Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] Migrating Jetty6 to Jetty 9 - SslSocketConnector related
Since https is actually SSL+http, yes. use those settings, make sure they are valid for your configuration.
There are many constraints based on if you are secure or not, those values are used to aid in that logic.

If you notice in the prior response, the ServerConnector, we call "https", has a ConnectionFactory list of SslConnectionFactory (with an SslContextFactory inside), and then a HttpConnectionFactory (with a https configuration inside of it, which in turn is a HttpConfiguration with SecureRequestCustomizer wrapped around the base HttpConfiguration).

Or put into a tree...

* ServerConnector (https)
* SslConnectionFactory
* SslContextFactory (sslContextFactory)
* HttpConnectionFactory
* HttpConfiguration (https_config)
* SecureRequestCustomizer
* HttpConfiguration (http_config)
* secure scheme
* secure port

If you don't have separate connectors (like the example has http and https), you can merge the 2 layers of HttpConfiguration together.
Note: HttpConfiguration.setSecureScheme("https") isn't technically needed, as that is the default value anyway, securePort on the other hand is needed.


--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts


On Sat, Oct 12, 2013 at 11:47 PM, bas karan <baskar.nitt@xxxxxxxxx> wrote:
hi,

Thanks a lot for the quick and detailed response.
We generally use either http or https connector only.
Is it mandatory to use the below statements for http connector.
   
   http_config.setSecureScheme("https");
   http_config.setSecurePort(8443);


On Sun, Oct 13, 2013 at 2:56 AM, Joakim Erdfelt <joakim@xxxxxxxxxxx> wrote:
You are missing a few facts about Jetty 9.1 ...

First, there are no longer any blocking connectors.
Its all async / nio connectors now. (mainly because that's the direction that the servlet api 3.1 is taking)

Next, there is only 1 connector.   The ServerConnector.
However, it takes 1 or more ConnectionFactory implementations to know how to handle the incoming connection.
We have factories for HTTP (0.9 thru 1.1), SPDY, SSL-http, and SSL-npn so far.
This list of factories will expand as the future of connectivity to web servers is ever growing (think HTTP/2)

Use the embedded examples for help understanding this.

ManyConnectors.java

   This example shows 2 connectors being added to a server.

   First the Server itself

        // Create a basic jetty server object without declaring the port.  Since we are configuring connectors
        // directly we'll be setting ports on those connectors.
        Server server = new Server();


   Next the HttpConfiguration for http





        // HTTP Configuration
        // HttpConfiguration is a collection of configuration information appropriate for http and https. The default
        // scheme for http is <code>http</code> of course, as the default for secured http is <code>https</code> but
        // we show setting the scheme to show it can be done.  The port for secured communication is also set here.
        HttpConfiguration http_config = new HttpConfiguration();
        http_config.setSecureScheme("https");
        http_config.setSecurePort(8443);
        http_config.setOutputBufferSize(32768);


   Now define the ServerConnector for handling just http




        // HTTP connector
        // The first server connector we create is the one for http, passing in the http configuration we configured
        // above so it can get things like the output buffer size, etc. We also set the port (8080) and configure an
        // idle timeout.
        ServerConnector http = new ServerConnector(server,new HttpConnectionFactory(http_config));        
        http.setPort(8080);
        http.setIdleTimeout(30000);




   Now configure the SslContextFactory with your keystore information





        // SSL Context Factory for HTTPS and SPDY
        // SSL requires a certificate so we configure a factory for ssl contents with information pointing to what
        // keystore the ssl connection needs to know about. Much more configuration is available the ssl context,
        // including things like choosing the particular certificate out of a keystore to be used.
        SslContextFactory sslContextFactory = new SslContextFactory();
        sslContextFactory.setKeyStorePath(jetty_home + "/etc/keystore");
        sslContextFactory.setKeyStorePassword("OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4");
        sslContextFactory.setKeyManagerPassword("OBF:1u2u1wml1z7s1z7a1wnl1u2g");


   Now setup your HTTPS configuration.




   Note: the SecureRequestCustomizer, sets up various servlet api request attributes and certificate information to satisfy the requirements of the servlet spec.










        // HTTPS Configuration
        // A new HttpConfiguration object is needed for the next connector and you can pass the old one as an
        // argument to effectively clone the contents. On this HttpConfiguration object we add a
        // SecureRequestCustomizer which is how a new connector is able to resolve the https connection before
        // handing control over to the Jetty Server.
        HttpConfiguration https_config = new HttpConfiguration(http_config);
        https_config.addCustomizer(new SecureRequestCustomizer());





   Now define the ServerConnector for handling SSL+http (aka https)


        // HTTPS connector
        // We create a second ServerConnector, passing in the http configuration we just made along with the
        // previously created ssl context factory. Next we set the port and a longer idle timeout.
        ServerConnector https = new ServerConnector(server,
            new SslConnectionFactory(sslContextFactory,"http/1.1"),
            new HttpConnectionFactory(https_config));
        https.setPort(8443);
        https.setIdleTimeout(500000);


   Finally, add the connectors to the server






        // Here you see the server having multiple connectors registered with it, now requests can flow into the server
        // from both http and https urls to their respective ports and be processed accordingly by jetty. A simple
        // handler is also registered with the server so the example has something to pass requests off to.

        // Set the connectors
        server.setConnectors(new Connector[] { http, https });
   
The story is pretty much the same for SPDY, however, it uses TLS/NPN to negotiate the connection, which could result in an actual connection to something else (like SPDY/2, SPDY/3, or HTTP) after the secure layer.

See SpdyConnector.java for details.

Note, we expect that HTTP/2 (still being hashed out as a formal spec) will likely use ALPN (Application Layer Protocol Negotiation) to negotiate the connection (in a similar role to how NPN fits).

Don't be overwhelmed by all of this.   This is just the nature of the modern web.

We are continually following various discussions on what the future of the web will look like, from simple things like how WebSocket will change networking behavior, to bigger topics like how the Snowden/NSA fallout will impact Cryptography as a whole (some have even suggested that the trust model of Certificates Authorities should be reexamined or replaced with something decentralized).   The next 5 years will be exciting! :-)


--
Joakim Erdfelt <joakim@xxxxxxxxxxx>
Expert advice, services and support from from the Jetty & CometD experts


On Sat, Oct 12, 2013 at 11:50 AM, bas karan <baskar.nitt@xxxxxxxxx> wrote:
I want to migrate this code (written using Jetty6 classes) to Jetty 9
Please help to find the solution
SslSocketConnector connector = new SslSocketConnector();
connector.setPort(Integer.parseInt(irProperties
.getProperty(Constants.JETTY_PORT_NUMBER)));
int maxIdleTime = Integer.parseInt(irProperties
.getProperty(Constants.JETTY_MAXIMUM_IDLE_TIME));
connector.setMaxIdleTime(maxIdleTime);

connector.setKeyPassword(ipsProperties
.getProperty(Constants.JETTY_SSL_KEY_PASSWORD));
connector.setKeystore(ipsProperties
.getProperty(Constants.JETTY_SSL_KEYSTORE_PATH));

Server server = new Server();
server.setConnectors(new Connector[] { connector });

_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-dev



_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-dev



_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/jetty-dev


Back to the top