufferPool = server.getBean(ByteBufferPool.class); this.byteBufferPool = byteBufferPool != null ? byteBufferPool : new ArrayByteBufferPool(); addBean(server, false); addBean(executor); unmanage(executor); addBean(this.httpConfig); addBean(this.scheduler); addBean(this.byteBufferPool); connectionFactory = new ArmeriaConnectionFactory(); connectionFactories = Collections.singleton(connectionFactory); }
public EmbeddableJetty() { System.setProperty("wicket.configuration", "development"); ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(new HttpConfiguration())); http.setPort(PORT); http.setIdleTimeout(1000 * 60 * 60); server.addConnector(http); ServletContextHandler sch = new ServletContextHandler(ServletContextHandler.SESSIONS); FilterHolder fh2 = new FilterHolder(WicketFilter.class); fh2.setInitParameter(ContextParamWebApplicationFactory.APP_CLASS_PARAM, WicketTestApplication.class.getName()); fh2.setInitParameter(WicketFilter.FILTER_MAPPING_PARAM, "/*"); sch.addFilter(fh2, "/*", EnumSet.of(DispatcherType.REQUEST, DispatcherType.ERROR)); server.setHandler(sch); MBeanServer mBeanServer = ManagementFactory.getPlatformMBeanServer(); MBeanContainer mBeanContainer = new MBeanContainer(mBeanServer); server.addEventListener(mBeanContainer); server.addBean(mBeanContainer); }
public void setupSslServer(int port, SslContextFactory sslContextFactory) { if (_server != null && port > 0) { try { HttpConfiguration https = new HttpConfiguration(); https.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector( _server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(https)); sslConnector.setPort(port); _server.addConnector(sslConnector); LOG.info("Helix SSL rest server is ready to start."); } catch (Exception ex) { LOG.error("Failed to setup Helix SSL rest server, " + ex); } } }
/** * Set up the server with all its dependencies * * @param configuration */ public YuiCompressorServer(Configuration configuration) { hasher = new Md5Hasher(); server = new Server(getThreadPool()); HttpConfiguration http_config = getHttpConfiguration(); ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(http_config)); http.setPort(configuration.getPort()); http.setIdleTimeout(CONECTION_IDLE_TIMEOUT); server.addConnector(http); server.setAttribute(MAX_FORM_SIZE_PROPERTY, configuration.getMaxFormSize()); server.setHandler(new YuiCompressorHandler( getCompressor(configuration), hasher)); }
private HttpConfiguration generateJettyHttpConfiguration( ConnectorConfiguration theConfiguration ) { HttpConfiguration httpConfiguration = new HttpConfiguration(); if( theConfiguration.getHeaderCacheSize( ) != null ) { httpConfiguration.setHeaderCacheSize( theConfiguration.getHeaderCacheSize( ) ); } if( theConfiguration.getRequestHeaderSize( ) != null ) { httpConfiguration.setRequestHeaderSize( theConfiguration.getRequestHeaderSize( ) ); } if( theConfiguration.getResponseHeaderSize( ) != null ) { httpConfiguration.setResponseHeaderSize( theConfiguration.getResponseHeaderSize( ) ); } if( theConfiguration.getOutputBufferSize( ) != null ) { httpConfiguration.setOutputBufferSize( theConfiguration.getOutputBufferSize( ) ); } httpConfiguration.setSendDateHeader( false ); // TODO: verify if I should manually do this, and in what way this sets it (UTC, local, etc) httpConfiguration.setSendServerVersion( false ); httpConfiguration.setSendXPoweredBy( false ); return httpConfiguration; }
/** * @param args */ public static void main(String[] args) throws Exception { Server server = new Server(); HttpConfiguration config = new HttpConfiguration(); ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(config)); int port = 8080; if (args.length > 0) { port = Integer.parseInt(args[0]); } http.setPort(port); server.addConnector(http); ProtectionDomain domain = Main.class.getProtectionDomain(); URL location = domain.getCodeSource().getLocation(); WebAppContext webapp = new WebAppContext(); webapp.setContextPath("/"); webapp.setWar(location.toExternalForm()); server.setHandler(webapp); server.start(); server.join(); }
@Override public void startSSL(String keyStoreLocation, String keyStorePassword) throws Exception { Server server = new Server(); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.addCustomizer(new SecureRequestCustomizer()); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(keyStoreLocation); sslContextFactory.setKeyStorePassword(keyStorePassword); ServerConnector https = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig)); https.setHost(host); https.setPort(port); server.setConnectors(new Connector[]{https}); configureContextHandler(server); startServer(server); }
public void start(){ try{ jettyServer=new Server(port); HttpConfiguration httpConfiguration = new HttpConfiguration(); ConnectionFactory c = new HttpConnectionFactory(httpConfiguration); ServerConnector serverConnector = new ServerConnector(jettyServer, c); serverConnector.setPort(port); jettyServer.setConnectors(new Connector[] { serverConnector }); jettyServer.setHandler(requestHandler); jettyServer.start(); if(statusButton!=null){ updateStatusIcon(); iconThread=new IconThread(); iconThread.start(); } } catch(Exception e){ wandora.handleError(e); } }
private ServerConnector createSSLConnector() { SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(m_keystore); sslContextFactory.setKeyStorePassword(m_keystorepassword); sslContextFactory.setTrustStorePath(m_truststore); sslContextFactory.setTrustStorePassword(m_truststorepassword); sslContextFactory.setNeedClientAuth(m_clientauthentication); sslContextFactory.setIncludeCipherSuites(m_tls_cipher_suites); HttpConfiguration http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); SslConnectionFactory sslConnFactory = new SslConnectionFactory(sslContextFactory, "http/1.1"); HttpConnectionFactory httpConnFactory = new HttpConnectionFactory(https_config); ServerConnector sslConnector = new ServerConnector(m_jettyServer, sslConnFactory, httpConnFactory); return sslConnector; }
protected Server createServer() { final QueuedThreadPool threadPool = new QueuedThreadPool(); threadPool.setMaxThreads(500); final Server server = new Server(threadPool); server.addBean(new ScheduledExecutorScheduler()); final HttpConfiguration http_config = createHttpConfigurationForHTTP(); // ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(http_config)); // http.setPort(8080); // http.setIdleTimeout(30000); // server.addConnector(http); server.setHandler(createServletContextHandler()); server.setDumpAfterStart(false); server.setDumpBeforeStop(false); server.setStopAtShutdown(true); final HttpConfiguration https_config = createHttpConfigurationForHTTPS(http_config); server.addConnector(createServerConnectorForHTTPS(server, https_config)); return server; }
private ServerConnector createServerConnectorForHTTPS(final Server server, final HttpConfiguration httpConfigurationForHTTPS) { final SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(getKeyStoreFile().getPath()); sslContextFactory.setKeyStorePassword(KEY_STORE_PASSWORD_STRING); sslContextFactory.setKeyManagerPassword(KEY_PASSWORD_STRING); sslContextFactory.setTrustStorePath(getKeyStoreFile().getPath()); sslContextFactory.setTrustStorePassword(KEY_STORE_PASSWORD_STRING); sslContextFactory.setExcludeCipherSuites( // TODO make this configurable! // "SSL_RSA_WITH_DES_CBC_SHA", "SSL_DHE_RSA_WITH_DES_CBC_SHA", "SSL_DHE_DSS_WITH_DES_CBC_SHA", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", // "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA", "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA", // Using wildcards instead. This should be much safer: ".*RC4.*", ".*DES.*"); // sslContextFactory.setCertAlias(CERTIFICATE_ALIAS); // Jetty uses our certificate. We put only one single cert into the key store. Hence, we don't need this. final ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpConfigurationForHTTPS)); sslConnector.setPort(getSecurePort()); // sslConnector.setIdleTimeout(300*1000); // sslConnector.setStopTimeout(30*1000); // sslConnector.setSoLingerTime(10); return sslConnector; }
/** * Sets the request and header buffer sizex if they are not zero */ private void setBufferSizes(HttpConfiguration buffers) { if (requestHeaderSize > 0) { LOGGER.info("Request header size set to {} for {}", requestHeaderSize, buffers.getClass().getCanonicalName()); buffers.setRequestHeaderSize(requestHeaderSize); } if (responseBufferSize > 0) { LOGGER.info("Response buffer size set to {} for {}", responseBufferSize, buffers.getClass().getCanonicalName()); buffers.setOutputBufferSize(responseBufferSize); } if (responseHeaderSize > 0) { LOGGER.info("Response header size set to {} for {}", responseHeaderSize, buffers.getClass().getCanonicalName()); buffers.setResponseHeaderSize(responseHeaderSize); } }
public Connector doInstall(Server server){ // shared http config HttpConfiguration http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); http_config.setSecurePort(8443); http_config.setOutputBufferSize(32768); // HTTP connector #1 ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(http_config)); http.setPort(httpPort); http.setIdleTimeout(idleTimeout == null ? 30000 : idleTimeout); if(host != null){ http.setHost(host); } return http; }
/** * Creates a Jetty HTTP configuration. * * @return A Jetty HTTP configuration. */ private HttpConfiguration createConfiguration() { final HttpConfiguration configuration = new HttpConfiguration(); configuration.setHeaderCacheSize( getHttpHeaderCacheSize() ); configuration.setRequestHeaderSize( getHttpRequestHeaderSize() ); configuration.setResponseHeaderSize( getHttpResponseHeaderSize() ); configuration.setOutputBufferSize( getHttpOutputBufferSize() ); configuration.setDelayDispatchUntilContent( getHttpDelayDispatchUntilContent() ); configuration.setOutputAggregationSize( getHttpOutputAggregationSize() ); configuration.setPersistentConnectionsEnabled( getHttpPersistentConnectionsEnabled() ); configuration.setSendDateHeader( getHttpSendDateHeader() ); configuration.setSendServerVersion( getHttpSendVersionHeader() ); configuration.setSendXPoweredBy( getHttpSendXPoweredBy() ); return configuration; }
private static Server startServer(ContextHandlerCollection contexts, int port) throws Exception { System.setProperty(MessagingPropertyKeys.PROPERTY_SERVLET_HOST_PATH, "http://localhost:" + port); setBounceProxyUrl(); setDirectoriesUrl(); logger.info("HOST PATH: {}", System.getProperty(MessagingPropertyKeys.PROPERTY_SERVLET_HOST_PATH)); final Server jettyServer = new Server(); ServerConnector connector = new ServerConnector(jettyServer, new HttpConnectionFactory(new HttpConfiguration())); connector.setPort(port); connector.setAcceptQueueSize(1); jettyServer.setConnectors(new Connector[]{ connector }); jettyServer.setHandler(contexts); jettyServer.start(); logger.trace("Started jetty server:\n{}", jettyServer.dump()); return jettyServer; }
/** * Create HTTP connector. * @return Initialized {@link ServerConnector} instance for HTTP connections. * @throws Exception */ private ServerConnector createHttpConnector() throws Exception { logger.info("Setting up HTTP connector for web server"); final HttpConfiguration httpConfig = new HttpConfiguration(); final ServerConnector httpConnector = new ServerConnector(embeddedJetty, new HttpConnectionFactory(httpConfig)); httpConnector.setPort(config.getInt(ExecConstants.HTTP_PORT)); return httpConnector; }
private ServerConnector getServerConnector() { SslConnectionFactory sslConnectionFactory = getSSLConnectionFactory(); HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(new HttpConfiguration()); ServerConnector connector = new ServerConnector(server, sslConnectionFactory, httpConnectionFactory); connector.setPort(port); return connector; }
@Override public HttpConfiguration get() { HttpConfiguration configuration = new HttpConfiguration(); configuration.setSendXPoweredBy(false); configuration.setSendServerVersion(false); return configuration; }
protected void configure() { install(MultibindingsScanner.asModule()); install(new ServletModule()); requireBinding(Key.get(new TypeLiteral<Set<ConnectorFactory>>() {})); bind(ServletHolder.class) .toProvider(ServletHolderProvider.class) .asEagerSingleton(); bind(Handler.class) .toProvider(ServletContextHandlerProvider.class) .asEagerSingleton(); bind(Server.class) .toProvider(JettyServerProvider.class) .asEagerSingleton(); bind(ResourceConfig.class) .toProvider(resourceConfigProvider()) .asEagerSingleton(); bind(HttpConfiguration.class) .annotatedWith(BaseConfiguration.class) .toProvider(HttpConfigurationProvider.class) .asEagerSingleton(); }
@Override public ServerConnector get(Server server) { HttpConfiguration configuration = new HttpConfiguration(defaultConfig); configuration.setSecurePort(configurator.getPort()); configuration.setSecureScheme(HttpScheme.HTTPS.asString()); final ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory(configuration)); connector.setPort(configurator.getPort()); connector.setHost(configurator.getHost()); return connector; }
public ServerConnector get(Server server) { HttpConfiguration configuration = new HttpConfiguration(defaultConfig); final ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory(configuration)); connector.setPort(configurator.getPort()); connector.setHost(configurator.getHost()); return connector; }
/** * Create an HTTPS connector for given jetty server instance. If the config has specified keystore/truststore settings * they will be used else a self-signed certificate is generated and used. * * @param hostName * @param config {@link DremioConfig} containing SSL related settings if any. * @param embeddedJetty Jetty server instance needed for creating a ServerConnector. * * @return Initialized {@link ServerConnector} for HTTPS connections and the trust store. Trust store is non-null only * when in case of auto generated self-signed certificate. * @throws Exception */ public Pair<ServerConnector, KeyStore> createHttpsConnector(final Server embeddedJetty, final DremioConfig config, final String hostName, final String... alternativeNames) throws Exception { logger.info("Setting up HTTPS connector for web server"); final SslContextFactory sslContextFactory = new SslContextFactory(); Pair<KeyStore, String> keyStore = getKeyStore(config, hostName, alternativeNames); KeyStore trustStore = getTrustStore(config); sslContextFactory.setKeyStore(keyStore.getLeft()); // Assuming that the keystore and the keymanager passwords are the same // based on JSSE examples... sslContextFactory.setKeyManagerPassword(keyStore.getRight()); sslContextFactory.setTrustStore(trustStore); // Disable ciphers, protocols and other that are considered weak/vulnerable sslContextFactory.setExcludeCipherSuites( "TLS_DHE.*", "TLS_EDH.*" // TODO: there are few other ciphers that Chrome complains about being obsolete. Research more about them and // include here. ); sslContextFactory.setExcludeProtocols("SSLv3"); sslContextFactory.setRenegotiationAllowed(false); // SSL Connector final ServerConnector sslConnector = new ServerConnector(embeddedJetty, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(new HttpConfiguration())); return Pair.of(sslConnector, trustStore); }
