X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-core%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fserver%2FJettyServiceStarter.java;h=d29b8f268b3181a5fcfd485b308eabdd21b16bd7;hb=12414fe43077e12d7ef711951b1633ad31d73573;hp=4b2ca32cc7a8d3cb9a0b30369b9826109e262776;hpb=f5bb572dd89dea0d74e4e8ba17c7bf5b044c2dc4;p=aaf%2Fauthz.git diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java index 4b2ca32c..d29b8f26 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/server/JettyServiceStarter.java @@ -56,209 +56,200 @@ import org.onap.aaf.misc.rosetta.env.RosettaEnv; public class JettyServiceStarter extends AbsServiceStarter { + private boolean secure; - private boolean secure; + public JettyServiceStarter(final AbsService service) throws OrganizationException { + super(service); + secure = true; + } + + /** + * Specifically set this Service starter to Insecure (HTTP) Mode. + * @return + */ + public JettyServiceStarter insecure() { + secure = false; + return this; + } - public JettyServiceStarter(final AbsService service) throws OrganizationException { - super(service); - secure = true; - } - - /** - * Specifically set this Service starter to Insecure (HTTP) Mode. - * @return - */ - public JettyServiceStarter insecure() { - secure = false; - return this; - } -// @Override -// public void _propertyAdjustment() { -// Properties props = access().getProperties(); -// Object temp = null; -// // Critical - if no Security Protocols set, then set it. We'll just get messed up if not -// if((temp=props.get(Config.CADI_PROTOCOLS))==null) { -// if((temp=props.get(Config.HTTPS_PROTOCOLS))==null) { -// props.put(Config.CADI_PROTOCOLS, SecurityInfo.HTTPS_PROTOCOLS_DEFAULT); -// } else { -// props.put(Config.CADI_PROTOCOLS, temp); -// } -// } -// -// if("1.7".equals(System.getProperty("java.specification.version"))) { -// System.setProperty(Config.HTTPS_CIPHER_SUITES, Config.HTTPS_CIPHER_SUITES_DEFAULT); -// } -// System.setProperty(Config.HTTPS_CIPHER_SUITES, temp.toString()); -// } + @Override + public void _propertyAdjustment() { +// System.setProperty("com.sun.management.jmxremote.port", "8081"); + Properties props = access().getProperties(); + Object httpproto = null; + // Critical - if no Security Protocols set, then set it. We'll just get messed up if not + if ((httpproto=props.get(Config.CADI_PROTOCOLS))==null) { + if ((httpproto=props.get(Config.HTTPS_PROTOCOLS))==null) { + props.put(Config.CADI_PROTOCOLS, (httpproto=SecurityInfo.HTTPS_PROTOCOLS_DEFAULT)); + } else { + props.put(Config.CADI_PROTOCOLS, httpproto); + } + } + + if ("1.7".equals(System.getProperty("java.specification.version")) && (httpproto==null || (httpproto instanceof String && ((String)httpproto).contains("TLSv1.2")))) { + System.setProperty(Config.HTTPS_CIPHER_SUITES, Config.HTTPS_CIPHER_SUITES_DEFAULT); + } + } - @Override - public void _propertyAdjustment() { -// System.setProperty("com.sun.management.jmxremote.port", "8081"); - Properties props = access().getProperties(); - Object httpproto = null; - // Critical - if no Security Protocols set, then set it. We'll just get messed up if not - if((httpproto=props.get(Config.CADI_PROTOCOLS))==null) { - if((httpproto=props.get(Config.HTTPS_PROTOCOLS))==null) { - props.put(Config.CADI_PROTOCOLS, (httpproto=SecurityInfo.HTTPS_PROTOCOLS_DEFAULT)); - } else { - props.put(Config.CADI_PROTOCOLS, httpproto); - } - } - - if("1.7".equals(System.getProperty("java.specification.version")) && (httpproto==null || (httpproto instanceof String && ((String)httpproto).contains("TLSv1.2")))) { - System.setProperty(Config.HTTPS_CIPHER_SUITES, Config.HTTPS_CIPHER_SUITES_DEFAULT); - } - } + @Override + public void _start(RServlet rserv) throws Exception { + String hostname = access().getProperty(Config.HOSTNAME, null); + if (hostname==null) { + hostname = Inet4Address.getLocalHost().getHostName(); + } + final int port = Integer.parseInt(access().getProperty("port","0")); + final String keystore = access().getProperty(Config.CADI_KEYSTORE, null); + final int IDLE_TIMEOUT = Integer.parseInt(access().getProperty(Config.AAF_CONN_IDLE_TIMEOUT, Config.AAF_CONN_IDLE_TIMEOUT_DEF)); + Server server = new Server(); + + ServerConnector conn; + String protocol; + if (!secure || keystore==null) { + conn = new ServerConnector(server); + protocol = "http"; + } else { + protocol = "https"; + - @Override - public void _start(RServlet rserv) throws Exception { - String hostname = access().getProperty(Config.HOSTNAME, null); - if(hostname==null) { - hostname = Inet4Address.getLocalHost().getHostName(); - } - final int port = Integer.parseInt(access().getProperty("port","0")); - final String keystore = access().getProperty(Config.CADI_KEYSTORE, null); - final int IDLE_TIMEOUT = Integer.parseInt(access().getProperty(Config.AAF_CONN_IDLE_TIMEOUT, Config.AAF_CONN_IDLE_TIMEOUT_DEF)); - Server server = new Server(); - - ServerConnector conn; - String protocol; - if(!secure || keystore==null) { - conn = new ServerConnector(server); - protocol = "http"; - } else { - protocol = "https"; + String keystorePassword = access().getProperty(Config.CADI_KEYSTORE_PASSWORD, null); + if (keystorePassword==null) { + throw new CadiException("No Keystore Password configured for " + keystore); + } + SslContextFactory sslContextFactory = new SslContextFactory(); + sslContextFactory.setKeyStorePath(keystore); + String temp; + sslContextFactory.setKeyStorePassword(temp=access().decrypt(keystorePassword, true)); // don't allow unencrypted + sslContextFactory.setKeyManagerPassword(temp); + temp=null; // don't leave lying around + + String truststore = access().getProperty(Config.CADI_TRUSTSTORE, null); + if (truststore!=null) { + String truststorePassword = access().getProperty(Config.CADI_TRUSTSTORE_PASSWORD, null); + if (truststorePassword==null) { + throw new CadiException("No Truststore Password configured for " + truststore); + } + sslContextFactory.setTrustStorePath(truststore); + sslContextFactory.setTrustStorePassword(access().decrypt(truststorePassword, true)); + } + // Be able to accept only certain protocols, i.e. TLSv1.1+ + String subprotocols = access().getProperty(Config.CADI_PROTOCOLS, SecurityInfo.HTTPS_PROTOCOLS_DEFAULT); + service.setSubprotocol(subprotocols); + final String[] protocols = Split.splitTrim(',', subprotocols); + sslContextFactory.setIncludeProtocols(protocols); + + // Want to use Client Certificates, if they exist. + sslContextFactory.setWantClientAuth(true); + + // Optional future checks. + // sslContextFactory.setValidateCerts(true); + // sslContextFactory.setValidatePeerCerts(true); + // sslContextFactory.setEnableCRLDP(false); + // sslContextFactory.setEnableOCSP(false); + String certAlias = access().getProperty(Config.CADI_ALIAS, null); + if (certAlias!=null) { + sslContextFactory.setCertAlias(certAlias); + } + + HttpConfiguration httpConfig = new HttpConfiguration(); + httpConfig.setSecureScheme(protocol); + httpConfig.setSecurePort(port); + httpConfig.addCustomizer(new SecureRequestCustomizer()); + // httpConfig.setOutputBufferSize(32768); Not sure why take this setting + + conn = new ServerConnector(server, + new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), + new HttpConnectionFactory(httpConfig) + ); + } + service.setProtocol(protocol); - String keystorePassword = access().getProperty(Config.CADI_KEYSTORE_PASSWORD, null); - if(keystorePassword==null) { - throw new CadiException("No Keystore Password configured for " + keystore); - } - SslContextFactory sslContextFactory = new SslContextFactory(); - sslContextFactory.setKeyStorePath(keystore); - String temp; - sslContextFactory.setKeyStorePassword(temp=access().decrypt(keystorePassword, true)); // don't allow unencrypted - sslContextFactory.setKeyManagerPassword(temp); - temp=null; // don't leave lying around - - String truststore = access().getProperty(Config.CADI_TRUSTSTORE, null); - if(truststore!=null) { - String truststorePassword = access().getProperty(Config.CADI_TRUSTSTORE_PASSWORD, null); - if(truststorePassword==null) { - throw new CadiException("No Truststore Password configured for " + truststore); - } - sslContextFactory.setTrustStorePath(truststore); - sslContextFactory.setTrustStorePassword(access().decrypt(truststorePassword, true)); - } - // Be able to accept only certain protocols, i.e. TLSv1.1+ - final String[] protocols = Split.splitTrim(',', access().getProperty(Config.CADI_PROTOCOLS, SecurityInfo.HTTPS_PROTOCOLS_DEFAULT)); - sslContextFactory.setIncludeProtocols(protocols); - - // Want to use Client Certificates, if they exist. - sslContextFactory.setWantClientAuth(true); - - // Optional future checks. - // sslContextFactory.setValidateCerts(true); - // sslContextFactory.setValidatePeerCerts(true); - // sslContextFactory.setEnableCRLDP(false); - // sslContextFactory.setEnableOCSP(false); - String certAlias = access().getProperty(Config.CADI_ALIAS, null); - if(certAlias!=null) { - sslContextFactory.setCertAlias(certAlias); - } - - HttpConfiguration httpConfig = new HttpConfiguration(); - httpConfig.setSecureScheme(protocol); - httpConfig.setSecurePort(port); - httpConfig.addCustomizer(new SecureRequestCustomizer()); - // httpConfig.setOutputBufferSize(32768); Not sure why take this setting - - conn = new ServerConnector(server, - new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()), - new HttpConnectionFactory(httpConfig) - ); - } - - // Setup JMX - // TODO trying to figure out how to set up/log ports -// MBeanServer mbeanServer = ManagementFactory.getPlatformMBeanServer(); -// MBeanContainer mbContainer=new MBeanContainer(mbeanServer); -// server.addEventListener(mbContainer); -// server.addBean(mbContainer); - - // Add loggers MBean to server (will be picked up by MBeanContainer above) -// server.addBean(Log.getLog()); - - conn.setHost(hostname); - conn.setPort(port); - conn.setIdleTimeout(IDLE_TIMEOUT); - server.addConnector(conn); - - server.setHandler(new AbstractHandler() { - private FilterChain fc = buildFilterChain(service,new FilterChain() { - @Override - public void doFilter(ServletRequest req, ServletResponse resp) throws IOException, ServletException { - rserv.service(req, resp); - } - }); - - @Override - public void handle(String target, Request baseRequest, HttpServletRequest hreq, HttpServletResponse hresp) throws IOException, ServletException { - try { - fc.doFilter(hreq,hresp); - } catch (Exception e) { - service.access.log(e, "Error Processing " + target); - hresp.setStatus(500 /* Service Error */); - } - baseRequest.setHandled(true); - } - } - ); - - try { - access().printf(Level.INIT, "Starting service on %s:%d (%s)",hostname,port,InetAddress.getLocalHost().getHostAddress()); - server.start(); - access().log(Level.INIT,server.dump()); - } catch (Exception e) { - access().log(e,"Error starting " + service.app_name); - String doExit = access().getProperty("cadi_exitOnFailure", "true"); - if (doExit == "true") { - System.exit(1); - } else { - throw e; - } - } - try { - register(service.registrants(port)); - access().printf(Level.INIT, "Starting Jetty Service for %s, version %s, on %s://%s:%d", service.app_name,service.app_version,protocol,hostname,port); - } catch(Exception e) { - access().log(e,"Error registering " + service.app_name); - // Question: Should Registered Services terminate? - } - server.join(); - } + + // Setup JMX + // TODO trying to figure out how to set up/log ports +// MBeanServer mbeanServer = ManagementFactory.getPlatformMBeanServer(); +// MBeanContainer mbContainer=new MBeanContainer(mbeanServer); +// server.addEventListener(mbContainer); +// server.addBean(mbContainer); + + // Add loggers MBean to server (will be picked up by MBeanContainer above) +// server.addBean(Log.getLog()); + + conn.setHost(hostname); + conn.setPort(port); + conn.setIdleTimeout(IDLE_TIMEOUT); + server.addConnector(conn); + + server.setHandler(new AbstractHandler() { + private FilterChain fc = buildFilterChain(service,new FilterChain() { + @Override + public void doFilter(ServletRequest req, ServletResponse resp) throws IOException, ServletException { + rserv.service(req, resp); + } + }); + + @Override + public void handle(String target, Request baseRequest, HttpServletRequest hreq, HttpServletResponse hresp) throws IOException, ServletException { + try { + fc.doFilter(hreq,hresp); + } catch (Exception e) { + service.access.log(e, "Error Processing " + target); + hresp.setStatus(500 /* Service Error */); + } + baseRequest.setHandled(true); + } + } + ); + + try { + access().printf(Level.INIT, "Starting service on %s:%d (%s)",hostname,port,InetAddress.getLocalHost().getHostAddress()); + server.start(); + access().log(Level.INIT,server.dump()); + } catch (Exception e) { + access().log(e,"Error starting " + hostname + ':' + port + ' ' + InetAddress.getLocalHost().getHostAddress()); + String doExit = access().getProperty("cadi_exitOnFailure", "true"); + if (doExit == "true") { + System.exit(1); + } else { + throw e; + } + } + try { + register(service.registrants(port)); + access().printf(Level.INIT, "Starting Jetty Service for %s, version %s, on %s://%s:%d", service.app_name,service.app_version,protocol,hostname,port); + //server.join(); + } catch (Exception e) { + access().log(e,"Error registering " + service.app_name); + String doExit = access().getProperty("cadi_exitOnFailure", "true"); + if (doExit == "true") { + System.exit(1); + } else { + throw e; + } + } + } - private FilterChain buildFilterChain(final AbsService as, final FilterChain doLast) throws CadiException, LocatorException { - Filter[] filters = as.filters(); - FilterChain fc = doLast; - for(int i=filters.length-1;i>=0;--i) { - fc = new FCImpl(filters[i],fc); - } - return fc; - } - - private class FCImpl implements FilterChain { - private Filter f; - private FilterChain next; - - public FCImpl(final Filter f, final FilterChain fc) { - this.f=f; - next = fc; - - } - @Override - public void doFilter(ServletRequest req, ServletResponse resp) throws IOException, ServletException { - f.doFilter(req,resp, next); - } - } + private FilterChain buildFilterChain(final AbsService as, final FilterChain doLast) throws CadiException, LocatorException { + Filter[] filters = as.filters(); + FilterChain fc = doLast; + for (int i=filters.length-1;i>=0;--i) { + fc = new FCImpl(filters[i],fc); + } + return fc; + } + + private class FCImpl implements FilterChain { + private Filter f; + private FilterChain next; + + public FCImpl(final Filter f, final FilterChain fc) { + this.f=f; + next = fc; + + } + @Override + public void doFilter(ServletRequest req, ServletResponse resp) throws IOException, ServletException { + f.doFilter(req,resp, next); + } + } }