@Override
public Connector build(
Server server, MetricRegistry metrics, String name, ThreadPool threadPool) {
logSupportedParameters();
final HttpConfiguration httpConfig = buildHttpConfiguration();
final HttpConnectionFactory httpConnectionFactory = buildHttpConnectionFactory(httpConfig);
final SslContextFactory sslContextFactory = buildSslContextFactory();
server.addBean(sslContextFactory);
final SslConnectionFactory sslConnectionFactory =
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString());
final Scheduler scheduler = new ScheduledExecutorScheduler();
final ByteBufferPool bufferPool = buildBufferPool();
final String timerName =
name(
HttpConnectionFactory.class, getBindHost(), Integer.toString(getPort()), "connections");
return buildConnector(
server,
scheduler,
bufferPool,
name,
threadPool,
new InstrumentedConnectionFactory(sslConnectionFactory, metrics.timer(timerName)),
httpConnectionFactory);
}
private SslConnectionFactory createSslConnectionFactory(KeyStoreInformation config) {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(config.getKeyStorePath());
sslContextFactory.setKeyStorePassword(String.valueOf(config.getKeyStorePassword()));
sslContextFactory.setKeyManagerPassword(String.valueOf(config.getKeyPassword()));
return new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString());
}
@Override
public boolean parsedHeader(HttpField field) {
HttpHeader header = field.getHeader();
String value = field.getValue();
if (value == null) value = "";
if (header != null) {
switch (header) {
case EXPECT:
if (_version.getVersion() >= HttpVersion.HTTP_1_1.getVersion()) {
HttpHeaderValue expect = HttpHeaderValue.CACHE.get(value);
switch (expect == null ? HttpHeaderValue.UNKNOWN : expect) {
case CONTINUE:
_expect100Continue = true;
break;
case PROCESSING:
_expect102Processing = true;
break;
default:
String[] values = value.split(",");
for (int i = 0; values != null && i < values.length; i++) {
expect = HttpHeaderValue.CACHE.get(values[i].trim());
if (expect == null) _expect = true;
else {
switch (expect) {
case CONTINUE:
_expect100Continue = true;
break;
case PROCESSING:
_expect102Processing = true;
break;
default:
_expect = true;
}
}
}
}
}
break;
case CONTENT_TYPE:
MimeTypes.Type mime = MimeTypes.CACHE.get(value);
String charset =
(mime == null || mime.getCharset() == null)
? MimeTypes.getCharsetFromContentType(value)
: mime.getCharset().toString();
if (charset != null) _request.setCharacterEncodingUnchecked(charset);
break;
default:
}
}
if (field.getName() != null) _request.getHttpFields().add(field);
return false;
}
public ServerConnector createConnector(
Server server, KeyStoreInformation config, String host, int port) {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(config.getKeyStorePath());
sslContextFactory.setKeyStorePassword(String.valueOf(config.getKeyStorePassword()));
sslContextFactory.setKeyManagerPassword(String.valueOf(config.getKeyPassword()));
ServerConnector connector =
new ServerConnector(
server,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory());
connector.setPort(port);
connector.setHost(host);
return connector;
}
protected void setupTest(ITestContext context) throws Exception {
Reporter.log(
String.format(
"HTTP:%d, HTTPS:%d , HTTPS(Mutual):%d", PLAIN_PORT, SECURE_PORT, MUTUAL_SECURE_PORT),
true);
connectorServer = new Server();
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSecureScheme("https");
httpConfig.setSecurePort(SECURE_PORT);
httpConfig.setOutputBufferSize(32768);
// HTTP
ServerConnector http =
new ServerConnector(connectorServer, new HttpConnectionFactory(httpConfig));
http.setPort(PLAIN_PORT);
http.setHost("127.0.0.1");
http.setIdleTimeout(30000);
// HTTPS
SslContextFactory sslContextFactory = createSsllContextFactory(false);
// HTTPS Configuration
HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
// HTTPS connector
ServerConnector https =
new ServerConnector(
connectorServer,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpsConfig));
https.setPort(SECURE_PORT);
http.setHost("127.0.0.1");
https.setIdleTimeout(500000);
// Mutual HTTPS connector
sslContextFactory = createSsllContextFactory(false);
sslContextFactory.setWantClientAuth(true);
sslContextFactory.setNeedClientAuth(false);
ServerConnector mutualHttps =
new ServerConnector(
connectorServer,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpsConfig));
mutualHttps.setPort(MUTUAL_SECURE_PORT);
http.setHost("127.0.0.1");
mutualHttps.setIdleTimeout(500000);
connectorServer.setConnectors(new Connector[] {http, https, mutualHttps});
// Initializing the security handler
ServletContextHandler handler =
new ServletContextHandler(
connectorServer, "/", ServletContextHandler.SESSIONS | ServletContextHandler.SECURITY);
ServletHolder holder = handler.getServletHandler().newServletHolder(BaseHolder.Source.EMBEDDED);
serverConnectorFramework = serverConnectorFrameworkFactory.acquire();
localConnectorFramework = localConnectorFrameworkFactory.acquire();
holder.setServlet(new OpenICFWebSocketServletBase(serverConnectorFrameworkFactory));
holder.setInitParameter("maxIdleTime", "300000");
holder.setInitParameter("maxAsyncWriteTimeout", "60000");
holder.setInitParameter("maxBinaryMessageSize", "32768");
holder.setInitParameter("inputBufferSize", "4096");
handler.addServlet(holder, "/openicf/*");
SecurityHandler sh = getSecurityHandler();
sh.setHandler(handler);
connectorServer.setHandler(sh);
connectorServer.start();
Reporter.log("Jetty Server Started", true);
// Initialise the ConnectorFramework
serverConnectorFramework
.get()
.getLocalManager()
.addConnectorBundle(TstConnector.class.getProtectionDomain().getCodeSource().getLocation());
localConnectorFramework
.get()
.getLocalManager()
.addConnectorBundle(TstConnector.class.getProtectionDomain().getCodeSource().getLocation());
connectorServer.start();
}
public static Server initJetty(
final String bindAddress,
final int port,
boolean useSSL,
boolean needClientAuth,
String protocols,
String ciphers,
Properties sysProps)
throws Exception {
final Server jettyServer = new Server();
// Add a handler collection here, so that each new context adds itself
// to this collection.
jettyServer.setHandler(new HandlerCollection());
ServerConnector connector = null;
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSecureScheme(HTTPS);
httpConfig.setSecurePort(port);
if (useSSL) {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setNeedClientAuth(needClientAuth);
if (!StringUtils.isBlank(ciphers) && !"any".equalsIgnoreCase(ciphers)) {
// If use has mentioned "any" let the SSL layer decide on the ciphers
sslContextFactory.setIncludeCipherSuites(SSLUtil.readArray(ciphers));
}
String protocol = SSLUtil.getSSLAlgo(SSLUtil.readArray(protocols));
if (protocol != null) {
sslContextFactory.setProtocol(protocol);
} else {
logger.warn(ManagementStrings.SSL_PROTOCOAL_COULD_NOT_BE_DETERMINED);
}
if (StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStore"))) {
throw new GemFireConfigException(
"Key store can't be empty if SSL is enabled for HttpService");
}
sslContextFactory.setKeyStorePath(sysProps.getProperty("javax.net.ssl.keyStore"));
if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStoreType"))) {
sslContextFactory.setKeyStoreType(sysProps.getProperty("javax.net.ssl.keyStoreType"));
}
if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.keyStorePassword"))) {
sslContextFactory.setKeyStorePassword(
sysProps.getProperty("javax.net.ssl.keyStorePassword"));
}
if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.trustStore"))) {
sslContextFactory.setTrustStorePath(sysProps.getProperty("javax.net.ssl.trustStore"));
}
if (!StringUtils.isBlank(sysProps.getProperty("javax.net.ssl.trustStorePassword"))) {
sslContextFactory.setTrustStorePassword(
sysProps.getProperty("javax.net.ssl.trustStorePassword"));
}
httpConfig.addCustomizer(new SecureRequestCustomizer());
// Somehow With HTTP_2.0 Jetty throwing NPE. Need to investigate further whether all GemFire
// web application(Pulse, REST) can do with HTTP_1.1
connector =
new ServerConnector(
jettyServer,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpConfig));
connector.setPort(port);
} else {
connector = new ServerConnector(jettyServer, new HttpConnectionFactory(httpConfig));
connector.setPort(port);
}
jettyServer.setConnectors(new Connector[] {connector});
if (!StringUtils.isBlank(bindAddress)) {
connector.setHost(bindAddress);
}
if (bindAddress != null && !bindAddress.isEmpty()) {
JettyHelper.bindAddress = bindAddress;
}
JettyHelper.port = port;
return jettyServer;
}
public static void main(String[] args) throws Exception {
// Since this example shows off SSL configuration, we need a keystore with the appropriate key.
// These two
// lines are purely a hack to get access to a keystore that we use in many unit tests and should
// probably be
// a direct path to your own keystore (used on line 29).
String jetty_home =
System.getProperty("jetty.home", "../../jetty-distribution/target/distribution");
System.setProperty("jetty.home", jetty_home);
// Create a basic jetty server object without declaring the port. Since we are configuring
// connectors
// directly we'll be setting ports on those connectors.
Server server = new Server();
// HTTP Configuration
// HttpConfiguration is a collection of configuration information appropriate for http and
// https. The default
// scheme for http is <code>http</code> of course, as the default for secured http is
// <code>https</code> but
// we show setting the scheme to show it can be done. The port for secured communication is
// also set here.
HttpConfiguration http_config = new HttpConfiguration();
http_config.setSecureScheme("https");
http_config.setSecurePort(8443);
http_config.setOutputBufferSize(32768);
// HTTP connector
// The first server connector we create is the one for http, passing in the http configuration
// we configured
// above so it can get things like the output buffer size, etc. We also set the port (8080) and
// configure an
// idle timeout.
ServerConnector http = new ServerConnector(server, new HttpConnectionFactory(http_config));
http.setPort(8080);
http.setIdleTimeout(30000);
// SSL Context Factory for HTTPS and SPDY
// SSL requires a certificate so we configure a factory for ssl contents with information
// pointing to what
// keystore the ssl connection needs to know about. Much more configuration is available the ssl
// context,
// including things like choosing the particular certificate out of a keystore to be used.
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(jetty_home + "/etc/keystore");
sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");
// HTTPS Configuration
// A new HttpConfiguration object is needed for the next connector and you can pass the old one
// as an
// argument to effectively clone the contents. On this HttpConfiguration object we add a
// SecureRequestCustomizer which is how a new connector is able to resolve the https connection
// before
// handing control over to the Jetty Server.
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());
// HTTPS connector
// We create a second ServerConnector, passing in the http configuration we just made along with
// the
// previously created ssl context factory. Next we set the port and a longer idle timeout.
ServerConnector https =
new ServerConnector(
server,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(https_config));
https.setPort(8443);
https.setIdleTimeout(500000);
// Here you see the server having multiple connectors registered with it, now requests can flow
// into the server
// from both http and https urls to their respective ports and be processed accordingly by
// jetty. A simple
// handler is also registered with the server so the example has something to pass requests off
// to.
// Set the connectors
server.setConnectors(new Connector[] {http, https});
// Set a handler
server.setHandler(new HelloHandler());
// Start the server
server.start();
server.join();
}
