Permalink
Browse files

Added SslContextFactory changes required by Jetty 8+

  • Loading branch information...
1 parent 3c4ec09 commit 2400ccf2885e581a435509c1bc6fd79023deb41b @pdmack pdmack committed Jun 13, 2013
@@ -74,12 +74,14 @@
import org.eclipse.jetty.servlet.FilterMapping;
import org.eclipse.jetty.servlet.ServletHandler;
import org.eclipse.jetty.servlet.ServletHolder;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.webapp.WebAppContext;
import org.eclipse.jetty.util.thread.QueuedThreadPool;
import org.eclipse.jetty.util.MultiException;
import com.sun.jersey.spi.container.servlet.ServletContainer;
+
/**
* Create a Jetty embedded server to answer http requests. The primary goal
* is to serve up status information for the server.
@@ -219,10 +221,18 @@ public HttpServer(String name, String bindAddress, int port,
} catch (GeneralSecurityException ex) {
throw new IOException(ex);
}
- SslSocketConnector sslListener = new SslSocketConnector() {
- protected SSLServerSocketFactory createFactory() throws Exception {
- return sslFactory.createSSLServerSocketFactory();
- }
+ // Jetty 8+ moved JKS config to SslContextFactory
+ SslContextFactory sslContextFactory = new SslContextFactory(conf.get("ssl.server.keystore.location",""));
+ sslContextFactory.setKeyStorePassword(conf.get("ssl.server.keystore.password",""));
+ if (sslFactory.isClientCertRequired()) {
+ sslContextFactory.setTrustStore(conf.get("ssl.server.truststore.location",""));
+ sslContextFactory.setTrustStorePassword(conf.get("ssl.server.truststore.password",""));
+ sslContextFactory.setTrustStoreType(conf.get("ssl.server.truststore.type", "jks"));
+ }
+ SslSocketConnector sslListener = new SslSocketConnector(sslContextFactory) {
+ protected SSLServerSocketFactory createFactory() throws Exception {
+ return sslFactory.createSSLServerSocketFactory();
+ }
};
listener = sslListener;
} else {
@@ -462,7 +472,7 @@ public void addInternalServlet(String name, String pathSpec,
holder.setName(name);
}
webAppContext.addServlet(holder, pathSpec);
-
+
if(requireAuth && UserGroupInformation.isSecurityEnabled()) {
LOG.info("Adding Kerberos (SPNEGO) filter to " + name);
ServletHandler handler = webAppContext.getServletHandler();
@@ -514,7 +524,9 @@ protected void defineFilter(ServletContextHandler ctx, String name,
FilterHolder holder = new FilterHolder();
holder.setName(name);
holder.setClassName(classname);
- holder.setInitParameters(parameters);
+ if (null != parameters) {
+ holder.setInitParameters(parameters);
+ }
FilterMapping fmap = new FilterMapping();
fmap.setPathSpecs(urls);
fmap.setDispatches(FilterMapping.ALL);
@@ -595,12 +607,12 @@ public void addSslListener(InetSocketAddress addr, String keystore,
if (webServer.isStarted()) {
throw new IOException("Failed to add ssl listener");
}
- SslSocketConnector sslListener = new SslSocketConnector();
+ SslContextFactory sslContextFactory = new SslContextFactory(keystore);
+ sslContextFactory.setKeyStorePassword(storPass);
+ sslContextFactory.setKeyManagerPassword(keyPass);
+ SslSocketConnector sslListener = new SslSocketConnector(sslContextFactory);
sslListener.setHost(addr.getHostName());
sslListener.setPort(addr.getPort());
- sslListener.setKeystore(keystore);
- sslListener.setPassword(storPass);
- sslListener.setKeyPassword(keyPass);
webServer.addConnector(sslListener);
}
@@ -624,14 +636,14 @@ public void addSslListener(InetSocketAddress addr, Configuration sslConf,
System.setProperty("javax.net.ssl.trustStoreType", sslConf.get(
"ssl.server.truststore.type", "jks"));
}
- SslSocketConnector sslListener = new SslSocketConnector();
+ SslContextFactory sslContextFactory = new SslContextFactory(sslConf.get("ssl.server.keystore.location",""));
+ sslContextFactory.setKeyStorePassword(sslConf.get("ssl.server.keystore.password", ""));
+ sslContextFactory.setKeyManagerPassword(sslConf.get("ssl.server.keystore.keypassword", ""));
+ sslContextFactory.setKeyStoreType(sslConf.get("ssl.server.keystore.type", "jks"));
+ sslContextFactory.setNeedClientAuth(needCertsAuth);
+ SslSocketConnector sslListener = new SslSocketConnector(sslContextFactory);
sslListener.setHost(addr.getHostName());
sslListener.setPort(addr.getPort());
- sslListener.setKeystore(sslConf.get("ssl.server.keystore.location"));
- sslListener.setPassword(sslConf.get("ssl.server.keystore.password", ""));
- sslListener.setKeyPassword(sslConf.get("ssl.server.keystore.keypassword", ""));
- sslListener.setKeystoreType(sslConf.get("ssl.server.keystore.type", "jks"));
- sslListener.setNeedClientAuth(needCertsAuth);
webServer.addConnector(sslListener);
}
@@ -76,6 +76,7 @@ public void setup() throws Exception {
conf.setInt(HttpServer.HTTP_MAX_THREADS, 10);
conf.addResource(CONFIG_SITE_XML);
+ conf.addResource(conf.get("hadoop.ssl.server.conf","ssl-server.xml"));
server = createServer("test", conf);
server.addServlet("echo", "/echo", TestHttpServer.EchoServlet.class);
server.start();

0 comments on commit 2400ccf

Please sign in to comment.