Skip to content

Commit

Permalink
Add optional KeyStoreScanner to jetty server
Browse files Browse the repository at this point in the history 
When a :keystore-scan-interval is provided, a KeyStoreScanner will be
added to monitor the keystore. When the keystore is updated, Jetty will
gracefully refresh its SSL session.
  • Loading branch information
@sirmspencer
sirmspencer committed Oct 19, 2020
1 parent 73fb267 commit cb28ec5
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions ring-jetty-adapter/src/ring/adapter/jetty.clj
View file
Expand Up @@ -15,7 +15,7 @@
[org.eclipse.jetty.server.handler AbstractHandler]
[org.eclipse.jetty.util BlockingArrayQueue]
[org.eclipse.jetty.util.thread ThreadPool QueuedThreadPool]
[org.eclipse.jetty.util.ssl SslContextFactory$Server]
[org.eclipse.jetty.util.ssl SslContextFactory$Server KeyStoreScanner]
[javax.servlet AsyncContext DispatcherType AsyncEvent AsyncListener]
[javax.servlet.http HttpServletRequest HttpServletResponse]))

Expand Down Expand Up @@ -120,9 +120,11 @@
(.setSecureScheme "https")
(.setSecurePort ssl-port)
(.addCustomizer (SecureRequestCustomizer.))))
ssl-factory (SslConnectionFactory.
(ssl-context-factory options)
"http/1.1")]
ssl-context (ssl-context-factory options)
ssl-factory (SslConnectionFactory. ssl-context "http/1.1")]
(when-let [scan-interval (options :keystore-scan-interval)]
(.addBean server (doto (KeyStoreScanner. ssl-context)
(.setScanInterval scan-interval))))
(doto (server-connector server ssl-factory http-factory)
(.setPort ssl-port)
(.setHost (options :host))
Expand Down Expand Up @@ -183,6 +185,8 @@
:keystore - the keystore to use for SSL connections
:keystore-type - the keystore type (default jks)
:key-password - the password to the keystore
:keystore-scan-interval - if not nil, the interval in seconds to scan for an
updated keystore
:truststore - a truststore to use for SSL connections
:trust-password - the password to the truststore
:max-threads - the maximum number of threads to use (default 50)
Expand Down

1 comment on commit cb28ec5

@Invertisment
Copy link

@Invertisment Invertisment commented on cb28ec5 Jul 28, 2022
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This commit prevents GraalVM compilation because KeyStoreScanner has a static LOG instance which is initialized during compilation time. So GraalVM build can't progress if this namespace is imported and it fails even if I don't use this key watcher.
This is the cause of the random 22-07-28 08:40:21 _ INFO [org.eclipse.jetty.util.log:170] - Logging initialized @15339ms to org.eclipse.jetty.util.log.Slf4jLog message and 15339ms is the time since the build has started which has nothing to do with the actual jetty start-up.

Please sign in to comment.