@Override protected HttpConfiguration createHttpConfig() { HttpConfiguration httpConfig = super.createHttpConfig(); httpConfig.addCustomizer( requestCustomizer ); return httpConfig; }
private static HttpConnectionFactory createHttpConnectionFactory() { HttpConfiguration httpConfig = new HttpConfiguration(); httpConfig.setSecureScheme("https"); httpConfig.addCustomizer(new ForwardedRequestCustomizer()); return new HttpConnectionFactory(httpConfig); }
private ServerConnector createConnector(final SslContextFactory sslContextFactory, final Integer listenPort) { final ServerConnector serverConnector; if (sslContextFactory == null) { serverConnector = new ServerConnector(server); } else { final HttpConfiguration httpsConfiguration = new HttpConfiguration(); httpsConfiguration.setSecureScheme("https"); httpsConfiguration.addCustomizer(new SecureRequestCustomizer()); serverConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfiguration)); } serverConnector.setPort(listenPort); return serverConnector; }
private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception { Server server = new Server(); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setIncludeProtocols("TLSv1.2"); sslContextFactory.setKeyStore(keyStore); sslContextFactory.setKeyManagerPassword(keyPassword); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig)); sslConnector.setPort(port); server.addConnector(sslConnector); server.setHandler(handler); return server; }
@Override public void customize(Server server) { ForwardedRequestCustomizer customizer = new ForwardedRequestCustomizer(); for (Connector connector : server.getConnectors()) { for (ConnectionFactory connectionFactory : connector .getConnectionFactories()) { if (connectionFactory instanceof HttpConfiguration.ConnectionFactory) { ((HttpConfiguration.ConnectionFactory) connectionFactory) .getHttpConfiguration().addCustomizer(customizer); } } } }
private ServerConnector createConnector(Server server, SslContextFactory sslContextFactory, InetSocketAddress address) { HttpConfiguration config = new HttpConfiguration(); config.setSendServerVersion(false); config.setSecureScheme("https"); config.setSecurePort(address.getPort()); config.addCustomizer(new SecureRequestCustomizer()); ServerConnector connector = createServerConnector(server, sslContextFactory, config); connector.setPort(address.getPort()); connector.setHost(address.getHostString()); return connector; }
private ServerConnector createUnconfiguredSslServerConnector(Server server, HttpConfiguration httpConfiguration, int port) { // add some secure config final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration); httpsConfiguration.setSecureScheme("https"); httpsConfiguration.setSecurePort(port); httpsConfiguration.addCustomizer(new SecureRequestCustomizer()); // build the connector return new ServerConnector(server, new SslConnectionFactory(createSslContextFactory(), "http/1.1"), new HttpConnectionFactory(httpsConfiguration)); }
private Connector plainConnector(Jetty9Server server) { HttpConfiguration httpConfig = new HttpConfiguration(); httpConfig.setOutputBufferSize(systemEnvironment.get(SystemEnvironment.RESPONSE_BUFFER_SIZE)); httpConfig.setSendServerVersion(false); httpConfig.addCustomizer(new ForwardedRequestCustomizer()); ServerConnector httpConnector = new ServerConnector(server.getServer(), new HttpConnectionFactory(httpConfig)); httpConnector.setHost(systemEnvironment.getListenHost()); httpConnector.setPort(systemEnvironment.getServerPort()); httpConnector.setIdleTimeout(systemEnvironment.get(SystemEnvironment.IDLE_TIMEOUT)); return httpConnector; }
@Override protected HttpConfiguration buildHttpConfiguration() { final HttpConfiguration config = super.buildHttpConfiguration(); config.setSecureScheme("https"); config.setSecurePort(getPort()); config.addCustomizer(new SecureRequestCustomizer()); return config; }
config.setSecureScheme("https"); config.setSecurePort(port); config.addCustomizer(new SecureRequestCustomizer());
/** * Create ssl connector if https is used * @return */ private ServerConnector sslConnector() { HttpConfiguration http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); http_config.setSecurePort(this.getPort()); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); SslContextFactory sslContextFactory = new SslContextFactory(this.getCertKeyStorePath()); sslContextFactory.setKeyStorePassword(this.getCertKeyStorePassword()); //exclude weak ciphers sslContextFactory.setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$"); //only support tlsv1.2 sslContextFactory.addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1"); ServerConnector connector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https_config)); connector.setPort(this.getPort()); connector.setIdleTimeout(50000); return connector; }
public static ServerConnector addHttpsConnector(Server server) throws IOException, URISyntaxException { String keyStoreFile = resourceAsFile("ssltest-keystore.jks").getAbsolutePath(); SslContextFactory sslContextFactory = new SslContextFactory(keyStoreFile); sslContextFactory.setKeyStorePassword("changeit"); String trustStoreFile = resourceAsFile("ssltest-cacerts.jks").getAbsolutePath(); sslContextFactory.setTrustStorePath(trustStoreFile); sslContextFactory.setTrustStorePassword("changeit"); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.setSecureScheme("https"); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig)); server.addConnector(connector); return connector; }
httpsConfig.addCustomizer(new SecureRequestCustomizer()); httpsConfig.setSendServerVersion(false); httpsConfig.addCustomizer(new ForwardedRequestCustomizer());
httpsConfig.addCustomizer(new SecureRequestCustomizer()); if (null != headerBufferSize) { httpsConfig.setRequestHeaderSize(headerBufferSize);
private ServerConnector https(final Server server, final Config conf, final String path, final SSLContext sslContext, final boolean http2) { HttpConfiguration httpConf = conf(new HttpConfiguration(), conf.withoutPath(CONNECTOR), path); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setSslContext(sslContext); sslContextFactory.setIncludeProtocols("TLSv1.2"); sslContextFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); HttpConfiguration httpsConf = new HttpConfiguration(httpConf); httpsConf.addCustomizer(new SecureRequestCustomizer()); HttpConnectionFactory https11 = new HttpConnectionFactory(httpsConf); if (http2) { ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory(H2, H2_17, HTTP_1_1); alpn.setDefaultProtocol(HTTP_1_1); HTTP2ServerConnectionFactory https2 = new HTTP2ServerConnectionFactory(httpsConf); ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "alpn"), alpn, https2, https11); return conf(connector, conf.getConfig(CONNECTOR), path + ".connector"); } else { ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HTTP_1_1), https11); return conf(connector, conf.getConfig(CONNECTOR), path + ".connector"); } }
private Connector createSSLConnector( final Server httpBindServer ) { final int securePort = getHttpBindSecurePort(); try { final IdentityStore identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore( ConnectionType.BOSH_C2S ); if (securePort > 0 && identityStore.getStore().aliases().hasMoreElements() ) { if ( !identityStore.containsDomainCertificate( ) ) { Log.warn("HTTP binding: Using certificates but they are not valid for the hosted domain"); } final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager()); final ConnectionConfiguration configuration = connectionManager.getListener( ConnectionType.BOSH_C2S, true ).generateConnectionConfiguration(); final SslContextFactory sslContextFactory = new EncryptionArtifactFactory(configuration).getSslContextFactory(); final HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.setSecureScheme("https"); httpsConfig.setSecurePort(securePort); configureProxiedConnector(httpsConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); final ServerConnector sslConnector = new ServerConnector(httpBindServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig)); sslConnector.setHost(getBindInterface()); sslConnector.setPort(securePort); return sslConnector; } } catch (Exception e) { Log.error("Error creating SSL connector for Http bind", e); } return null; }
private ServerConnector createHttpsChannelConnector( Server server, HttpConfiguration httpConfig) { httpConfig.setSecureScheme(HTTPS_SCHEME); httpConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector conn = createHttpChannelConnector(server, httpConfig); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setNeedClientAuth(needsClientAuth); sslContextFactory.setKeyManagerPassword(keyPassword); if (keyStore != null) { sslContextFactory.setKeyStorePath(keyStore); sslContextFactory.setKeyStoreType(keyStoreType); sslContextFactory.setKeyStorePassword(keyStorePassword); } if (trustStore != null) { sslContextFactory.setTrustStorePath(trustStore); sslContextFactory.setTrustStoreType(trustStoreType); sslContextFactory.setTrustStorePassword(trustStorePassword); } if(null != excludeCiphers && !excludeCiphers.isEmpty()) { sslContextFactory.setExcludeCipherSuites( StringUtils.getTrimmedStrings(excludeCiphers)); LOG.info("Excluded Cipher List:" + excludeCiphers); } conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString())); return conn; } }
protected HttpConfiguration buildHttpConfiguration() { final HttpConfiguration httpConfig = new HttpConfiguration(); httpConfig.setHeaderCacheSize((int) headerCacheSize.toBytes()); httpConfig.setOutputBufferSize((int) outputBufferSize.toBytes()); httpConfig.setRequestHeaderSize((int) maxRequestHeaderSize.toBytes()); httpConfig.setResponseHeaderSize((int) maxResponseHeaderSize.toBytes()); httpConfig.setSendDateHeader(useDateHeader); httpConfig.setSendServerVersion(useServerHeader); httpConfig.setMinResponseDataRate(minResponseDataPerSecond.toBytes()); httpConfig.setMinRequestDataRate(minRequestDataPerSecond.toBytes()); if (useForwardedHeaders) { httpConfig.addCustomizer(new ForwardedRequestCustomizer()); } return httpConfig; }
https.addCustomizer(new SecureRequestCustomizer());
private void configureProxiedConnector(HttpConfiguration httpConfig) { // Check to see if we are deployed behind a proxy // Refer to http://eclipse.org/jetty/documentation/current/configuring-connectors.html if (isXFFEnabled()) { ForwardedRequestCustomizer customizer = new ForwardedRequestCustomizer(); // default: "X-Forwarded-For" String forwardedForHeader = getXFFHeader(); if (forwardedForHeader != null) { customizer.setForwardedForHeader(forwardedForHeader); } // default: "X-Forwarded-Server" String forwardedServerHeader = getXFFServerHeader(); if (forwardedServerHeader != null) { customizer.setForwardedServerHeader(forwardedServerHeader); } // default: "X-Forwarded-Host" String forwardedHostHeader = getXFFHostHeader(); if (forwardedHostHeader != null) { customizer.setForwardedHostHeader(forwardedHostHeader); } // default: none String hostName = getXFFHostName(); if (hostName != null) { customizer.setHostHeader(hostName); } httpConfig.addCustomizer(customizer); } httpConfig.setRequestHeaderSize(JiveGlobals.getIntProperty(HTTP_BIND_REQUEST_HEADER_SIZE, HTTP_BIND_REQUEST_HEADER_SIZE_DEFAULT)); }