* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
public JettyServiceStarter(final AbsService<ENV,TRANS> service, boolean secure) throws OrganizationException {
super(service, secure);
}
-
+
@Override
public void _propertyAdjustment() {
-// System.setProperty("com.sun.management.jmxremote.port", "8081");
Properties props = access().getProperties();
Object httpproto = null;
// Critical - if no Security Protocols set, then set it. We'll just get messed up if not
props.put(Config.CADI_PROTOCOLS, httpproto);
}
}
-
+
if ("1.7".equals(System.getProperty("java.specification.version")) && (httpproto==null || (httpproto instanceof String && ((String)httpproto).contains("TLSv1.2")))) {
System.setProperty(Config.HTTPS_CIPHER_SUITES, Config.HTTPS_CIPHER_SUITES_DEFAULT);
}
final String keystore = access().getProperty(Config.CADI_KEYSTORE, null);
final int IDLE_TIMEOUT = Integer.parseInt(access().getProperty(Config.AAF_CONN_IDLE_TIMEOUT, Config.AAF_CONN_IDLE_TIMEOUT_DEF));
Server server = new Server();
-
+
ServerConnector conn;
String protocol;
if (!secure || keystore==null) {
protocol = "http";
} else {
protocol = "https";
-
+
String keystorePassword = access().getProperty(Config.CADI_KEYSTORE_PASSWORD, null);
if (keystorePassword==null) {
sslContextFactory.setKeyStorePassword(temp=access().decrypt(keystorePassword, true)); // don't allow unencrypted
sslContextFactory.setKeyManagerPassword(temp);
temp=null; // don't leave lying around
-
+
String truststore = access().getProperty(Config.CADI_TRUSTSTORE, null);
if (truststore!=null) {
String truststorePassword = access().getProperty(Config.CADI_TRUSTSTORE_PASSWORD, null);
throw new CadiException("No Truststore Password configured for " + truststore);
}
sslContextFactory.setTrustStorePath(truststore);
- sslContextFactory.setTrustStorePassword(access().decrypt(truststorePassword, false));
+ sslContextFactory.setTrustStorePassword(access().decrypt(truststorePassword, false));
}
// Be able to accept only certain protocols, i.e. TLSv1.1+
String subprotocols = access().getProperty(Config.CADI_PROTOCOLS, Config.HTTPS_PROTOCOLS_DEFAULT);
service.setSubprotocol(subprotocols);
final String[] protocols = Split.splitTrim(',', subprotocols);
sslContextFactory.setIncludeProtocols(protocols);
-
+
// Want to use Client Certificates, if they exist.
sslContextFactory.setWantClientAuth(true);
-
- // Optional future checks.
- // sslContextFactory.setValidateCerts(true);
- // sslContextFactory.setValidatePeerCerts(true);
- // sslContextFactory.setEnableCRLDP(false);
- // sslContextFactory.setEnableOCSP(false);
+
String certAlias = access().getProperty(Config.CADI_ALIAS, null);
if (certAlias!=null) {
sslContextFactory.setCertAlias(certAlias);
}
-
+
HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.setSecureScheme(protocol);
httpConfig.setSecurePort(port);
httpConfig.addCustomizer(new SecureRequestCustomizer());
// httpConfig.setOutputBufferSize(32768); Not sure why take this setting
-
+
conn = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpConfig)
}
service.setProtocol(protocol);
-
- // Setup JMX
- // TODO trying to figure out how to set up/log ports
-// MBeanServer mbeanServer = ManagementFactory.getPlatformMBeanServer();
-// MBeanContainer mbContainer=new MBeanContainer(mbeanServer);
-// server.addEventListener(mbContainer);
-// server.addBean(mbContainer);
-
- // Add loggers MBean to server (will be picked up by MBeanContainer above)
-// server.addBean(Log.getLog());
-
conn.setHost(hostname);
conn.setPort(port);
conn.setIdleTimeout(IDLE_TIMEOUT);
server.addConnector(conn);
-
+
server.setHandler(new AbstractHandler() {
private FilterChain fc = buildFilterChain(service,new FilterChain() {
@Override
rserv.service(req, resp);
}
});
-
+
@Override
public void handle(String target, Request baseRequest, HttpServletRequest hreq, HttpServletResponse hresp) throws IOException, ServletException {
try {
}
}
);
-
+
try {
access().printf(Level.INIT, "Starting service on %s:%d (%s)",hostname,port,InetAddress.getByName(hostname).getHostAddress());
server.start();
}
}
try {
- String no_register = env().getProperty("aaf_no_register",null);
- if(no_register==null) {
- register(service.registrants(port));
- } else {
- access().printf(Level.INIT,"'aaf_no_register' is set. %s will not be registered with Locator", service.app_name);
- }
- access().printf(Level.INIT, "Starting Jetty Service for %s, version %s, on %s://%s:%d", service.app_name,service.app_version,protocol,hostname,port);
-
+ String noRegister = env().getProperty("aaf_no_register",null);
+ if(noRegister==null) {
+ register(service.registrants(port));
+ } else {
+ access().printf(Level.INIT,"'aaf_no_register' is set. %s will not be registered with Locator", service.appName);
+ }
+ access().printf(Level.INIT, "Starting Jetty Service for %s, version %s, on %s://%s:%d", service.appName,service.appVersion,protocol,hostname,port);
+
rserv.postStartup(hostname, port);
} catch (Exception e) {
- access().log(e,"Error registering " + service.app_name);
+ access().log(e,"Error registering " + service.appName);
String doExit = access().getProperty("cadi_exitOnFailure", "true");
if (doExit == "true") {
System.exit(1);
}
return fc;
}
-
+
private class FCImpl implements FilterChain {
private Filter f;
private FilterChain next;
-
+
public FCImpl(final Filter f, final FilterChain fc) {
this.f=f;
next = fc;
-
+
}
@Override
public void doFilter(ServletRequest req, ServletResponse resp) throws IOException, ServletException {
Code Review / aaf / authz.git / blobdiff