X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdbcapi%2Fserver%2FJettyServer.java;h=7457ce982a96113bff15e9135b0cb3a63b47c21e;hb=03b16f6df6fe5545a4ed219916c77dd696694ea2;hp=4d063106f07316258df7636ec7e7263d5bfe4746;hpb=a05efb7b7b3cfc77f5e3fda11e8434834829f56a;p=dmaap%2Fdbcapi.git diff --git a/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java b/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java index 4d06310..7457ce9 100644 --- a/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java +++ b/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java @@ -2,7 +2,9 @@ * ============LICENSE_START======================================================= * org.onap.dmaap * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017 AT&T Intellectual Property. + * + * Modifications Copyright (C) 2019 IBM. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,33 +22,17 @@ package org.onap.dmaap.dbcapi.server; - -import java.util.Properties; - -import javax.net.ssl.SSLContext; - -import org.apache.log4j.Logger; -import org.eclipse.jetty.security.SecurityHandler; -import org.eclipse.jetty.server.Connector; -import org.eclipse.jetty.server.HttpConfiguration; -import org.eclipse.jetty.server.HttpConnectionFactory; -import org.eclipse.jetty.server.SecureRequestCustomizer; -import org.eclipse.jetty.server.Server; -import org.eclipse.jetty.server.ServerConnector; -import org.eclipse.jetty.server.SslConnectionFactory; +import com.google.common.collect.Sets; +import javax.servlet.DispatcherType; +import org.eclipse.jetty.server.*; import org.eclipse.jetty.servlet.DefaultServlet; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.util.ssl.SslContextFactory; - - - +import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; +import java.util.Properties; -import org.onap.dmaap.dbcapi.aaf.database.LoadSchema; -import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; /** * A Jetty server which supports: * - http and https (simultaneously for dev env) @@ -55,97 +41,122 @@ import org.onap.dmaap.dbcapi.logging.BaseLoggingClass; */ public class JettyServer extends BaseLoggingClass { - public JettyServer( Properties params ) throws Exception { + private Server server; - Server server = new Server(); - int httpPort = Integer.valueOf(params.getProperty("IntHttpPort", "80" )); - int sslPort = Integer.valueOf(params.getProperty("IntHttpsPort", "443" )); - boolean allowHttp = Boolean.valueOf(params.getProperty("HttpAllowed", "false")); - serverLogger.info( "port params: http=" + httpPort + " https=" + sslPort ); - serverLogger.info( "allowHttp=" + allowHttp ); - - // HTTP Server - HttpConfiguration http_config = new HttpConfiguration(); - http_config.setSecureScheme("https"); - http_config.setSecurePort(sslPort); - http_config.setOutputBufferSize(32768); - - - - ServerConnector httpConnector = new ServerConnector(server, new HttpConnectionFactory(http_config)); - httpConnector.setPort(httpPort); - httpConnector.setIdleTimeout(30000); - - - // HTTPS Server - - HttpConfiguration https_config = new HttpConfiguration(http_config); - https_config.addCustomizer(new SecureRequestCustomizer()); - SslContextFactory sslContextFactory = new SslContextFactory(); - String keystore = params.getProperty("KeyStoreFile", "etc/keystore"); - logger.info( "https Server using keystore at " + keystore ); - String keystorePwd = params.getProperty( "KeyStorePassword", "changeit"); - String keyPwd = params.getProperty("KeyPassword", "changeit"); - + public Server getServer() { + return server; + } + + public JettyServer(Properties params) throws Exception { + + server = new Server(); + int httpPort = Integer.valueOf(params.getProperty("IntHttpPort", "80")); + int sslPort = Integer.valueOf(params.getProperty("IntHttpsPort", "443")); + boolean allowHttp = Boolean.valueOf(params.getProperty("HttpAllowed", "false")); + serverLogger.info("port params: http=" + httpPort + " https=" + sslPort); + serverLogger.info("allowHttp=" + allowHttp); + + // HTTP Server + HttpConfiguration http_config = new HttpConfiguration(); + http_config.setSecureScheme("https"); + http_config.setSecurePort(sslPort); + http_config.setOutputBufferSize(32768); + + try (ServerConnector httpConnector = new ServerConnector(server, new HttpConnectionFactory(http_config))) { + httpConnector.setPort(httpPort); + httpConnector.setIdleTimeout(30000); + + // HTTPS Server + + HttpConfiguration https_config = new HttpConfiguration(http_config); + https_config.addCustomizer(new SecureRequestCustomizer()); + SslContextFactory sslContextFactory = new SslContextFactory(); + sslContextFactory.setWantClientAuth(true); + + setUpKeystore(params, sslContextFactory); + setUpTrustStore(params, sslContextFactory); + + if (sslPort != 0) { + try (ServerConnector sslConnector = new ServerConnector(server, + new SslConnectionFactory(sslContextFactory, "http/1.1"), + new HttpConnectionFactory(https_config))) { + sslConnector.setPort(sslPort); + if (allowHttp) { + logger.info("Starting httpConnector on port " + httpPort); + logger.info("Starting sslConnector on port " + sslPort + " for https"); + server.setConnectors(new Connector[]{httpConnector, sslConnector}); + } else { + logger.info("NOT starting httpConnector because HttpAllowed param is " + allowHttp); + logger.info("Starting sslConnector on port " + sslPort + " for https"); + server.setConnectors(new Connector[]{sslConnector}); + } + } + } else { + serverLogger.info("NOT starting sslConnector on port " + sslPort + " for https"); + if (allowHttp) { + serverLogger.info("Starting httpConnector on port " + httpPort); + server.setConnectors(new Connector[]{httpConnector}); + } + } + } - sslContextFactory.setKeyStorePath(keystore); - sslContextFactory.setKeyStorePassword(keystorePwd); - sslContextFactory.setKeyManagerPassword(keyPwd); - - - ServerConnector sslConnector = null; - if ( sslPort != 0 ) { - sslConnector = new ServerConnector(server, - new SslConnectionFactory(sslContextFactory, "http/1.1"), - new HttpConnectionFactory(https_config)); - sslConnector.setPort(sslPort); - if ( allowHttp ) { - logger.info("Starting httpConnector on port " + httpPort ); - logger.info("Starting sslConnector on port " + sslPort + " for https"); - server.setConnectors( new Connector[] { httpConnector, sslConnector }); - } else { - logger.info("NOT starting httpConnector because HttpAllowed param is " + allowHttp ); - logger.info("Starting sslConnector on port " + sslPort + " for https"); - server.setConnectors( new Connector[] { sslConnector }); - } - } - else { - serverLogger.info("NOT starting sslConnector on port " + sslPort + " for https"); - if ( allowHttp ) { - serverLogger.info("Starting httpConnector on port " + httpPort ); - server.setConnectors( new Connector[] { httpConnector }); - } - } - // Set context for servlet. This is shared for http and https - ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS); - context.setContextPath("/"); - server.setHandler( context ); + ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS); + context.setContextPath("/"); + server.setHandler(context); - ServletHolder jerseyServlet = context.addServlet( org.glassfish.jersey.servlet.ServletContainer.class, "/webapi/*"); + ServletHolder jerseyServlet = context + .addServlet(org.glassfish.jersey.servlet.ServletContainer.class, "/webapi/*"); jerseyServlet.setInitOrder(1); - jerseyServlet.setInitParameter("jersey.config.server.provider.packages", "org.onap.dmaap.dbcapi.resources" ); - jerseyServlet.setInitParameter("javax.ws.rs.Application", "org.onap.dmaap.dbcapi.server.ApplicationConfig" ); - + jerseyServlet.setInitParameter("jersey.config.server.provider.packages", "org.onap.dmaap.dbcapi.resources"); + jerseyServlet.setInitParameter("javax.ws.rs.Application", "org.onap.dmaap.dbcapi.server.ApplicationConfig"); + // also serve up some static pages... - ServletHolder staticServlet = context.addServlet(DefaultServlet.class,"/*"); - staticServlet.setInitParameter("resourceBase","www"); - staticServlet.setInitParameter("pathInfoOnly","true"); + ServletHolder staticServlet = context.addServlet(DefaultServlet.class, "/*"); + staticServlet.setInitParameter("resourceBase", "www"); + staticServlet.setInitParameter("pathInfoOnly", "true"); + + registerAuthFilters(context); try { serverLogger.info("Starting jetty server"); - server.start(); - server.dumpStdErr(); - server.join(); - } catch ( Exception e ) { - errorLogger.error( "Exception " + e ); - errorLogger.error( "possibly unable to use keystore " + keystore + " with passwords " + keystorePwd + " and " + keyPwd ); - //System.exit(1); + String unit_test = params.getProperty("UnitTest", "No"); + serverLogger.info("UnitTest=" + unit_test); + if (unit_test.equals("No")) { + server.start(); + server.dumpStdErr(); + server.join(); + } + } catch (Exception e) { + errorLogger.error("Exception " + e); } finally { - server.destroy(); + server.destroy(); } - + + } + + private void registerAuthFilters(ServletContextHandler context) { + context.addFilter("org.onap.dmaap.dbcapi.resources.AAFAuthenticationFilter", "/webapi/*", + Sets.newEnumSet(Sets.newHashSet(DispatcherType.FORWARD, DispatcherType.REQUEST), DispatcherType.class)); + context.addFilter("org.onap.dmaap.dbcapi.resources.AAFAuthorizationFilter", "/webapi/*", + Sets.newEnumSet(Sets.newHashSet(DispatcherType.FORWARD, DispatcherType.REQUEST), DispatcherType.class)); + } + + private void setUpKeystore(Properties params, SslContextFactory sslContextFactory) { + String keystore = params.getProperty("KeyStoreFile", "etc/keystore"); + logger.info("https Server using keystore at " + keystore); + sslContextFactory.setKeyStorePath(keystore); + sslContextFactory.setKeyStorePassword(params.getProperty("KeyStorePassword", "changeit")); + sslContextFactory.setKeyManagerPassword(params.getProperty("KeyPassword", "changeit")); + } + + private void setUpTrustStore(Properties params, SslContextFactory sslContextFactory) { + String truststore = params.getProperty("TrustStoreFile", "etc/org.onap.dmaap-bc.trust.jks"); + logger.info("https Server using truststore at " + truststore); + sslContextFactory.setTrustStorePath(truststore); + sslContextFactory.setTrustStoreType(params.getProperty("TrustStoreType", "jks")); + sslContextFactory.setTrustStorePassword(params.getProperty("TrustStorePassword", "changeit")); } }