public static Server initJetty(
final String bindAddress,
final int port,
boolean useSSL,
boolean needClientAuth,
String protocols,
String ciphers,
Properties sysProps)
throws Exception {
final Server jettyServer = new Server();
// Add a handler collection here, so that each new context adds itself
// to this collection.
jettyServer.setHandler(new HandlerCollection());
ServerConnector connector = null;
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSecureScheme(HTTPS);
httpConfig.setSecurePort(port);
if (useSSL) {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setNeedClientAuth(needClientAuth);
if (!StringUtils.isBlank(ciphers) && !"any".equalsIgnoreCase(ciphers)) {
// If use has mentioned "any" let the SSL layer decide on the ciphers
sslContextFactory.setIncludeCipherSuites(SSLUtil.readArray(ciphers));
}
String protocol = SSLUtil.getSSLAlgo(SSLUtil.readArray(protocols));
if (protocol != null) {
sslContextFactory.setProtocol(protocol);
} else {
logger.warn(ManagementStrings.SSL_PROTOCOAL_COULD_NOT_BE_DETERMINED);
}
if (StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStore"))) {
throw new GemFireConfigException(
"Key store can't be empty if SSL is enabled for HttpService");
}
sslContextFactory.setKeyStorePath(sysProps.getProperty("javax.net.ssl.keyStore"));
if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStoreType"))) {
sslContextFactory.setKeyStoreType(sysProps.getProperty("javax.net.ssl.keyStoreType"));
}
if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStorePassword"))) {
sslContextFactory.setKeyStorePassword(
sysProps.getProperty("javax.net.ssl.keyStorePassword"));
}
if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.trustStore"))) {
sslContextFactory.setTrustStorePath(sysProps.getProperty("javax.net.ssl.trustStore"));
}
if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.trustStorePassword"))) {
sslContextFactory.setTrustStorePassword(
sysProps.getProperty("javax.net.ssl.trustStorePassword"));
}
httpConfig.addCustomizer(new SecureRequestCustomizer());
// Somehow With HTTP_2.0 Jetty throwing NPE. Need to investigate further whether all GemFire
// web application(Pulse, REST) can do with HTTP_1.1
connector =
new ServerConnector(
jettyServer,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpConfig));
connector.setPort(port);
} else {
connector = new ServerConnector(jettyServer, new HttpConnectionFactory(httpConfig));
connector.setPort(port);
}
jettyServer.setConnectors(new Connector[] {connector});
if (!StringUtils.isBlank(bindAddress)) {
connector.setHost(bindAddress);
}
if (bindAddress != null && !bindAddress.isEmpty()) {
JettyHelper.bindAddress = bindAddress;
}
JettyHelper.port = port;
return jettyServer;
}
