/**
* set up the ssl connectors with strong ciphers
*
* @throws Exception
*/
protected void initConnectors() throws Exception {
if (!_disableHTTP) {
if (_unsecuredConnector == null) {
_unsecuredConnector = new SelectChannelConnector();
}
if (_unsecurePort != null) {
_unsecuredConnector.setPort(Integer.parseInt(_unsecurePort));
} else {
_unsecuredConnector.setPort(_serviceInfo.getEndpoint().getPort());
}
if (_httpBindAddress != null) {
_unsecuredConnector.setHost(_httpBindAddress);
}
if (lowResourcesConnections != null) {
_unsecuredConnector.setLowResourcesConnections(lowResourcesConnections);
}
if (lowResourcesMaxIdleTime != null) {
_unsecuredConnector.setLowResourcesMaxIdleTime(lowResourcesMaxIdleTime);
}
if (threadPool != null) {
_unsecuredConnector.setThreadPool(threadPool);
}
_server.addConnector(_unsecuredConnector);
}
if (!_disableSSL) {
SslContextFactory sslFac = new SslContextFactory();
sslFac.setIncludeCipherSuites(_ciphers);
KeyStore ks = KeyStoreUtil.getViPRKeystore(_coordinatorClient);
_log.debug(
"The certificates in Jetty is {}. ",
ks.getCertificateChain(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS));
sslFac.setCertAlias(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS);
sslFac.setKeyStore(ks);
_securedConnector = new SslSelectChannelConnector(sslFac);
if (_securePort != null) {
_securedConnector.setPort(Integer.parseInt(_securePort));
} else {
_securedConnector.setPort(_serviceInfo.getEndpoint().getPort());
}
if (_bindAddress != null) {
_securedConnector.setHost(_bindAddress);
}
if (lowResourcesConnections != null) {
_securedConnector.setLowResourcesConnections(lowResourcesConnections);
}
if (lowResourcesMaxIdleTime != null) {
_securedConnector.setLowResourcesMaxIdleTime(lowResourcesMaxIdleTime);
}
if (threadPool != null) {
_securedConnector.setThreadPool(threadPool);
}
_server.addConnector(_securedConnector);
}
_server.setSendServerVersion(false);
}
public static void main(String[] args) throws Exception {
setThreadClassLoader();
processOptions();
WebAppContext context = buildContext();
if (tempDir != null) {
File tempDirectory = new File(tempDir);
context.setTempDirectory(tempDirectory);
}
Server server = new Server();
if (usingSSL) {
server.setConnectors(new Connector[] {buildConnector(), buildSslConnector()});
} else {
server.setConnectors(new Connector[] {buildConnector()});
}
server.setHandler(context);
server.setSendServerVersion(false);
run(server);
}
public Server getJettyServer(int port, int sslPort, int maxThreads) throws IOException {
Server server = new Server();
HandlerCollection handlers = new HandlerCollection();
ContextHandlerCollection contexts = new ContextHandlerCollection();
server.setThreadPool(new QueuedThreadPool(maxThreads));
SslSocketConnector sslSocketConnector = null;
if (sslPort > 0) {
System.out.println("SSL is Starting on port " + sslPort + "...");
sslSocketConnector = new SslSocketConnector();
sslSocketConnector.setPort(getContainerConfig().getSSLPort());
sslSocketConnector.setKeystore("conf/servertestkeystore");
sslSocketConnector.setPassword(getContainerConfig().getSSLKeyPassword());
sslSocketConnector.setKeyPassword(getContainerConfig().getSSLKeyStorePassword());
sslSocketConnector.setTruststore("conf/servertestkeystore");
sslSocketConnector.setTrustPassword(getContainerConfig().getSSLKeyStorePassword());
} else if (getContainerConfig().isAcEnabled())
logger.error("SSL MUST be configured in the gsn.xml file when Access Control is enabled !");
AbstractConnector connector =
new SelectChannelConnector(); // before was connector//new SocketConnector ();//using basic
// connector for windows bug; Fast
// option=>SelectChannelConnector
connector.setPort(port);
connector.setMaxIdleTime(30000);
connector.setAcceptors(2);
connector.setConfidentialPort(sslPort);
if (sslSocketConnector == null) server.setConnectors(new Connector[] {connector});
else server.setConnectors(new Connector[] {connector, sslSocketConnector});
WebAppContext webAppContext = new WebAppContext(contexts, DEFAULT_WEB_APP_PATH, "/");
handlers.setHandlers(new Handler[] {contexts, new DefaultHandler()});
server.setHandler(handlers);
Properties usernames = new Properties();
usernames.load(new FileReader("conf/realm.properties"));
if (!usernames.isEmpty()) {
HashLoginService loginService = new HashLoginService();
loginService.setName("GSNRealm");
loginService.setConfig("conf/realm.properties");
loginService.setRefreshInterval(10000); // re-reads the file every 10 seconds.
Constraint constraint = new Constraint();
constraint.setName("GSN User");
constraint.setRoles(new String[] {"gsnuser"});
constraint.setAuthenticate(true);
ConstraintMapping cm = new ConstraintMapping();
cm.setConstraint(constraint);
cm.setPathSpec("/*");
cm.setMethod("GET");
ConstraintMapping cm2 = new ConstraintMapping();
cm2.setConstraint(constraint);
cm2.setPathSpec("/*");
cm2.setMethod("POST");
ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
securityHandler.setLoginService(loginService);
securityHandler.setConstraintMappings(new ConstraintMapping[] {cm, cm2});
securityHandler.setAuthenticator(new BasicAuthenticator());
webAppContext.setSecurityHandler(securityHandler);
}
server.setSendServerVersion(true);
server.setStopAtShutdown(true);
server.setSendServerVersion(false);
server.setSessionIdManager(new HashSessionIdManager(new Random()));
return server;
}
/** Starts the Jetty instance. */
public void startup() {
restartNeeded = false;
// Add listener for certificate events
certificateListener = new CertificateListener();
CertificateManager.addListener(certificateListener);
adminPort = JiveGlobals.getXMLProperty("adminConsole.port", 9090);
adminSecurePort = JiveGlobals.getXMLProperty("adminConsole.securePort", 9091);
adminServer = new Server();
final QueuedThreadPool tp = new QueuedThreadPool(254);
tp.setName("Jetty-QTP-AdminConsole");
adminServer.setThreadPool(tp);
// Do not send Jetty info in HTTP headers
adminServer.setSendServerVersion(false);
// Create connector for http traffic if it's enabled.
if (adminPort > 0) {
Connector httpConnector = new SelectChannelConnector();
// Listen on a specific network interface if it has been set.
String bindInterface = getBindInterface();
httpConnector.setHost(bindInterface);
httpConnector.setPort(adminPort);
adminServer.addConnector(httpConnector);
}
// Create a connector for https traffic if it's enabled.
sslEnabled = false;
try {
if (adminSecurePort > 0
&& CertificateManager.isRSACertificate(SSLConfig.getKeyStore(), "*")) {
if (!CertificateManager.isRSACertificate(
SSLConfig.getKeyStore(), XMPPServer.getInstance().getServerInfo().getXMPPDomain())) {
Log.warn(
"Admin console: Using RSA certificates but they are not valid for the hosted domain");
}
JiveSslConnector httpsConnector = new JiveSslConnector();
String bindInterface = getBindInterface();
httpsConnector.setHost(bindInterface);
httpsConnector.setPort(adminSecurePort);
httpsConnector.setTrustPassword(SSLConfig.gets2sTrustPassword());
httpsConnector.setTruststoreType(SSLConfig.getStoreType());
httpsConnector.setTruststore(SSLConfig.gets2sTruststoreLocation());
httpsConnector.setNeedClientAuth(false);
httpsConnector.setWantClientAuth(false);
httpsConnector.setKeyPassword(SSLConfig.getKeyPassword());
httpsConnector.setKeystoreType(SSLConfig.getStoreType());
httpsConnector.setKeystore(SSLConfig.getKeystoreLocation());
adminServer.addConnector(httpsConnector);
sslEnabled = true;
}
} catch (Exception e) {
Log.error(e.getMessage(), e);
}
// Make sure that at least one connector was registered.
if (adminServer.getConnectors() == null || adminServer.getConnectors().length == 0) {
adminServer = null;
// Log warning.
log(LocaleUtils.getLocalizedString("admin.console.warning"));
return;
}
HandlerCollection collection = new HandlerCollection();
adminServer.setHandler(collection);
collection.setHandlers(new Handler[] {contexts, new DefaultHandler()});
try {
adminServer.start();
} catch (Exception e) {
Log.error("Could not start admin conosle server", e);
}
// Log the ports that the admin server is listening on.
logAdminConsolePorts();
}