org.eclipse.jetty.server.ssl
Class SslSelectChannelConnector
java.lang.Object
org.eclipse.jetty.util.component.AbstractLifeCycle
org.eclipse.jetty.http.HttpBuffers
org.eclipse.jetty.server.AbstractConnector
org.eclipse.jetty.server.nio.AbstractNIOConnector
org.eclipse.jetty.server.nio.SelectChannelConnector
org.eclipse.jetty.server.ssl.SslSelectChannelConnector
- All Implemented Interfaces:
- Connector, NIOConnector, SslConnector, LifeCycle
public class SslSelectChannelConnector
- extends SelectChannelConnector
- implements SslConnector
SslSelectChannelConnector.
|
Method Summary |
protected SSLContext |
createSSLContext()
|
protected SSLEngine |
createSSLEngine()
|
void |
customize(EndPoint endpoint,
Request request)
Allow the Listener a chance to customise the request. |
protected void |
doStart()
|
String |
getAlgorithm()
Deprecated. use getSslKeyManagerFactoryAlgorithm() or
getSslTrustManagerFactoryAlgorithm() |
String[] |
getExcludeCipherSuites()
|
protected KeyManager[] |
getKeyManagers()
|
String |
getKeystore()
|
protected KeyStore |
getKeyStore(String keystorePath,
String keystoreType,
String keystorePassword)
|
String |
getKeystoreType()
|
boolean |
getNeedClientAuth()
|
String |
getProtocol()
|
String |
getProvider()
|
String |
getSecureRandomAlgorithm()
|
SSLContext |
getSslContext()
|
String |
getSslKeyManagerFactoryAlgorithm()
|
String |
getSslTrustManagerFactoryAlgorithm()
|
protected TrustManager[] |
getTrustManagers()
|
String |
getTruststore()
|
String |
getTruststoreType()
|
boolean |
getWantClientAuth()
|
boolean |
isConfidential(Request request)
By default, we're confidential, given we speak SSL. |
boolean |
isIntegral(Request request)
By default, we're integral, given we speak SSL. |
protected Connection |
newConnection(SocketChannel channel,
SelectChannelEndPoint endpoint)
|
protected SelectChannelEndPoint |
newEndPoint(SocketChannel channel,
SelectorManager.SelectSet selectSet,
SelectionKey key)
|
void |
setAlgorithm(String algorithm)
Deprecated. use setSslKeyManagerFactoryAlgorithm(String) or
setSslTrustManagerFactoryAlgorithm(String) |
void |
setExcludeCipherSuites(String[] cipherSuites)
|
void |
setKeyPassword(String password)
|
void |
setKeystore(String keystore)
|
void |
setKeystoreType(String keystoreType)
|
void |
setNeedClientAuth(boolean needClientAuth)
|
void |
setPassword(String password)
|
void |
setProtocol(String protocol)
|
void |
setProvider(String provider)
|
void |
setSecureRandomAlgorithm(String algorithm)
|
void |
setSslContext(SSLContext sslContext)
|
void |
setSslKeyManagerFactoryAlgorithm(String algorithm)
|
void |
setSslTrustManagerFactoryAlgorithm(String algorithm)
|
void |
setTrustPassword(String password)
|
void |
setTruststore(String truststore)
|
void |
setTruststoreType(String truststoreType)
|
void |
setWantClientAuth(boolean wantClientAuth)
|
| Methods inherited from class org.eclipse.jetty.server.nio.SelectChannelConnector |
accept, close, doStop, dump, getConnection, getLocalPort, getLowResourcesConnections, getLowResourcesMaxIdleTime, open, persist, setLowResourceMaxIdleTime, setLowResourcesConnections, setLowResourcesMaxIdleTime, setMaxIdleTime |
| Methods inherited from class org.eclipse.jetty.server.AbstractConnector |
checkForwardedHeaders, configure, connectionClosed, connectionOpened, getAcceptorPriorityOffset, getAcceptors, getAcceptQueueSize, getConfidentialPort, getConfidentialScheme, getConnections, getConnectionsDurationAve, getConnectionsDurationMax, getConnectionsDurationMin, getConnectionsDurationTotal, getConnectionsOpen, getConnectionsOpenMax, getConnectionsOpenMin, getConnectionsRequestsAve, getConnectionsRequestsMax, getConnectionsRequestsMin, getForwardedForHeader, getForwardedHostHeader, getForwardedServerHeader, getHost, getHostHeader, getIntegralPort, getIntegralScheme, getLeftMostValue, getLowResourceMaxIdleTime, getMaxIdleTime, getName, getPort, getRequests, getResolveNames, getReuseAddress, getServer, getSoLingerTime, getStatsOn, getStatsOnMs, getThreadPool, isForwarded, isLowResources, join, newBuffer, setAcceptorPriorityOffset, setAcceptors, setAcceptQueueSize, setConfidentialPort, setConfidentialScheme, setForwarded, setForwardedForHeader, setForwardedHostHeader, setForwardedServerHeader, setHost, setHostHeader, setIntegralPort, setIntegralScheme, setName, setPort, setResolveNames, setReuseAddress, setServer, setSoLingerTime, setStatsOn, setThreadPool, statsReset, stopAccept, toString |
| Methods inherited from class org.eclipse.jetty.http.HttpBuffers |
getHeaderBufferSize, getRequestBuffers, getRequestBufferSize, getRequestHeaderSize, getResponseBuffers, getResponseBufferSize, getResponseHeaderSize, setHeaderBufferSize, setRequestBufferSize, setRequestHeaderSize, setResponseBufferSize, setResponseHeaderSize |
| Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle |
addLifeCycleListener, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop |
| Methods inherited from interface org.eclipse.jetty.server.Connector |
close, getConfidentialPort, getConfidentialScheme, getConnection, getConnections, getConnectionsDurationAve, getConnectionsDurationMax, getConnectionsDurationMin, getConnectionsDurationTotal, getConnectionsOpen, getConnectionsOpenMax, getConnectionsOpenMin, getConnectionsRequestsAve, getConnectionsRequestsMax, getConnectionsRequestsMin, getHost, getIntegralPort, getIntegralScheme, getLocalPort, getLowResourceMaxIdleTime, getMaxIdleTime, getName, getPort, getRequestBuffers, getRequestBufferSize, getRequestHeaderSize, getRequests, getResolveNames, getResponseBuffers, getResponseBufferSize, getResponseHeaderSize, getServer, getStatsOn, getStatsOnMs, isLowResources, open, persist, setHost, setLowResourceMaxIdleTime, setMaxIdleTime, setPort, setRequestBufferSize, setRequestHeaderSize, setResponseBufferSize, setResponseHeaderSize, setServer, setStatsOn, statsReset |
SslSelectChannelConnector
public SslSelectChannelConnector()
customize
public void customize(EndPoint endpoint,
Request request)
throws IOException
- Allow the Listener a chance to customise the request. before the server
does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:
- an attribute named "javax.servlet.request.ssl_session_id" of type
String (since Servlet Spec 3.0).
- an attribute named "javax.servlet.request.cipher_suite" of type
String.
- an attribute named "javax.servlet.request.key_size" of type Integer.
- an attribute named "javax.servlet.request.X509Certificate" of type
java.security.cert.X509Certificate[]. This is an array of objects of type
X509Certificate, the order of this array is defined as being in ascending
order of trust. The first certificate in the chain is the one set by the
client, the next is the one used to authenticate the first, and so on.
- Specified by:
customize in interface Connector- Overrides:
customize in class SelectChannelConnector
- Parameters:
endpoint - The Socket the request arrived on. This should be a
SocketEndPoint wrapping a SSLSocket.request - HttpRequest to be customised.
- Throws:
IOException
getExcludeCipherSuites
public String[] getExcludeCipherSuites()
- Specified by:
getExcludeCipherSuites in interface SslConnector
- Returns:
- The array of Ciphersuite names to exclude from
SSLEngine.setEnabledCipherSuites(String[]) - See Also:
SslConnector.getExcludeCipherSuites()
setExcludeCipherSuites
public void setExcludeCipherSuites(String[] cipherSuites)
- Specified by:
setExcludeCipherSuites in interface SslConnector
- Parameters:
cipherSuites - The array of Ciphersuite names to exclude from
SSLEngine.setEnabledCipherSuites(String[])- See Also:
SslConnector.setExcludeCipherSuites(java.lang.String[])
setPassword
public void setPassword(String password)
- Specified by:
setPassword in interface SslConnector
- Parameters:
password - The password for the key store- See Also:
SslConnector.setPassword(java.lang.String)
setTrustPassword
public void setTrustPassword(String password)
- Specified by:
setTrustPassword in interface SslConnector
- Parameters:
password - The password for the trust store- See Also:
SslConnector.setTrustPassword(java.lang.String)
setKeyPassword
public void setKeyPassword(String password)
- Specified by:
setKeyPassword in interface SslConnector
- Parameters:
password - The password (if any) for the specific key within
the key store- See Also:
SslConnector.setKeyPassword(java.lang.String)
getAlgorithm
public String getAlgorithm()
- Deprecated. use
getSslKeyManagerFactoryAlgorithm() or
getSslTrustManagerFactoryAlgorithm()
setAlgorithm
public void setAlgorithm(String algorithm)
- Deprecated. use
setSslKeyManagerFactoryAlgorithm(String) or
setSslTrustManagerFactoryAlgorithm(String)
getProtocol
public String getProtocol()
- Specified by:
getProtocol in interface SslConnector
- Returns:
- The SSL protocol (default "TLS") passed to
SSLContext.getInstance(String, String) - See Also:
SslConnector.getProtocol()
setProtocol
public void setProtocol(String protocol)
- Specified by:
setProtocol in interface SslConnector
- Parameters:
protocol - The SSL protocol (default "TLS") passed to SSLContext.getInstance(String, String)- See Also:
SslConnector.setProtocol(java.lang.String)
setKeystore
public void setKeystore(String keystore)
- Specified by:
setKeystore in interface SslConnector
- Parameters:
keystore - The file or URL of the SSL Key store.- See Also:
SslConnector.setKeystore(java.lang.String)
getKeystore
public String getKeystore()
- Specified by:
getKeystore in interface SslConnector
- Returns:
- The file or URL of the SSL Key store.
- See Also:
SslConnector.getKeystore()
getKeystoreType
public String getKeystoreType()
- Specified by:
getKeystoreType in interface SslConnector
- Returns:
- The type of the key store (default "JKS")
- See Also:
SslConnector.getKeystoreType()
getNeedClientAuth
public boolean getNeedClientAuth()
- Specified by:
getNeedClientAuth in interface SslConnector
- Returns:
- True if SSL needs client authentication.
- See Also:
SslConnector.getNeedClientAuth()
getWantClientAuth
public boolean getWantClientAuth()
- Specified by:
getWantClientAuth in interface SslConnector
- Returns:
- True if SSL wants client authentication.
- See Also:
SslConnector.getWantClientAuth()
setNeedClientAuth
public void setNeedClientAuth(boolean needClientAuth)
- Specified by:
setNeedClientAuth in interface SslConnector
- Parameters:
needClientAuth - True if SSL needs client authentication.- See Also:
SslConnector.setNeedClientAuth(boolean)
setWantClientAuth
public void setWantClientAuth(boolean wantClientAuth)
- Specified by:
setWantClientAuth in interface SslConnector
- Parameters:
wantClientAuth - True if SSL wants client authentication.- See Also:
SslConnector.setWantClientAuth(boolean)
setKeystoreType
public void setKeystoreType(String keystoreType)
- Specified by:
setKeystoreType in interface SslConnector
- Parameters:
keystoreType - The type of the key store (default "JKS")- See Also:
SslConnector.setKeystoreType(java.lang.String)
getProvider
public String getProvider()
- Specified by:
getProvider in interface SslConnector
- Returns:
- The SSL provider name, which if set is passed to
SSLContext.getInstance(String, String) - See Also:
SslConnector.getProvider()
getSecureRandomAlgorithm
public String getSecureRandomAlgorithm()
- Specified by:
getSecureRandomAlgorithm in interface SslConnector
- Returns:
- The algorithm name, which if set is passed to
SecureRandom.getInstance(String) to obtain the SecureRandom
instance passed to SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom) - See Also:
SslConnector.getSecureRandomAlgorithm()
getSslKeyManagerFactoryAlgorithm
public String getSslKeyManagerFactoryAlgorithm()
- Specified by:
getSslKeyManagerFactoryAlgorithm in interface SslConnector
- Returns:
- The algorithm name (default "SunX509") used by the
KeyManagerFactory - See Also:
SslConnector.getSslKeyManagerFactoryAlgorithm()
getSslTrustManagerFactoryAlgorithm
public String getSslTrustManagerFactoryAlgorithm()
- Specified by:
getSslTrustManagerFactoryAlgorithm in interface SslConnector
- Returns:
- The algorithm name (default "SunX509") used by the
TrustManagerFactory - See Also:
SslConnector.getSslTrustManagerFactoryAlgorithm()
getTruststore
public String getTruststore()
- Specified by:
getTruststore in interface SslConnector
- Returns:
- The file name or URL of the trust store location
- See Also:
SslConnector.getTruststore()
getTruststoreType
public String getTruststoreType()
- Specified by:
getTruststoreType in interface SslConnector
- Returns:
- The type of the trust store (default "JKS")
- See Also:
SslConnector.getTruststoreType()
setProvider
public void setProvider(String provider)
- Specified by:
setProvider in interface SslConnector
- Parameters:
provider - The SSL provider name, which if set is passed to
SSLContext.getInstance(String, String)- See Also:
SslConnector.setProvider(java.lang.String)
setSecureRandomAlgorithm
public void setSecureRandomAlgorithm(String algorithm)
- Specified by:
setSecureRandomAlgorithm in interface SslConnector
- Parameters:
algorithm - The algorithm name, which if set is passed to
SecureRandom.getInstance(String) to obtain the SecureRandom
instance passed to SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)- See Also:
SslConnector.setSecureRandomAlgorithm(java.lang.String)
setSslKeyManagerFactoryAlgorithm
public void setSslKeyManagerFactoryAlgorithm(String algorithm)
- Specified by:
setSslKeyManagerFactoryAlgorithm in interface SslConnector
- Parameters:
algorithm - The algorithm name (default "SunX509") used by
the KeyManagerFactory- See Also:
SslConnector.setSslKeyManagerFactoryAlgorithm(java.lang.String)
setSslTrustManagerFactoryAlgorithm
public void setSslTrustManagerFactoryAlgorithm(String algorithm)
- Specified by:
setSslTrustManagerFactoryAlgorithm in interface SslConnector
- Parameters:
algorithm - The algorithm name (default "SunX509") used by the TrustManagerFactory- See Also:
SslConnector.setSslTrustManagerFactoryAlgorithm(java.lang.String)
setTruststore
public void setTruststore(String truststore)
- Specified by:
setTruststore in interface SslConnector
- Parameters:
truststore - The file name or URL of the trust store location- See Also:
SslConnector.setTruststore(java.lang.String)
setTruststoreType
public void setTruststoreType(String truststoreType)
- Specified by:
setTruststoreType in interface SslConnector
- Parameters:
truststoreType - The type of the trust store (default "JKS")- See Also:
SslConnector.setTruststoreType(java.lang.String)
setSslContext
public void setSslContext(SSLContext sslContext)
- Specified by:
setSslContext in interface SslConnector
- Parameters:
sslContext - Set a preconfigured SSLContext- See Also:
SslConnector.setSslContext(javax.net.ssl.SSLContext)
getSslContext
public SSLContext getSslContext()
- Specified by:
getSslContext in interface SslConnector
- Returns:
- The SSLContext
- Throws:
Exception- See Also:
SslConnector.setSslContext(javax.net.ssl.SSLContext)
isConfidential
public boolean isConfidential(Request request)
- By default, we're confidential, given we speak SSL. But, if we've been
told about an confidential port, and said port is not our port, then
we're not. This allows separation of listeners providing INTEGRAL versus
CONFIDENTIAL constraints, such as one SSL listener configured to require
client certs providing CONFIDENTIAL, whereas another SSL listener not
requiring client certs providing mere INTEGRAL constraints.
- Specified by:
isConfidential in interface Connector- Overrides:
isConfidential in class AbstractConnector
- Parameters:
request - A request
- Returns:
- true if the request is confidential. This normally means the https schema has been used.
isIntegral
public boolean isIntegral(Request request)
- By default, we're integral, given we speak SSL. But, if we've been told
about an integral port, and said port is not our port, then we're not.
This allows separation of listeners providing INTEGRAL versus
CONFIDENTIAL constraints, such as one SSL listener configured to require
client certs providing CONFIDENTIAL, whereas another SSL listener not
requiring client certs providing mere INTEGRAL constraints.
- Specified by:
isIntegral in interface Connector- Overrides:
isIntegral in class AbstractConnector
- Parameters:
request - A request
- Returns:
- true if the request is integral. This normally means the https schema has been used.
newEndPoint
protected SelectChannelEndPoint newEndPoint(SocketChannel channel,
SelectorManager.SelectSet selectSet,
SelectionKey key)
throws IOException
- Overrides:
newEndPoint in class SelectChannelConnector
- Throws:
IOException
newConnection
protected Connection newConnection(SocketChannel channel,
SelectChannelEndPoint endpoint)
- Overrides:
newConnection in class SelectChannelConnector
createSSLEngine
protected SSLEngine createSSLEngine()
throws IOException
- Throws:
IOException
doStart
protected void doStart()
throws Exception
- Overrides:
doStart in class SelectChannelConnector
- Throws:
Exception
createSSLContext
protected SSLContext createSSLContext()
throws Exception
- Throws:
Exception
getKeyManagers
protected KeyManager[] getKeyManagers()
throws Exception
- Throws:
Exception
getTrustManagers
protected TrustManager[] getTrustManagers()
throws Exception
- Throws:
Exception
getKeyStore
protected KeyStore getKeyStore(String keystorePath,
String keystoreType,
String keystorePassword)
throws Exception
- Throws:
Exception
Copyright © 1995-2009 Mort Bay Consulting. All Rights Reserved.