private static Ssl getSsl(Protocol protocol) {
   Ssl ssl = protocol.getSsl();
   if (ssl == null) {
     ssl = (Ssl) DefaultProxy.createDummyProxy(protocol, Ssl.class);
   }
   return ssl;
 }
Beispiel #2
0
  @Override
  public void create(final CreateSsl command, ActionReport report) {

    NetworkConfig netConfig = command.config.getNetworkConfig();
    // ensure we have the specified listener
    NetworkListener listener = netConfig.getNetworkListener(command.listenerId);
    Protocol httpProtocol;
    try {
      if (listener == null) {
        report.setMessage(
            WebContainer.rb.getString(
                MessageFormat.format(CREATE_SSL_HTTP_NOT_FOUND, command.listenerId)));
        httpProtocol = command.findOrCreateProtocol(command.listenerId);
      } else {
        httpProtocol = listener.findHttpProtocol();
        Ssl ssl = httpProtocol.getSsl();
        if (ssl != null) {
          report.setMessage(
              WebContainer.rb.getString(
                  MessageFormat.format(CREATE_SSL_HTTP_ALREADY_EXISTS, command.listenerId)));
          report.setActionExitCode(ActionReport.ExitCode.FAILURE);
          return;
        }
      }
      ConfigSupport.apply(
          new SingleConfigCode<Protocol>() {
            public Object run(Protocol param) throws TransactionFailure {
              Ssl newSsl = param.createChild(Ssl.class);
              command.populateSslElement(newSsl);
              param.setSsl(newSsl);
              return newSsl;
            }
          },
          httpProtocol);

    } catch (TransactionFailure e) {
      command.reportError(report, e);
    }
    command.reportSuccess(report);
  }
Beispiel #3
0
  @Override
  public void delete(DeleteSsl command, ActionReport report) {

    NetworkConfig netConfig = command.config.getNetworkConfig();
    NetworkListener networkListener = netConfig.getNetworkListener(command.listenerId);

    if (networkListener == null) {
      report.setMessage(
          WebContainer.rb.getString(
              MessageFormat.format(DELETE_SSL_HTTP_LISTENER_NOT_FOUND, command.listenerId)));
      report.setActionExitCode(ActionReport.ExitCode.FAILURE);
      return;
    }

    Protocol protocol = networkListener.findHttpProtocol();
    if (protocol.getSsl() == null) {
      report.setMessage(
          WebContainer.rb.getString(
              MessageFormat.format(DELETE_SSL_ELEMENT_DOES_NOT_EXIST, command.listenerId)));
      report.setActionExitCode(ActionReport.ExitCode.FAILURE);
      return;
    }

    try {
      ConfigSupport.apply(
          new SingleConfigCode<Protocol>() {
            public Object run(Protocol param) {
              param.setSsl(null);
              return null;
            }
          },
          networkListener.findHttpProtocol());
    } catch (TransactionFailure e) {
      command.reportError(report, e);
    }
  }
  protected void configureSubProtocol(
      final ServiceLocator habitat,
      final NetworkListener networkListener,
      final Protocol protocol,
      final FilterChainBuilder filterChainBuilder) {

    if (protocol.getHttp() != null) {
      final Http http = protocol.getHttp();
      configureHttpProtocol(
          habitat,
          networkListener,
          http,
          filterChainBuilder,
          Boolean.valueOf(protocol.getSecurityEnabled()));

    } else if (protocol.getPortUnification() != null) {
      // Port unification
      final PortUnification pu = protocol.getPortUnification();
      final String puFilterClassname = pu.getClassname();
      PUFilter puFilter = null;
      if (puFilterClassname != null) {
        try {
          puFilter =
              Utils.newInstance(habitat, PUFilter.class, puFilterClassname, puFilterClassname);
          configureElement(habitat, networkListener, pu, puFilter);
        } catch (Exception e) {
          LOGGER.log(
              Level.WARNING,
              "Can not initialize port unification filter: "
                  + puFilterClassname
                  + " default filter will be used instead",
              e);
        }
      }
      if (puFilter == null) {
        puFilter = new PUFilter();
      }
      List<org.glassfish.grizzly.config.dom.ProtocolFinder> findersConfig = pu.getProtocolFinder();
      for (org.glassfish.grizzly.config.dom.ProtocolFinder finderConfig : findersConfig) {
        final String finderClassname = finderConfig.getClassname();
        try {
          final ProtocolFinder protocolFinder =
              Utils.newInstance(habitat, ProtocolFinder.class, finderClassname, finderClassname);
          configureElement(habitat, networkListener, finderConfig, protocolFinder);
          final Protocol subProtocol = finderConfig.findProtocol();
          final FilterChainBuilder subProtocolFilterChainBuilder =
              puFilter.getPUFilterChainBuilder();
          // If subprotocol is secured - we need to wrap it under SSLProtocolFinder
          if (Boolean.valueOf(subProtocol.getSecurityEnabled())) {
            final PUFilter extraSslPUFilter = new PUFilter();

            final Filter addedSSLFilter =
                configureSsl(habitat, getSsl(subProtocol), subProtocolFilterChainBuilder);

            subProtocolFilterChainBuilder.add(extraSslPUFilter);
            final FilterChainBuilder extraSslPUFilterChainBuilder =
                extraSslPUFilter.getPUFilterChainBuilder();

            try {
              // temporary add SSL Filter, so subprotocol
              // will see it
              extraSslPUFilterChainBuilder.add(addedSSLFilter);
              configureSubProtocol(
                  habitat, networkListener, subProtocol, extraSslPUFilterChainBuilder);
            } finally {
              // remove SSL Filter
              extraSslPUFilterChainBuilder.remove(addedSSLFilter);
            }

            extraSslPUFilter.register(protocolFinder, extraSslPUFilterChainBuilder.build());

            puFilter.register(
                new SSLProtocolFinder(new SSLConfigurator(habitat, subProtocol.getSsl())),
                subProtocolFilterChainBuilder.build());
          } else {
            configureSubProtocol(
                habitat, networkListener, subProtocol, subProtocolFilterChainBuilder);
            puFilter.register(protocolFinder, subProtocolFilterChainBuilder.build());
          }
        } catch (Exception e) {
          LOGGER.log(
              Level.WARNING, "Can not initialize sub protocol. Finder: " + finderClassname, e);
        }
      }
      filterChainBuilder.add(puFilter);
    } else if (protocol.getHttpRedirect() != null) {
      filterChainBuilder.add(createHttpServerCodecFilter());
      final HttpRedirectFilter filter = new HttpRedirectFilter();
      filter.configure(habitat, networkListener, protocol.getHttpRedirect());
      filterChainBuilder.add(filter);
    } else {
      ProtocolChainInstanceHandler pcihConfig = protocol.getProtocolChainInstanceHandler();
      if (pcihConfig == null) {
        LOGGER.log(Level.WARNING, "Empty protocol declaration");
        return;
      }
      ProtocolChain filterChainConfig = pcihConfig.getProtocolChain();
      for (ProtocolFilter filterConfig : filterChainConfig.getProtocolFilter()) {
        final String filterClassname = filterConfig.getClassname();
        try {
          final Filter filter = loadFilter(habitat, filterConfig.getName(), filterClassname);
          configureElement(habitat, networkListener, filterConfig, filter);
          filterChainBuilder.add(filter);
        } catch (Exception e) {
          LOGGER.log(Level.WARNING, "Can not initialize protocol filter: " + filterClassname, e);
          throw new IllegalStateException("Can not initialize protocol filter: " + filterClassname);
        }
      }
    }
  }