[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] Not able to point to keystore file in embedded jetty
|
Hi Mitul,
Dmytro was able to use configure the SSL connector from inside a
bundle using this enhancement.
As far as I know migrating to jetty-7.3.0 from to 7.2.2 should not
make any other changes.
For the rest of us on the mailing list, starting with jetty-7.3.0, it
is possible to have jetty-osgi find resources in the bundle where the
jetty server is configured using the property
"this.jetty.xml.parent.folder.url"
When jetty-osgi configures such a jetty.xml, it will compute the value
of the property "this.jetty.xml.parent.folder.url"
relative to the osgi bundle. For example in equinox:
bundleentry://1234/jettyhome
So it can be used for the SslConnector:
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Set name="Port">
<SystemProperty name="jetty.port" default="8443"/>
</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Acceptors">2</Set>
<Set name="AcceptQueueSize">100</Set>
<Set name="Keystore"><Property
name="this.jetty.xml.parent.folder.url"/>/etc/mykeystore.jks</Set>
<Set name="needClientAuth">false</Set>
<Set name="Password">mypassword</Set>
<Set name="KeyPassword">mypassword</Set>
<Set name="truststore">etc/mycacerts.jks</Set>
<Set name="trustPassword">mypassword</Set>
</New>
</Arg>
</Call>
Hugues
On Mon, Feb 28, 2011 at 4:49 PM, Mitul Adhia <mituladhia19@xxxxxxxxx> wrote:
> Hi Hugues,
>
> yes this is the issue which i am facing currently in jetty 7.2.2 . I was
> going through the below mention link to enable https in jetty 7.2.2 .
>
> http://docs.codehaus.org/display/JETTY/How+to+configure+SSL#HowtoconfigureSSL-PasswordIssues
>
> Hope there are no further changes in creation of keystore . I have used
> keytool from Java SDK for generation of keystore .If any more changes are
> incorporated in jetty 7.3 do let me know .
> For password i have used password storage mechanism in jetty
> http://wiki.eclipse.org/Jetty/Howto/Secure_Passwords . The encryped password
> i have stored in jetty.xml under the SSL configuration element .
>
> Best Regards,
> Mitul
>
>
> On Mon, Feb 28, 2011 at 8:13 AM, Hugues Malphettes <hmalphettes@xxxxxxxxxxx>
> wrote:
>>
>> Hi Mitul,
>> Here is what you are looking for:
>> https://bugs.eclipse.org/bugs/show_bug.cgi?id=334062
>> I am afraid this is available only in 7.3.0.v20110203
>> Let us know how it goes.
>> Hugues
>>
>> On Sat, Feb 26, 2011 at 11:18 PM, Mitul Adhia <mituladhia19@xxxxxxxxx>
>> wrote:
>> > Any reply for this please !!!!!
>> >
>> > On Fri, Feb 25, 2011 at 6:24 PM, Mitul Adhia <mituladhia19@xxxxxxxxx>
>> > wrote:
>> >>
>> >> Hi Thomas,
>> >> My application is working on windows machine ..
>> >> Yes the path should be relative to the bundle where jettyconfig bundle.
>> >> What should be the value in JETTY_HOME ??? Is the keyword is case
>> >> sensitive ??? Whether it should be jetty.home or jetty_home ??
>> >> Best regards,
>> >> Mitul
>> >>
>> >> On Fri, Feb 25, 2011 at 5:57 PM, Thomas Becker <tbecker@xxxxxxxxxxx>
>> >> wrote:
>> >>>
>> >>> Hi Mitul,
>> >>>
>> >>> sorry, I misunderstood your requirements. I guess in your case the
>> >>> path
>> >>> is relative to where you've started jetty. Can you confirm this? I'm
>> >>> pretty
>> >>> sure that /etc/keystore1 on a linux box will resolve to the absolute
>> >>> path
>> >>> /etc/keystore1 as you would expect.
>> >>>
>> >>> Have you tried setting a JETTY_HOME environment variable and removing
>> >>> the
>> >>> leading slash from the path? "etc/keystore1" instead of
>> >>> "/etc/keystore1"
>> >>>
>> >>> Cheers,
>> >>> Thomas
>> >>>
>> >>> On 25/02/2011 10:28, Mitul Adhia wrote:
>> >>>
>> >>> Hi Thomas,
>> >>> The requirement is not to set the absolute path which is always
>> >>> possible
>> >>> . I mean if i set the path from the start of directory structure it
>> >>> would definitely work . But what if i wanted to set the path relative
>> >>> to the
>> >>> bundle . My application would be in finally be zipped and shipped .
>> >>> Definetly the customer are not going to unzip the bundles in C
>> >>> directory
>> >>> always ..it can be in any directory .
>> >>> Best Regards,
>> >>> Mitul
>> >>> On Fri, Feb 25, 2011 at 1:49 PM, Thomas Becker <tbecker@xxxxxxxxxxx>
>> >>> wrote:
>> >>>>
>> >>>> Hi Mitul,
>> >>>>
>> >>>> as you're on windows have you tried setting the path to:
>> >>>> "C:\etc\keystore1"?
>> >>>>
>> >>>> regards,
>> >>>> Thomas
>> >>>>
>> >>>> On 25/02/2011 09:14, Mitul Adhia wrote:
>> >>>>
>> >>>> Hi All,
>> >>>> I am using embedded jetty 7.2.2. and wanted to configure SSL in it .
>> >>>> For
>> >>>> this i have created fragment bundle named jettyconfig which consist
>> >>>> of
>> >>>> FragmentActivator class and jetty.xml & keystore1 located under
>> >>>> folder etc.
>> >>>> The fragment bundle is called from jetty.boot bundle .
>> >>>> Attach is the complete jettyconfig fragment bundle for your reference
>> >>>> .
>> >>>> In jetty.xml file if i set the keystore path as highlighted below i
>> >>>> get the
>> >>>> following exception
>> >>>> jetty.xml entry for SSL
>> >>>> <Call name="addConnector">
>> >>>>
>> >>>> <Arg>
>> >>>> <New
>> >>>> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
>> >>>> <Set name="Port">8443</Set>
>> >>>> <Set name="maxIdleTime">30000</Set>
>> >>>>
>> >>>> <Set name="Acceptors">2</Set>
>> >>>>
>> >>>> <Set name="AcceptQueueSize">100</Set>
>> >>>> <Set name="Keystore"><Property name="jetty.home" default="."
>> >>>> />/etc/keystore1</Set>
>> >>>> <Set name="Password">OBF:1igd1igf1igh1idp1idr1idt</Set>
>> >>>> <Set name="KeyPassword">OBF:1igd1igf1igh1idp1idr1idt</Set>
>> >>>> <Set name="truststore"><Property name="jetty.home" default="."
>> >>>> />/etc/keystore1</Set>
>> >>>>
>> >>>> <Set name="trustPassword">OBF:1igd1igf1igh1idp1idr1idt</Set>
>> >>>> </New>
>> >>>>
>> >>>> </Arg>
>> >>>> </Call>
>> >>>> Exception trace below comes on console when jetty is coming up :
>> >>>> 2011-02-25 13:33:43.671:INFO::Started
>> >>>> SelectChannelConnector@0.0.0.0:50099
>> >>>> 2011-02-25 13:33:43.672:WARN::FAILED
>> >>>> SslSelectChannelConnector@0.0.0.0:8443:
>> >>>> java.io.FileNotFoundException:
>> >>>> C:\Mitul\Software\eclipse-jpaas-helios-SR1-win32\etc\keystore1 (The
>> >>>> system
>> >>>> cannot find the path specified)
>> >>>> 2011-02-25 13:33:43.673:WARN::FAILED
>> >>>> org.eclipse.jetty.server.Server@182a70:
>> >>>> java.io.FileNotFoundException:
>> >>>> C:\Mitul\Software\eclipse-jpaas-helios-SR1-win32\etc\keystore1 (The
>> >>>> system
>> >>>> cannot find the path specified)
>> >>>> java.io.FileNotFoundException:
>> >>>> C:\Mitul\Software\eclipse-jpaas-helios-SR1-win32\etc\keystore1 (The
>> >>>> system
>> >>>> cannot find the path specified)
>> >>>> at java.io.FileInputStream.open(Native Method)
>> >>>> at java.io.FileInputStream.<init>(FileInputStream.java:106)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.jetty.util.resource.FileResource.getInputStream(FileResource.java:274)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.jetty.server.ssl.SslSelectChannelConnector.getKeyStore(SslSelectChannelConnector.java:683)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.jetty.server.ssl.SslSelectChannelConnector.getKeyManagers(SslSelectChannelConnector.java:650)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.jetty.server.ssl.SslSelectChannelConnector.createSSLContext(SslSelectChannelConnector.java:637)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.jetty.server.ssl.SslSelectChannelConnector.doStart(SslSelectChannelConnector.java:595)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:55)
>> >>>> at org.eclipse.jetty.server.Server.doStart(Server.java:254)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:55)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.jetty.osgi.boot.internal.serverfactory.ServerInstanceWrapper.start(ServerInstanceWrapper.java:175)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.jetty.osgi.boot.internal.serverfactory.JettyServerServiceTracker.serviceChanged(JettyServerServiceTracker.java:108)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:104)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.osgi.framework.internal.core.BundleContextImpl.dispatchEvent(BundleContextImpl.java:933)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:227)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:149)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:756)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:711)
>> >>>> at
>> >>>>
>> >>>> org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)
>> >>>> If the path is changed to /newWP1/jettyconfig/etc/ketystore1 then it
>> >>>> is
>> >>>> able to locate the given file . Here newWP1 is my eclipse workspace
>> >>>> name &
>> >>>> jettyconfig is the bundle which is attached .
>> >>>> I wanted to know how can i point to required file without the use
>> >>>> of /newWP1/jettyconfig in key store path ???
>> >>>>
>> >>>> Best Regards,
>> >>>> mitul
>> >>>>
>> >>>> _______________________________________________
>> >>>> jetty-users mailing list
>> >>>> jetty-users@xxxxxxxxxxx
>> >>>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>> >>>
>> >>
>> >
>> >
>> > _______________________________________________
>> > jetty-users mailing list
>> > jetty-users@xxxxxxxxxxx
>> > https://dev.eclipse.org/mailman/listinfo/jetty-users
>> >
>> >
>
>
