* ============LICENSE_START=======================================================
* org.onap.dmaap
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017 AT&T Intellectual Property.
+ *
+ * Modifications Copyright (C) 2019 IBM.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
package org.onap.dmaap.dbcapi.server;
+import com.google.common.collect.Sets;
+import javax.servlet.DispatcherType;
-import java.util.Properties;
-
-import javax.net.ssl.SSLContext;
-
-import org.apache.log4j.Logger;
-import org.eclipse.jetty.security.SecurityHandler;
-import org.eclipse.jetty.server.Connector;
-import org.eclipse.jetty.server.HttpConfiguration;
-import org.eclipse.jetty.server.HttpConnectionFactory;
-import org.eclipse.jetty.server.SecureRequestCustomizer;
-import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.server.ServerConnector;
-import org.eclipse.jetty.server.SslConnectionFactory;
+import org.eclipse.jetty.http.HttpVersion;
+import org.eclipse.jetty.server.*;
import org.eclipse.jetty.servlet.DefaultServlet;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.ssl.SslContextFactory;
-
-
-
+import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
+import java.util.Properties;
-import org.onap.dmaap.dbcapi.database.LoadSchema;
-import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
/**
* A Jetty server which supports:
* - http and https (simultaneously for dev env)
* - static html pages (for documentation).
*/
public class JettyServer extends BaseLoggingClass {
- private Server server;
+ private Server server;
- public Server getServer() {
- return server;
- }
- public JettyServer( Properties params ) throws Exception {
-
- server = new Server();
- int httpPort = Integer.valueOf(params.getProperty("IntHttpPort", "80" ));
- int sslPort = Integer.valueOf(params.getProperty("IntHttpsPort", "443" ));
- boolean allowHttp = Boolean.valueOf(params.getProperty("HttpAllowed", "false"));
- serverLogger.info( "port params: http=" + httpPort + " https=" + sslPort );
- serverLogger.info( "allowHttp=" + allowHttp );
- String keystore=null;
- String keystorePwd = null;
- String keyPwd = null;
-
- // HTTP Server
-
- HttpConfiguration http_config = new HttpConfiguration();
- http_config.setSecureScheme("https");
- http_config.setSecurePort(sslPort);
- http_config.setOutputBufferSize(32768);
+ public Server getServer() {
+ return server;
+ }
-
-
- try(ServerConnector httpConnector = new ServerConnector(server, new HttpConnectionFactory(http_config))) {
- httpConnector.setPort(httpPort);
- httpConnector.setIdleTimeout(30000);
+ public JettyServer(Properties params) throws Exception {
+ server = new Server();
+ int httpPort = Integer.valueOf(params.getProperty("IntHttpPort", "80"));
+ int sslPort = Integer.valueOf(params.getProperty("IntHttpsPort", "443"));
+ boolean allowHttp = Boolean.valueOf(params.getProperty("HttpAllowed", "false"));
+ serverLogger.info("port params: http=" + httpPort + " https=" + sslPort);
+ serverLogger.info("allowHttp=" + allowHttp);
- // HTTPS Server
+ // HTTP Server
+ HttpConfiguration http_config = new HttpConfiguration();
+ http_config.setSecureScheme("https");
+ http_config.setSecurePort(sslPort);
+ http_config.setOutputBufferSize(32768);
- HttpConfiguration https_config = new HttpConfiguration(http_config);
- https_config.addCustomizer(new SecureRequestCustomizer());
- SslContextFactory sslContextFactory = new SslContextFactory();
- keystore = params.getProperty("KeyStoreFile", "etc/keystore");
- logger.info("https Server using keystore at " + keystore);
- keystorePwd = params.getProperty("KeyStorePassword", "changeit");
- keyPwd = params.getProperty("KeyPassword", "changeit");
+ try (ServerConnector httpConnector = new ServerConnector(server, new HttpConnectionFactory(http_config))) {
+ httpConnector.setPort(httpPort);
+ httpConnector.setIdleTimeout(30000);
+ // HTTPS Server
- sslContextFactory.setKeyStorePath(keystore);
- sslContextFactory.setKeyStorePassword(keystorePwd);
- sslContextFactory.setKeyManagerPassword(keyPwd);
+ HttpConfiguration https_config = new HttpConfiguration(http_config);
+ https_config.addCustomizer(new SecureRequestCustomizer());
+ SslContextFactory sslContextFactory = new SslContextFactory.Server();
+ sslContextFactory.setWantClientAuth(true);
+ setUpKeystore(params, sslContextFactory);
+ setUpTrustStore(params, sslContextFactory);
- if (sslPort != 0) {
- try(ServerConnector sslConnector = new ServerConnector(server,
- new SslConnectionFactory(sslContextFactory, "http/1.1"),
- new HttpConnectionFactory(https_config))) {
+ if (sslPort != 0) {
+ try (ServerConnector sslConnector = new ServerConnector(server,
+ new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
+ new HttpConnectionFactory(https_config))) {
sslConnector.setPort(sslPort);
- if (allowHttp) {
- logger.info("Starting httpConnector on port " + httpPort);
- logger.info("Starting sslConnector on port " + sslPort + " for https");
- server.setConnectors(new Connector[]{httpConnector, sslConnector});
- } else {
- logger.info("NOT starting httpConnector because HttpAllowed param is " + allowHttp);
- logger.info("Starting sslConnector on port " + sslPort + " for https");
- server.setConnectors(new Connector[]{sslConnector});
- }
+ server.addConnector(sslConnector);
+ serverLogger.info("Starting sslConnector on port " + sslPort + " for https");
}
- } else {
- serverLogger.info("NOT starting sslConnector on port " + sslPort + " for https");
- if (allowHttp) {
- serverLogger.info("Starting httpConnector on port " + httpPort);
- server.setConnectors(new Connector[]{httpConnector});
- }
- }
- }
-
+ } else {
+ serverLogger.info("NOT starting sslConnector because InHttpsPort param is " + sslPort );
+ }
+ if (allowHttp) {
+ serverLogger.info("Starting httpConnector on port " + httpPort);
+ server.addConnector(httpConnector);
+ } else {
+ serverLogger.info("NOT starting httpConnector because HttpAllowed param is " + allowHttp);
+ }
+ }
+
// Set context for servlet. This is shared for http and https
- ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
- context.setContextPath("/");
- server.setHandler( context );
+ ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
+ context.setContextPath("/");
+ server.setHandler(context);
- ServletHolder jerseyServlet = context.addServlet( org.glassfish.jersey.servlet.ServletContainer.class, "/webapi/*");
+ ServletHolder jerseyServlet = context
+ .addServlet(org.glassfish.jersey.servlet.ServletContainer.class, "/webapi/*");
jerseyServlet.setInitOrder(1);
- jerseyServlet.setInitParameter("jersey.config.server.provider.packages", "org.onap.dmaap.dbcapi.resources" );
- jerseyServlet.setInitParameter("javax.ws.rs.Application", "org.onap.dmaap.dbcapi.server.ApplicationConfig" );
-
+ jerseyServlet.setInitParameter("jersey.config.server.provider.packages", "org.onap.dmaap.dbcapi.resources");
+ jerseyServlet.setInitParameter("javax.ws.rs.Application", "org.onap.dmaap.dbcapi.server.ApplicationConfig");
+
// also serve up some static pages...
- ServletHolder staticServlet = context.addServlet(DefaultServlet.class,"/*");
- staticServlet.setInitParameter("resourceBase","www");
- staticServlet.setInitParameter("pathInfoOnly","true");
+ ServletHolder staticServlet = context.addServlet(DefaultServlet.class, "/*");
+ staticServlet.setInitParameter("resourceBase", "www");
+ staticServlet.setInitParameter("pathInfoOnly", "true");
+
+ registerAuthFilters(context);
try {
serverLogger.info("Starting jetty server");
- String unit_test = params.getProperty("UnitTest", "No");
+ String unit_test = params.getProperty("UnitTest", "No");
serverLogger.info("UnitTest=" + unit_test);
- if ( unit_test.equals( "No" ) ) {
- server.start();
- server.dumpStdErr();
- server.join();
- }
- } catch ( Exception e ) {
- errorLogger.error( "Exception " + e );
- errorLogger.error( "possibly unable to use keystore " + keystore + " with passwords " + keystorePwd + " and " + keyPwd );
- //System.exit(1);
+ if (unit_test.equals("No")) {
+ server.start();
+ server.dumpStdErr();
+ server.join();
+ }
+ } catch (Exception e) {
+ errorLogger.error("Exception " + e);
} finally {
- server.destroy();
+ server.destroy();
}
-
+
+ }
+
+ private void registerAuthFilters(ServletContextHandler context) {
+ context.addFilter("org.onap.dmaap.dbcapi.resources.AAFAuthenticationFilter", "/webapi/*",
+ Sets.newEnumSet(Sets.newHashSet(DispatcherType.FORWARD, DispatcherType.REQUEST), DispatcherType.class));
+ context.addFilter("org.onap.dmaap.dbcapi.resources.AAFAuthorizationFilter", "/webapi/*",
+ Sets.newEnumSet(Sets.newHashSet(DispatcherType.FORWARD, DispatcherType.REQUEST), DispatcherType.class));
+ }
+
+ private void setUpKeystore(Properties params, SslContextFactory sslContextFactory) {
+ String keystore = params.getProperty("KeyStoreFile", "etc/keystore");
+ logger.info("https Server using keystore at " + keystore);
+ sslContextFactory.setKeyStorePath(keystore);
+ sslContextFactory.setKeyStorePassword(params.getProperty("KeyStorePassword", "changeit"));
+ sslContextFactory.setKeyManagerPassword(params.getProperty("KeyPassword", "changeit"));
+ }
+
+ private void setUpTrustStore(Properties params, SslContextFactory sslContextFactory) {
+ String truststore = params.getProperty("TrustStoreFile", "etc/org.onap.dmaap-bc.trust.jks");
+ logger.info("https Server using truststore at " + truststore);
+ sslContextFactory.setTrustStorePath(truststore);
+ sslContextFactory.setTrustStoreType(params.getProperty("TrustStoreType", "jks"));
+ sslContextFactory.setTrustStorePassword(params.getProperty("TrustStorePassword", "changeit"));
}
}