X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-core%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fserver%2FJettyServiceStarter.java;h=5ebdc9e9e8cae7481c35612c745718c236e6c39d;hb=82755753f41112e1cdd91b2994620ad074dfbf20;hp=2d0a82a85f0474a6cfa9babf42370caa6e468783;hpb=2b5103e038a7727734097a671d331db9aaab77ba;p=aaf%2Fauthz.git diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java index 2d0a82a8..5ebdc9e9 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -21,7 +21,6 @@ package org.onap.aaf.auth.server; import java.io.IOException; -import java.net.Inet4Address; import java.net.InetAddress; import java.util.Properties; @@ -45,48 +44,34 @@ import org.eclipse.jetty.server.handler.AbstractHandler; import org.eclipse.jetty.util.ssl.SslContextFactory; import org.onap.aaf.auth.org.OrganizationException; import org.onap.aaf.auth.rserv.RServlet; +import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.LocatorException; -import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.cadi.config.SecurityInfo; import org.onap.aaf.misc.env.Trans; import org.onap.aaf.misc.env.util.Split; import org.onap.aaf.misc.rosetta.env.RosettaEnv; public class JettyServiceStarter extends AbsServiceStarter { - private boolean secure; - public JettyServiceStarter(final AbsService service) throws OrganizationException { - super(service); - secure = true; - } - - /** - * Specifically set this Service starter to Insecure (HTTP) Mode. - * @return - */ - public JettyServiceStarter insecure() { - secure = false; - return this; + public JettyServiceStarter(final AbsService service, boolean secure) throws OrganizationException { + super(service, secure); } - @Override public void _propertyAdjustment() { -// System.setProperty("com.sun.management.jmxremote.port", "8081"); Properties props = access().getProperties(); Object httpproto = null; // Critical - if no Security Protocols set, then set it. We'll just get messed up if not if ((httpproto=props.get(Config.CADI_PROTOCOLS))==null) { if ((httpproto=props.get(Config.HTTPS_PROTOCOLS))==null) { - props.put(Config.CADI_PROTOCOLS, (httpproto=SecurityInfo.HTTPS_PROTOCOLS_DEFAULT)); + props.put(Config.CADI_PROTOCOLS, (httpproto=Config.HTTPS_PROTOCOLS_DEFAULT)); } else { props.put(Config.CADI_PROTOCOLS, httpproto); } } - + if ("1.7".equals(System.getProperty("java.specification.version")) && (httpproto==null || (httpproto instanceof String && ((String)httpproto).contains("TLSv1.2")))) { System.setProperty(Config.HTTPS_CIPHER_SUITES, Config.HTTPS_CIPHER_SUITES_DEFAULT); } @@ -94,15 +79,11 @@ public class JettyServiceStarter ex @Override public void _start(RServlet rserv) throws Exception { - String hostname = access().getProperty(Config.HOSTNAME, null); - if (hostname==null) { - hostname = Inet4Address.getLocalHost().getHostName(); - } final int port = Integer.parseInt(access().getProperty("port","0")); final String keystore = access().getProperty(Config.CADI_KEYSTORE, null); final int IDLE_TIMEOUT = Integer.parseInt(access().getProperty(Config.AAF_CONN_IDLE_TIMEOUT, Config.AAF_CONN_IDLE_TIMEOUT_DEF)); Server server = new Server(); - + ServerConnector conn; String protocol; if (!secure || keystore==null) { @@ -110,7 +91,7 @@ public class JettyServiceStarter ex protocol = "http"; } else { protocol = "https"; - + String keystorePassword = access().getProperty(Config.CADI_KEYSTORE_PASSWORD, null); if (keystorePassword==null) { @@ -122,7 +103,7 @@ public class JettyServiceStarter ex sslContextFactory.setKeyStorePassword(temp=access().decrypt(keystorePassword, true)); // don't allow unencrypted sslContextFactory.setKeyManagerPassword(temp); temp=null; // don't leave lying around - + String truststore = access().getProperty(Config.CADI_TRUSTSTORE, null); if (truststore!=null) { String truststorePassword = access().getProperty(Config.CADI_TRUSTSTORE_PASSWORD, null); @@ -130,33 +111,28 @@ public class JettyServiceStarter ex throw new CadiException("No Truststore Password configured for " + truststore); } sslContextFactory.setTrustStorePath(truststore); - sslContextFactory.setTrustStorePassword(access().decrypt(truststorePassword, false)); + sslContextFactory.setTrustStorePassword(access().decrypt(truststorePassword, false)); } // Be able to accept only certain protocols, i.e. TLSv1.1+ - String subprotocols = access().getProperty(Config.CADI_PROTOCOLS, SecurityInfo.HTTPS_PROTOCOLS_DEFAULT); + String subprotocols = access().getProperty(Config.CADI_PROTOCOLS, Config.HTTPS_PROTOCOLS_DEFAULT); service.setSubprotocol(subprotocols); final String[] protocols = Split.splitTrim(',', subprotocols); sslContextFactory.setIncludeProtocols(protocols); - + // Want to use Client Certificates, if they exist. sslContextFactory.setWantClientAuth(true); - - // Optional future checks. - // sslContextFactory.setValidateCerts(true); - // sslContextFactory.setValidatePeerCerts(true); - // sslContextFactory.setEnableCRLDP(false); - // sslContextFactory.setEnableOCSP(false); + String certAlias = access().getProperty(Config.CADI_ALIAS, null); if (certAlias!=null) { sslContextFactory.setCertAlias(certAlias); } - + HttpConfiguration httpConfig = new HttpConfiguration(); httpConfig.setSecureScheme(protocol); httpConfig.setSecurePort(port); httpConfig.addCustomizer(new SecureRequestCustomizer()); // httpConfig.setOutputBufferSize(32768); Not sure why take this setting - + conn = new ServerConnector(server, new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpConfig) @@ -164,22 +140,11 @@ public class JettyServiceStarter ex } service.setProtocol(protocol); - - // Setup JMX - // TODO trying to figure out how to set up/log ports -// MBeanServer mbeanServer = ManagementFactory.getPlatformMBeanServer(); -// MBeanContainer mbContainer=new MBeanContainer(mbeanServer); -// server.addEventListener(mbContainer); -// server.addBean(mbContainer); - - // Add loggers MBean to server (will be picked up by MBeanContainer above) -// server.addBean(Log.getLog()); - conn.setHost(hostname); conn.setPort(port); conn.setIdleTimeout(IDLE_TIMEOUT); server.addConnector(conn); - + server.setHandler(new AbstractHandler() { private FilterChain fc = buildFilterChain(service,new FilterChain() { @Override @@ -187,7 +152,7 @@ public class JettyServiceStarter ex rserv.service(req, resp); } }); - + @Override public void handle(String target, Request baseRequest, HttpServletRequest hreq, HttpServletResponse hresp) throws IOException, ServletException { try { @@ -200,7 +165,7 @@ public class JettyServiceStarter ex } } ); - + try { access().printf(Level.INIT, "Starting service on %s:%d (%s)",hostname,port,InetAddress.getByName(hostname).getHostAddress()); server.start(); @@ -215,11 +180,17 @@ public class JettyServiceStarter ex } } try { - register(service.registrants(port)); - access().printf(Level.INIT, "Starting Jetty Service for %s, version %s, on %s://%s:%d", service.app_name,service.app_version,protocol,hostname,port); - //server.join(); + String noRegister = env().getProperty("aaf_no_register",null); + if(noRegister==null) { + register(service.registrants(port)); + } else { + access().printf(Level.INIT,"'aaf_no_register' is set. %s will not be registered with Locator", service.appName); + } + access().printf(Level.INIT, "Starting Jetty Service for %s, version %s, on %s://%s:%d", service.appName,service.appVersion,protocol,hostname,port); + + rserv.postStartup(hostname, port); } catch (Exception e) { - access().log(e,"Error registering " + service.app_name); + access().log(e,"Error registering " + service.appName); String doExit = access().getProperty("cadi_exitOnFailure", "true"); if (doExit == "true") { System.exit(1); @@ -237,15 +208,15 @@ public class JettyServiceStarter ex } return fc; } - + private class FCImpl implements FilterChain { private Filter f; private FilterChain next; - + public FCImpl(final Filter f, final FilterChain fc) { this.f=f; next = fc; - + } @Override public void doFilter(ServletRequest req, ServletResponse resp) throws IOException, ServletException {