private ServerConnector createConnector(final SslContextFactory sslContextFactory, final Integer listenPort) { final ServerConnector serverConnector; if (sslContextFactory == null) { serverConnector = new ServerConnector(server); } else { final HttpConfiguration httpsConfiguration = new HttpConfiguration(); httpsConfiguration.setSecureScheme("https"); httpsConfiguration.addCustomizer(new SecureRequestCustomizer()); serverConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfiguration)); } serverConnector.setPort(listenPort); return serverConnector; }
private static Server createServer(Handler handler, int port, KeyStore keyStore, String keyPassword) throws Exception { Server server = new Server(); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setIncludeProtocols("TLSv1.2"); sslContextFactory.setKeyStore(keyStore); sslContextFactory.setKeyManagerPassword(keyPassword); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()), new HttpConnectionFactory(httpsConfig)); sslConnector.setPort(port); server.addConnector(sslConnector); server.setHandler(handler); return server; }
private ServerConnector createConnector(Server server, SslContextFactory sslContextFactory, InetSocketAddress address) { HttpConfiguration config = new HttpConfiguration(); config.setSendServerVersion(false); config.setSecureScheme("https"); config.setSecurePort(address.getPort()); config.addCustomizer(new SecureRequestCustomizer()); ServerConnector connector = createServerConnector(server, sslContextFactory, config); connector.setPort(address.getPort()); connector.setHost(address.getHostString()); return connector; }
private ServerConnector createUnconfiguredSslServerConnector(Server server, HttpConfiguration httpConfiguration, int port) { // add some secure config final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration); httpsConfiguration.setSecureScheme("https"); httpsConfiguration.setSecurePort(port); httpsConfiguration.addCustomizer(new SecureRequestCustomizer()); // build the connector return new ServerConnector(server, new SslConnectionFactory(createSslContextFactory(), "http/1.1"), new HttpConnectionFactory(httpsConfiguration)); }
@Override protected HttpConfiguration buildHttpConfiguration() { final HttpConfiguration config = super.buildHttpConfiguration(); config.setSecureScheme("https"); config.setSecurePort(getPort()); config.addCustomizer(new SecureRequestCustomizer()); return config; }
config.setSecureScheme("https"); config.setSecurePort(port); config.addCustomizer(new SecureRequestCustomizer());
/** * Create ssl connector if https is used * @return */ private ServerConnector sslConnector() { HttpConfiguration http_config = new HttpConfiguration(); http_config.setSecureScheme("https"); http_config.setSecurePort(this.getPort()); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer()); SslContextFactory sslContextFactory = new SslContextFactory(this.getCertKeyStorePath()); sslContextFactory.setKeyStorePassword(this.getCertKeyStorePassword()); //exclude weak ciphers sslContextFactory.setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$"); //only support tlsv1.2 sslContextFactory.addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1"); ServerConnector connector = new ServerConnector(jettyServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(https_config)); connector.setPort(this.getPort()); connector.setIdleTimeout(50000); return connector; }
sslContextFactory.setKeyManagerPassword(globalProps.getProperty("keystoreManagerPwd")); HttpConfiguration https_config = new HttpConfiguration(http_config); https_config.addCustomizer(new SecureRequestCustomizer());
public static ServerConnector addHttpsConnector(Server server) throws IOException, URISyntaxException { String keyStoreFile = resourceAsFile("ssltest-keystore.jks").getAbsolutePath(); SslContextFactory sslContextFactory = new SslContextFactory(keyStoreFile); sslContextFactory.setKeyStorePassword("changeit"); String trustStoreFile = resourceAsFile("ssltest-cacerts.jks").getAbsolutePath(); sslContextFactory.setTrustStorePath(trustStoreFile); sslContextFactory.setTrustStorePassword("changeit"); HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.setSecureScheme("https"); httpsConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig)); server.addConnector(connector); return connector; }
} else if ("https".equals(scheme)) { HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); SslContextFactory sslCtxFactory = new SslContextFactory(); sslCtxFactory.setNeedClientAuth(needsClientAuth);
httpsConfig.addCustomizer(new SecureRequestCustomizer()); if (null != headerBufferSize) { httpsConfig.setRequestHeaderSize(headerBufferSize);
if(conf.getBoolean(THRIFT_SSL_ENABLED_KEY, false)) { HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer());
private ServerConnector https(final Server server, final Config conf, final String path, final SSLContext sslContext, final boolean http2) { HttpConfiguration httpConf = conf(new HttpConfiguration(), conf.withoutPath(CONNECTOR), path); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setSslContext(sslContext); sslContextFactory.setIncludeProtocols("TLSv1.2"); sslContextFactory.setIncludeCipherSuites("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); HttpConfiguration httpsConf = new HttpConfiguration(httpConf); httpsConf.addCustomizer(new SecureRequestCustomizer()); HttpConnectionFactory https11 = new HttpConnectionFactory(httpsConf); if (http2) { ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory(H2, H2_17, HTTP_1_1); alpn.setDefaultProtocol(HTTP_1_1); HTTP2ServerConnectionFactory https2 = new HTTP2ServerConnectionFactory(httpsConf); ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "alpn"), alpn, https2, https11); return conf(connector, conf.getConfig(CONNECTOR), path + ".connector"); } else { ServerConnector connector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, HTTP_1_1), https11); return conf(connector, conf.getConfig(CONNECTOR), path + ".connector"); } }
httpConfiguration.addCustomizer(new SecureRequestCustomizer());
httpsConfig.addCustomizer(new SecureRequestCustomizer()); httpsConfig.setSendServerVersion(false); httpsConfig.addCustomizer(new ForwardedRequestCustomizer());
private Connector createSSLConnector( final Server httpBindServer ) { final int securePort = getHttpBindSecurePort(); try { final IdentityStore identityStore = XMPPServer.getInstance().getCertificateStoreManager().getIdentityStore( ConnectionType.BOSH_C2S ); if (securePort > 0 && identityStore.getStore().aliases().hasMoreElements() ) { if ( !identityStore.containsDomainCertificate( ) ) { Log.warn("HTTP binding: Using certificates but they are not valid for the hosted domain"); } final ConnectionManagerImpl connectionManager = ((ConnectionManagerImpl) XMPPServer.getInstance().getConnectionManager()); final ConnectionConfiguration configuration = connectionManager.getListener( ConnectionType.BOSH_C2S, true ).generateConnectionConfiguration(); final SslContextFactory sslContextFactory = new EncryptionArtifactFactory(configuration).getSslContextFactory(); final HttpConfiguration httpsConfig = new HttpConfiguration(); httpsConfig.setSecureScheme("https"); httpsConfig.setSecurePort(securePort); configureProxiedConnector(httpsConfig); httpsConfig.addCustomizer(new SecureRequestCustomizer()); final ServerConnector sslConnector = new ServerConnector(httpBindServer, new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpsConfig)); sslConnector.setHost(getBindInterface()); sslConnector.setPort(securePort); return sslConnector; } } catch (Exception e) { Log.error("Error creating SSL connector for Http bind", e); } return null; }
httpsConfig.addCustomizer(new SecureRequestCustomizer());
private ServerConnector createHttpsChannelConnector( Server server, HttpConfiguration httpConfig) { httpConfig.setSecureScheme(HTTPS_SCHEME); httpConfig.addCustomizer(new SecureRequestCustomizer()); ServerConnector conn = createHttpChannelConnector(server, httpConfig); SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setNeedClientAuth(needsClientAuth); sslContextFactory.setKeyManagerPassword(keyPassword); if (keyStore != null) { sslContextFactory.setKeyStorePath(keyStore); sslContextFactory.setKeyStoreType(keyStoreType); sslContextFactory.setKeyStorePassword(keyStorePassword); } if (trustStore != null) { sslContextFactory.setTrustStorePath(trustStore); sslContextFactory.setTrustStoreType(trustStoreType); sslContextFactory.setTrustStorePassword(trustStorePassword); } if(null != excludeCiphers && !excludeCiphers.isEmpty()) { sslContextFactory.setExcludeCipherSuites( StringUtils.getTrimmedStrings(excludeCiphers)); LOG.info("Excluded Cipher List:" + excludeCiphers); } conn.addFirstConnectionFactory(new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString())); return conn; } }
https.addCustomizer(new SecureRequestCustomizer());
httpsConfiguration.setSecureScheme("https"); httpsConfiguration.setSecurePort(node.getTlsPort()); httpsConfiguration.addCustomizer(new SecureRequestCustomizer()); httpsConfiguration.setRequestHeaderSize(config.getMaxRequestHeaderSize()); final ServerConnector connector = new ServerConnector(