Support declaritive SSL termination

[philwebb]

We support SSL but as pointed out in #101 (comment) it's not all that convenient to configure.

[wilkinsona]

While I remember, I answered a question the other day about configuring SSL on Jetty. This is the code to do it:

@Bean
public EmbeddedServletContainerCustomizer servletContainerCustomizer() {
    return new EmbeddedServletContainerCustomizer() {

        @Override
        public void customize(ConfigurableEmbeddedServletContainer container) {
            if (container instanceof JettyEmbeddedServletContainerFactory) {
                customizeJetty((JettyEmbeddedServletContainerFactory) container);
            }
        }

        private void customizeJetty(JettyEmbeddedServletContainerFactory factory) {
            factory.addServerCustomizers(new JettyServerCustomizer() {

                @Override
                public void customize(Server server) {
                    SslContextFactory sslContextFactory = new SslContextFactory();
                    sslContextFactory.setKeyStorePassword("password");
                    try {
                        sslContextFactory.setKeyStorePath(ResourceUtils.getFile(
                                "classpath:jetty-ssl.keystore").getAbsolutePath());
                    }
                    catch (FileNotFoundException ex) {
                        throw new IllegalStateException("Could not load keystore", ex);
                    }
                    SslSocketConnector sslConnector = new SslSocketConnector(
                            sslContextFactory);
                    sslConnector.setPort(8443);
                    server.addConnector(sslConnector);
                }
            });
        }
    };
}

[btiernay]

I should also mention that the above (and the same for Tomcat) doesn't work work inside from within a jar (or nested jar). I would think that is okay because typically one doesn't package the keystore with the application, but it should probably be mentioned in the docs if this feature is implemented.

[wilkinsona]

Good point. Thanks, @btiernay.

I've learned today that we can do slightly better with Jetty as it allows the keystore to be configured using a Resource:

sslContextFactory.setKeyStoreResource(Resource.newResource(ResourceUtils.getURL(getSsl().getKeystore())));

This allows the keystore to be packaged in a jar if you're using Jetty. Tomcat still requires the keystore to be a file on the filesystem and we'll need to document this.

[btiernay]

Awesome, thanks!