public void start() {
final Xnio xnio;
try {
// Do what org.jboss.as.remoting.XnioUtil does
xnio =
Xnio.getInstance(
null,
Module.getModuleFromCallerModuleLoader(
ModuleIdentifier.fromString("org.jboss.xnio.nio"))
.getClassLoader());
} catch (Exception e) {
throw new IllegalStateException(e.getLocalizedMessage());
}
try {
// TODO make this configurable
worker =
xnio.createWorker(
OptionMap.builder()
.set(Options.WORKER_IO_THREADS, 4)
.set(Options.CONNECTION_HIGH_WATER, 1000000)
.set(Options.CONNECTION_LOW_WATER, 1000000)
.set(Options.WORKER_TASK_CORE_THREADS, 10)
.set(Options.WORKER_TASK_MAX_THREADS, 12)
.set(Options.TCP_NODELAY, true)
.set(Options.CORK, true)
.getMap());
Builder serverOptionsBuilder =
OptionMap.builder().set(Options.TCP_NODELAY, true).set(Options.REUSE_ADDRESSES, true);
ChannelListener acceptListener = ChannelListeners.openListenerAdapter(openListener);
if (httpAddress != null) {
normalServer =
worker.createStreamConnectionServer(
httpAddress, acceptListener, serverOptionsBuilder.getMap());
normalServer.resumeAccepts();
}
if (secureAddress != null) {
SSLContext sslContext = securityRealm.getSSLContext();
Set<AuthMechanism> supportedMechanisms =
securityRealm.getSupportedAuthenticationMechanisms();
if (supportedMechanisms.contains(AuthMechanism.CLIENT_CERT)) {
if (supportedMechanisms.contains(AuthMechanism.DIGEST)
|| supportedMechanisms.contains(AuthMechanism.PLAIN)) {
// Username / Password auth is possible so don't mandate a client certificate.
serverOptionsBuilder.set(SSL_CLIENT_AUTH_MODE, REQUESTED);
} else {
serverOptionsBuilder.set(SSL_CLIENT_AUTH_MODE, REQUIRED);
}
}
OptionMap secureOptions = serverOptionsBuilder.getMap();
XnioSsl xnioSsl = new JsseXnioSsl(worker.getXnio(), secureOptions, sslContext);
secureServer =
xnioSsl.createSslConnectionServer(worker, secureAddress, acceptListener, secureOptions);
secureServer.resumeAccepts();
}
} catch (IOException e) {
throw new RuntimeException(e);
}
}
public void start() {
final Xnio xnio;
try {
// Do what org.jboss.as.remoting.XnioUtil does
xnio =
Xnio.getInstance(
null,
Module.getModuleFromCallerModuleLoader(
ModuleIdentifier.fromString("org.jboss.xnio.nio"))
.getClassLoader());
} catch (Exception e) {
throw new IllegalStateException(e.getLocalizedMessage());
}
try {
// TODO make this configurable
worker =
xnio.createWorker(
OptionMap.builder()
.set(Options.WORKER_IO_THREADS, 2)
.set(Options.WORKER_TASK_CORE_THREADS, 5)
.set(Options.WORKER_TASK_MAX_THREADS, 10)
.set(Options.TCP_NODELAY, true)
.set(Options.CORK, true)
.getMap());
Builder serverOptionsBuilder =
OptionMap.builder().set(Options.TCP_NODELAY, true).set(Options.REUSE_ADDRESSES, true);
ChannelListener acceptListener = ChannelListeners.openListenerAdapter(openListener);
if (httpAddress != null) {
normalServer =
worker.createStreamConnectionServer(
httpAddress, acceptListener, serverOptionsBuilder.getMap());
normalServer.resumeAccepts();
}
if (secureAddress != null) {
if (sslClientAuthMode != null) {
serverOptionsBuilder.set(SSL_CLIENT_AUTH_MODE, sslClientAuthMode);
}
OptionMap secureOptions = serverOptionsBuilder.getMap();
XnioSsl xnioSsl = new UndertowXnioSsl(worker.getXnio(), secureOptions, sslContext);
secureServer =
xnioSsl.createSslConnectionServer(worker, secureAddress, acceptListener, secureOptions);
secureServer.resumeAccepts();
}
} catch (IOException e) {
throw new RuntimeException(e);
}
}
// This duplicates the RealmSecurityProvider of AS7 to mimic the same security set-up
private OptionMap createOptionMap() {
List<String> mechanisms = new LinkedList<String>();
Set<Property> properties = new HashSet<Property>();
Builder builder = OptionMap.builder();
if (saslMechanisms.contains(JBOSS_LOCAL_USER)) {
mechanisms.add(JBOSS_LOCAL_USER);
builder.set(SASL_POLICY_NOPLAINTEXT, false);
properties.add(Property.of(LOCAL_DEFAULT_USER, DOLLAR_LOCAL));
}
if (saslMechanisms.contains(DIGEST_MD5)) {
mechanisms.add(DIGEST_MD5);
properties.add(Property.of(REALM_PROPERTY, REALM));
}
if (saslMechanisms.contains(PLAIN)) {
mechanisms.add(PLAIN);
builder.set(SASL_POLICY_NOPLAINTEXT, false);
}
if (saslMechanisms.isEmpty() || saslMechanisms.contains(ANONYMOUS)) {
mechanisms.add(ANONYMOUS);
builder.set(SASL_POLICY_NOANONYMOUS, false);
}
// TODO - SSL Options will be added in a subsequent task.
builder.set(SSL_ENABLED, false);
builder.set(SASL_MECHANISMS, Sequence.of(mechanisms));
builder.set(SASL_PROPERTIES, Sequence.of(properties));
return builder.getMap();
}