/**
   * set up the ssl connectors with strong ciphers
   *
   * @throws Exception
   */
  protected void initConnectors() throws Exception {
    if (!_disableHTTP) {
      if (_unsecuredConnector == null) {
        _unsecuredConnector = new SelectChannelConnector();
      }
      if (_unsecurePort != null) {
        _unsecuredConnector.setPort(Integer.parseInt(_unsecurePort));
      } else {
        _unsecuredConnector.setPort(_serviceInfo.getEndpoint().getPort());
      }
      if (_httpBindAddress != null) {
        _unsecuredConnector.setHost(_httpBindAddress);
      }
      if (lowResourcesConnections != null) {
        _unsecuredConnector.setLowResourcesConnections(lowResourcesConnections);
      }
      if (lowResourcesMaxIdleTime != null) {
        _unsecuredConnector.setLowResourcesMaxIdleTime(lowResourcesMaxIdleTime);
      }
      if (threadPool != null) {
        _unsecuredConnector.setThreadPool(threadPool);
      }
      _server.addConnector(_unsecuredConnector);
    }
    if (!_disableSSL) {
      SslContextFactory sslFac = new SslContextFactory();
      sslFac.setIncludeCipherSuites(_ciphers);

      KeyStore ks = KeyStoreUtil.getViPRKeystore(_coordinatorClient);
      _log.debug(
          "The certificates in Jetty is {}. ",
          ks.getCertificateChain(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS));

      sslFac.setCertAlias(KeystoreEngine.ViPR_KEY_AND_CERTIFICATE_ALIAS);
      sslFac.setKeyStore(ks);
      _securedConnector = new SslSelectChannelConnector(sslFac);
      if (_securePort != null) {
        _securedConnector.setPort(Integer.parseInt(_securePort));
      } else {
        _securedConnector.setPort(_serviceInfo.getEndpoint().getPort());
      }
      if (_bindAddress != null) {
        _securedConnector.setHost(_bindAddress);
      }
      if (lowResourcesConnections != null) {
        _securedConnector.setLowResourcesConnections(lowResourcesConnections);
      }
      if (lowResourcesMaxIdleTime != null) {
        _securedConnector.setLowResourcesMaxIdleTime(lowResourcesMaxIdleTime);
      }
      if (threadPool != null) {
        _securedConnector.setThreadPool(threadPool);
      }
      _server.addConnector(_securedConnector);
    }
    _server.setSendServerVersion(false);
  }
Exemplo n.º 2
0
  public static void main(String[] args) throws Exception {

    setThreadClassLoader();
    processOptions();
    WebAppContext context = buildContext();

    if (tempDir != null) {
      File tempDirectory = new File(tempDir);
      context.setTempDirectory(tempDirectory);
    }

    Server server = new Server();
    if (usingSSL) {
      server.setConnectors(new Connector[] {buildConnector(), buildSslConnector()});
    } else {
      server.setConnectors(new Connector[] {buildConnector()});
    }
    server.setHandler(context);
    server.setSendServerVersion(false);

    run(server);
  }
Exemplo n.º 3
0
  public Server getJettyServer(int port, int sslPort, int maxThreads) throws IOException {

    Server server = new Server();
    HandlerCollection handlers = new HandlerCollection();
    ContextHandlerCollection contexts = new ContextHandlerCollection();
    server.setThreadPool(new QueuedThreadPool(maxThreads));

    SslSocketConnector sslSocketConnector = null;
    if (sslPort > 0) {
      System.out.println("SSL is Starting on port " + sslPort + "...");
      sslSocketConnector = new SslSocketConnector();
      sslSocketConnector.setPort(getContainerConfig().getSSLPort());
      sslSocketConnector.setKeystore("conf/servertestkeystore");
      sslSocketConnector.setPassword(getContainerConfig().getSSLKeyPassword());
      sslSocketConnector.setKeyPassword(getContainerConfig().getSSLKeyStorePassword());
      sslSocketConnector.setTruststore("conf/servertestkeystore");
      sslSocketConnector.setTrustPassword(getContainerConfig().getSSLKeyStorePassword());
    } else if (getContainerConfig().isAcEnabled())
      logger.error("SSL MUST be configured in the gsn.xml file when Access Control is enabled !");

    AbstractConnector connector =
        new SelectChannelConnector(); // before was connector//new SocketConnector ();//using basic
                                      // connector for windows bug; Fast
                                      // option=>SelectChannelConnector
    connector.setPort(port);
    connector.setMaxIdleTime(30000);
    connector.setAcceptors(2);
    connector.setConfidentialPort(sslPort);

    if (sslSocketConnector == null) server.setConnectors(new Connector[] {connector});
    else server.setConnectors(new Connector[] {connector, sslSocketConnector});

    WebAppContext webAppContext = new WebAppContext(contexts, DEFAULT_WEB_APP_PATH, "/");

    handlers.setHandlers(new Handler[] {contexts, new DefaultHandler()});
    server.setHandler(handlers);

    Properties usernames = new Properties();
    usernames.load(new FileReader("conf/realm.properties"));
    if (!usernames.isEmpty()) {
      HashLoginService loginService = new HashLoginService();
      loginService.setName("GSNRealm");
      loginService.setConfig("conf/realm.properties");
      loginService.setRefreshInterval(10000); // re-reads the file every 10 seconds.

      Constraint constraint = new Constraint();
      constraint.setName("GSN User");
      constraint.setRoles(new String[] {"gsnuser"});
      constraint.setAuthenticate(true);

      ConstraintMapping cm = new ConstraintMapping();
      cm.setConstraint(constraint);
      cm.setPathSpec("/*");
      cm.setMethod("GET");

      ConstraintMapping cm2 = new ConstraintMapping();
      cm2.setConstraint(constraint);
      cm2.setPathSpec("/*");
      cm2.setMethod("POST");

      ConstraintSecurityHandler securityHandler = new ConstraintSecurityHandler();
      securityHandler.setLoginService(loginService);
      securityHandler.setConstraintMappings(new ConstraintMapping[] {cm, cm2});
      securityHandler.setAuthenticator(new BasicAuthenticator());
      webAppContext.setSecurityHandler(securityHandler);
    }

    server.setSendServerVersion(true);
    server.setStopAtShutdown(true);
    server.setSendServerVersion(false);
    server.setSessionIdManager(new HashSessionIdManager(new Random()));

    return server;
  }
  /** Starts the Jetty instance. */
  public void startup() {
    restartNeeded = false;

    // Add listener for certificate events
    certificateListener = new CertificateListener();
    CertificateManager.addListener(certificateListener);

    adminPort = JiveGlobals.getXMLProperty("adminConsole.port", 9090);
    adminSecurePort = JiveGlobals.getXMLProperty("adminConsole.securePort", 9091);
    adminServer = new Server();
    final QueuedThreadPool tp = new QueuedThreadPool(254);
    tp.setName("Jetty-QTP-AdminConsole");
    adminServer.setThreadPool(tp);

    // Do not send Jetty info in HTTP headers
    adminServer.setSendServerVersion(false);

    // Create connector for http traffic if it's enabled.
    if (adminPort > 0) {
      Connector httpConnector = new SelectChannelConnector();
      // Listen on a specific network interface if it has been set.
      String bindInterface = getBindInterface();
      httpConnector.setHost(bindInterface);
      httpConnector.setPort(adminPort);
      adminServer.addConnector(httpConnector);
    }

    // Create a connector for https traffic if it's enabled.
    sslEnabled = false;
    try {
      if (adminSecurePort > 0
          && CertificateManager.isRSACertificate(SSLConfig.getKeyStore(), "*")) {
        if (!CertificateManager.isRSACertificate(
            SSLConfig.getKeyStore(), XMPPServer.getInstance().getServerInfo().getXMPPDomain())) {
          Log.warn(
              "Admin console: Using RSA certificates but they are not valid for the hosted domain");
        }

        JiveSslConnector httpsConnector = new JiveSslConnector();
        String bindInterface = getBindInterface();
        httpsConnector.setHost(bindInterface);
        httpsConnector.setPort(adminSecurePort);

        httpsConnector.setTrustPassword(SSLConfig.gets2sTrustPassword());
        httpsConnector.setTruststoreType(SSLConfig.getStoreType());
        httpsConnector.setTruststore(SSLConfig.gets2sTruststoreLocation());
        httpsConnector.setNeedClientAuth(false);
        httpsConnector.setWantClientAuth(false);

        httpsConnector.setKeyPassword(SSLConfig.getKeyPassword());
        httpsConnector.setKeystoreType(SSLConfig.getStoreType());
        httpsConnector.setKeystore(SSLConfig.getKeystoreLocation());
        adminServer.addConnector(httpsConnector);

        sslEnabled = true;
      }
    } catch (Exception e) {
      Log.error(e.getMessage(), e);
    }

    // Make sure that at least one connector was registered.
    if (adminServer.getConnectors() == null || adminServer.getConnectors().length == 0) {
      adminServer = null;
      // Log warning.
      log(LocaleUtils.getLocalizedString("admin.console.warning"));
      return;
    }

    HandlerCollection collection = new HandlerCollection();
    adminServer.setHandler(collection);
    collection.setHandlers(new Handler[] {contexts, new DefaultHandler()});

    try {
      adminServer.start();
    } catch (Exception e) {
      Log.error("Could not start admin conosle server", e);
    }

    // Log the ports that the admin server is listening on.
    logAdminConsolePorts();
  }