/
ManagementHttpServer.java
662 lines (550 loc) · 27.7 KB
/
ManagementHttpServer.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
/*
* Copyright The WildFly Authors
* SPDX-License-Identifier: Apache-2.0
*/
package org.jboss.as.domain.http.server;
import static org.jboss.as.domain.http.server.logging.HttpServerLogger.ROOT_LOGGER;
import static org.xnio.Options.SSL_CLIENT_AUTH_MODE;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
import java.util.concurrent.Executor;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.net.ssl.SSLContext;
import org.jboss.as.controller.ModelController;
import org.jboss.as.controller.management.HttpInterfaceCommonPolicy.Header;
import org.jboss.as.domain.http.server.cors.CorsHttpHandler;
import org.jboss.as.domain.http.server.logging.HttpServerLogger;
import org.jboss.as.domain.http.server.security.DmrFailureReadinessHandler;
import org.jboss.as.domain.http.server.security.ElytronIdentityHandler;
import org.jboss.as.domain.http.server.security.LogoutHandler;
import org.jboss.as.domain.http.server.security.RedirectReadinessHandler;
import org.jboss.as.domain.http.server.security.ServerErrorReadinessHandler;
import org.jboss.modules.ModuleLoadException;
import org.wildfly.common.Assert;
import org.wildfly.elytron.web.undertow.server.ElytronContextAssociationHandler;
import org.wildfly.elytron.web.undertow.server.ElytronHttpExchange;
import org.wildfly.security.auth.server.HttpAuthenticationFactory;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.http.HttpServerAuthenticationMechanism;
import org.xnio.BufferAllocator;
import org.xnio.ByteBufferSlicePool;
import org.xnio.ChannelListener;
import org.xnio.ChannelListeners;
import org.xnio.IoUtils;
import org.xnio.OptionMap;
import org.xnio.Options;
import org.xnio.SslClientAuthMode;
import org.xnio.StreamConnection;
import org.xnio.XnioWorker;
import org.xnio.channels.AcceptingChannel;
import org.xnio.conduits.StreamSinkConduit;
import org.xnio.ssl.SslConnection;
import org.xnio.ssl.XnioSsl;
import io.undertow.protocols.ssl.UndertowXnioSsl;
import io.undertow.security.handlers.AuthenticationCallHandler;
import io.undertow.security.handlers.AuthenticationConstraintHandler;
import io.undertow.security.handlers.SinglePortConfidentialityHandler;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.BlockingHandler;
import io.undertow.server.handlers.CanonicalPathHandler;
import io.undertow.server.handlers.ChannelUpgradeHandler;
import io.undertow.server.handlers.PathHandler;
import io.undertow.server.handlers.ResponseCodeHandler;
import io.undertow.server.handlers.SetHeaderHandler;
import io.undertow.server.handlers.cache.CacheHandler;
import io.undertow.server.handlers.cache.DirectBufferCache;
import io.undertow.server.handlers.error.SimpleErrorPageHandler;
import io.undertow.server.handlers.resource.ResourceManager;
import io.undertow.server.protocol.http.HttpOpenListener;
import io.undertow.util.Headers;
import io.undertow.util.Methods;
/**
* The general HTTP server for handling management API requests.
*
* @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
*/
public class ManagementHttpServer {
public interface PathRemapper {
String remapPath(String originalPath);
}
private static final String DEFAULT_SECURITY_REALM = "ManagementRealm";
private static final Set<String> RESERVED_CONTEXTS;
static {
Set<String> set = new HashSet<>();
set.add(DomainApiCheckHandler.PATH);
set.add(DomainApiCheckHandler.GENERIC_CONTENT_REQUEST);
set.add(LogoutHandler.PATH);
set.add(ErrorContextHandler.ERROR_CONTEXT);
RESERVED_CONTEXTS = Collections.unmodifiableSet(set);
}
private final HttpOpenListener openListener;
private final InetSocketAddress httpAddress;
private final InetSocketAddress secureAddress;
private final XnioWorker worker;
private volatile AcceptingChannel<StreamConnection> normalServer;
private volatile AcceptingChannel<SslConnection> secureServer;
private final SSLContext sslContext;
private final SslClientAuthMode sslClientAuthMode;
private final HttpAuthenticationFactory httpAuthenticationFactory;
private final ExtensionHandlers extensionHandlers;
private final Executor managementExecutor;
private ManagementHttpServer(HttpOpenListener openListener, Builder builder, SSLContext sslContext,
SslClientAuthMode sslClientAuthMode, ExtensionHandlers extensionExtensionHandlers) {
this.openListener = openListener;
this.httpAddress = builder.bindAddress;
this.secureAddress = builder.secureBindAddress;
this.sslContext = sslContext;
this.sslClientAuthMode = sslClientAuthMode;
this.worker = builder.worker;
this.httpAuthenticationFactory = builder.httpAuthenticationFactory;
this.extensionHandlers = extensionExtensionHandlers;
this.managementExecutor = builder.executor;
}
public void start() {
try {
OptionMap.Builder serverOptionsBuilder = OptionMap.builder()
.set(Options.TCP_NODELAY, true)
.set(Options.REUSE_ADDRESSES, true);
ChannelListener acceptListener = ChannelListeners.openListenerAdapter(openListener);
if (httpAddress != null) {
normalServer = worker.createStreamConnectionServer(httpAddress, acceptListener, serverOptionsBuilder.getMap());
normalServer.resumeAccepts();
}
if (secureAddress != null) {
if (sslClientAuthMode != null) {
serverOptionsBuilder.set(SSL_CLIENT_AUTH_MODE, sslClientAuthMode);
}
OptionMap secureOptions = serverOptionsBuilder.getMap();
XnioSsl xnioSsl = new UndertowXnioSsl(worker.getXnio(), secureOptions, sslContext);
secureServer = xnioSsl.createSslConnectionServer(worker, secureAddress, acceptListener, secureOptions);
secureServer.resumeAccepts();
}
} catch (IOException e) {
throw new RuntimeException(e);
}
}
public void stop() {
IoUtils.safeClose(normalServer);
IoUtils.safeClose(secureServer);
}
public synchronized void addStaticContext(String contextName, ResourceManager resourceManager) {
Assert.checkNotNullParam("contextName", contextName);
Assert.checkNotNullParam("resourceManager", resourceManager);
String context = fixPath(contextName);
// Reject reserved contexts or duplicate extensions
if (extensionHandlers.reservedContexts.contains(context) || !extensionHandlers.extensionContexts.add(context)) {
throw new IllegalStateException();
}
ResourceHandlerDefinition def = DomainUtil.createStaticContentHandler(resourceManager, context);
HttpHandler readinessHandler = new RedirectReadinessHandler(extensionHandlers.readyFunction, def.getHandler(),
ErrorContextHandler.ERROR_CONTEXT);
extensionHandlers.extensionPathHandler.addPrefixPath(context, readinessHandler);
}
public synchronized void addManagementHandler(String contextName, boolean requireSecurity, HttpHandler managementHandler) {
Assert.checkNotNullParam("contextName", contextName);
Assert.checkNotNullParam("managementHandler", managementHandler);
String context = fixPath(contextName);
// Reject reserved contexts or duplicate extensions
if (extensionHandlers.reservedContexts.contains(context) || !extensionHandlers.extensionContexts.add(context)) {
throw new IllegalStateException();
}
final Function<HttpServerExchange, Boolean> readyFunction;
if (requireSecurity) {
readyFunction = extensionHandlers.readyFunction;
managementHandler = secureDomainAccess(associateIdentity(managementHandler), httpAuthenticationFactory);
} else {
readyFunction = ALWAYS_READY;
}
HttpHandler readinessHandler = new ServerErrorReadinessHandler(contextName, readyFunction, managementHandler);
extensionHandlers.extensionPathHandler.addPrefixPath(context, readinessHandler);
}
public synchronized void addManagementGetRemapContext(String contextName, PathRemapper remapper) {
Assert.checkNotNullParam("contextName", contextName);
String context = fixPath(contextName);
// Reject reserved contexts or duplicate extensions
if (extensionHandlers.reservedContexts.contains(context) || !extensionHandlers.extensionContexts.add(context)) {
throw new IllegalStateException();
}
HttpHandler remapHandler = new RemapHandler(remapper, extensionHandlers.managementHandler);
extensionHandlers.extensionPathHandler.addPrefixPath(context, remapHandler);
}
public synchronized void removeContext(String contextName) {
Assert.checkNotNullParam("contextName", contextName);
String context = fixPath(contextName);
// Reject reserved contexts or non-existent extensions
if (extensionHandlers.reservedContexts.contains(context) || !extensionHandlers.extensionContexts.contains(context)) {
throw new IllegalStateException();
}
extensionHandlers.extensionContexts.remove(context);
extensionHandlers.extensionPathHandler.removePrefixPath(context);
}
private static String fixPath(String contextName) {
Assert.checkNotEmptyParam("contextName", contextName);
return '/' == contextName.charAt(0) ? contextName : "/" + contextName;
}
private static SSLContext getSSLContext(Builder builder) {
if (builder.sslContext != null) {
return builder.sslContext;
} else {
throw ROOT_LOGGER.noRealmOrSSLContext();
}
}
private static final ByteBufferSlicePool bufferPool = new ByteBufferSlicePool(BufferAllocator.DIRECT_BYTE_BUFFER_ALLOCATOR, 4096, 10 * 4096);
private static ManagementHttpServer create(Builder builder) {
SSLContext sslContext = null;
SslClientAuthMode sslClientAuthMode = builder.sslClientAuthMode;
if (builder.secureBindAddress != null) {
sslContext = getSSLContext(builder);
if (sslContext == null) {
throw ROOT_LOGGER.sslRequestedNoSslContext();
}
}
HttpOpenListener openListener = new HttpOpenListener(bufferPool);
int secureRedirectPort = builder.secureBindAddress != null ? builder.secureBindAddress.getPort() : -1;
// WFLY-2870 -- redirect not supported if bindAddress and secureBindAddress are using different InetAddress
boolean redirectSupported = (builder.bindAddress == null || builder.secureBindAddress == null || builder.bindAddress.getAddress().equals(builder.secureBindAddress.getAddress()));
if (!redirectSupported && secureRedirectPort > 0) {
HttpServerLogger.ROOT_LOGGER.httpsRedirectNotSupported(builder.bindAddress.getAddress(), builder.secureBindAddress.getAddress());
secureRedirectPort = -1;
}
final ExtensionHandlers extensionHandlers = setupOpenListener(openListener, secureRedirectPort, builder);
return new ManagementHttpServer(openListener, builder, sslContext, sslClientAuthMode, extensionHandlers);
}
private static Function<HttpServerExchange, Boolean> createReadyFunction(Builder builder) {
// TODO WFCORE-5532 We need an Elytron equivalent for realm readiness.
return e -> Boolean.TRUE;
}
private static void addRedirectRedinessHandler(PathHandler pathHandler, ResourceHandlerDefinition consoleHandler, Function<HttpServerExchange, Boolean> readyFunction) {
HttpHandler readinessHandler = new RedirectReadinessHandler(readyFunction, consoleHandler.getHandler(), ErrorContextHandler.ERROR_CONTEXT);
pathHandler.addPrefixPath(consoleHandler.getContext(), readinessHandler);
}
private static HttpHandler addDmrRedinessHandler(PathHandler pathHandler, HttpHandler domainApiHandler, Function<HttpServerExchange, Boolean> readinessFunction) {
HttpHandler readinessHandler = wrapHttpHeader(wrapHttpHeader(new DmrFailureReadinessHandler(readinessFunction, domainApiHandler, ErrorContextHandler.ERROR_CONTEXT), "X-Frame-Options", "SAMEORIGIN"), "X-Content-Type-Options", "nosniff");
pathHandler.addPrefixPath(DomainApiCheckHandler.PATH, readinessHandler);
pathHandler.addExactPath(DomainApiCheckHandler.GENERIC_CONTENT_REQUEST, readinessHandler);
return readinessHandler;
}
private static void addLogoutHandler(PathHandler pathHandler, Builder builder) {
pathHandler.addPrefixPath(LogoutHandler.PATH, wrapHttpHeader(wrapHttpHeader(
new LogoutHandler(DEFAULT_SECURITY_REALM), "X-Frame-Options", "SAMEORIGIN"), "X-Content-Type-Options", "nosniff"));
}
private static void addErrorContextHandler(PathHandler pathHandler, Builder builder) throws ModuleLoadException {
HttpHandler errorContextHandler = (wrapHttpHeader(wrapHttpHeader(ErrorContextHandler.createErrorContext(builder.consoleSlot), "X-Frame-Options", "SAMEORIGIN"), "X-Content-Type-Options", "nosniff"));
pathHandler.addPrefixPath(ErrorContextHandler.ERROR_CONTEXT, errorContextHandler);
}
private static class ExtensionHandlers {
private final PathHandler extensionPathHandler;
private final HttpHandler managementHandler;
private final Function<HttpServerExchange, Boolean> readyFunction;
private final Set<String> reservedContexts;
private final Set<String> extensionContexts = new HashSet<>();
private ExtensionHandlers(PathHandler extensionPathHandler, HttpHandler managementHandler,
Function<HttpServerExchange, Boolean> readyFunction, ResourceHandlerDefinition consoleHandler) {
this.extensionPathHandler = extensionPathHandler;
this.managementHandler = managementHandler;
this.readyFunction = readyFunction;
if (consoleHandler == null) {
this.reservedContexts = RESERVED_CONTEXTS;
} else {
Set<String> set = new HashSet<>(RESERVED_CONTEXTS);
set.add(consoleHandler.getContext());
this.reservedContexts = Collections.unmodifiableSet(set);
}
}
}
private static ExtensionHandlers setupOpenListener(HttpOpenListener listener, int secureRedirectPort, Builder builder) {
CanonicalPathHandler canonicalPathHandler = new CanonicalPathHandler();
ManagementHttpRequestHandler managementHttpRequestHandler = new ManagementHttpRequestHandler(builder.managementHttpRequestProcessor, canonicalPathHandler);
CorsHttpHandler corsHandler = new CorsHttpHandler(managementHttpRequestHandler, builder.allowedOrigins);
listener.setRootHandler(new UpgradeFixHandler(corsHandler));
PathHandler pathHandler = new PathHandler();
HttpHandler current = pathHandler;
Map<String, List<Header>> constantHeaders = builder.constantHeaders;
if (constantHeaders != null) {
StaticHeadersHandler headerHandler = new StaticHeadersHandler(current);
for (Entry<String, List<Header>> entry : constantHeaders.entrySet()) {
for (Header header : entry.getValue()) {
headerHandler.addHeader(entry.getKey(), header.getName(), header.getValue());
}
}
current = headerHandler;
}
if (builder.upgradeHandler != null) {
builder.upgradeHandler.setNonUpgradeHandler(current);
current = builder.upgradeHandler;
}
if (secureRedirectPort > 0) {
// Add handler for redirect from http to https if needed
current = new SinglePortConfidentialityHandler(current, secureRedirectPort);
}
// caching handler, used for static resources
current = new CacheHandler(new DirectBufferCache(1024, 1024 * 10, 1024 * 1000, BufferAllocator.BYTE_BUFFER_ALLOCATOR),
current);
current = new SimpleErrorPageHandler(current);
canonicalPathHandler.setNext(current);
ResourceHandlerDefinition consoleHandler = null;
try {
consoleHandler = builder.consoleMode.createConsoleHandler(builder.consoleSlot);
} catch (ModuleLoadException e) {
ROOT_LOGGER.consoleModuleNotFound(builder.consoleSlot == null ? "main" : builder.consoleSlot);
}
if (builder.consoleMode != ConsoleMode.NO_CONSOLE) {
try {
addErrorContextHandler(pathHandler, builder);
} catch (ModuleLoadException e) {
ROOT_LOGGER.errorContextModuleNotFound(builder.consoleSlot == null ? "main" : builder.consoleSlot);
}
}
ManagementRootConsoleRedirectHandler rootConsoleRedirectHandler = new ManagementRootConsoleRedirectHandler(consoleHandler);
HttpHandler domainApiHandler = StreamReadLimitHandler.wrap(CorrelationHandler.wrap(
InExecutorHandler.wrap(
builder.executor,
associateIdentity(new DomainApiCheckHandler(builder.modelController,
builder.allowedOrigins, builder.consoleAvailability))
)));
final Function<HttpServerExchange, Boolean> readyFunction = createReadyFunction(builder);
pathHandler.addPrefixPath("/", rootConsoleRedirectHandler);
if (consoleHandler != null) {
addRedirectRedinessHandler(pathHandler, consoleHandler, readyFunction);
}
domainApiHandler = secureDomainAccess(domainApiHandler, builder);
HttpHandler readinessHandler = addDmrRedinessHandler(pathHandler, domainApiHandler, readyFunction);
addLogoutHandler(pathHandler, builder);
return new ExtensionHandlers(pathHandler, readinessHandler, readyFunction, consoleHandler);
}
private static HttpHandler associateIdentity(HttpHandler domainHandler) {
domainHandler = new ElytronIdentityHandler(domainHandler);
return new BlockingHandler(domainHandler);
}
private static HttpHandler secureDomainAccess(HttpHandler domainHandler, final Builder builder) {
return secureDomainAccess(domainHandler, builder.httpAuthenticationFactory);
}
private static HttpHandler secureDomainAccess(HttpHandler domainHandler, final HttpAuthenticationFactory httpAuthenticationFactory) {
if (httpAuthenticationFactory != null) {
return secureDomainAccessElytron(domainHandler, httpAuthenticationFactory);
}
return domainHandler;
}
private static HttpHandler secureDomainAccessElytron(HttpHandler domainHandler, final HttpAuthenticationFactory httpAuthenticationFactory) {
domainHandler = new AuthenticationCallHandler(domainHandler);
domainHandler = new AuthenticationConstraintHandler(domainHandler);
Supplier<List<HttpServerAuthenticationMechanism>> mechanismSupplier = () ->
httpAuthenticationFactory.getMechanismNames().stream()
.map(s -> {
try {
return httpAuthenticationFactory.createMechanism(s);
} catch (Exception e) {
return null;
}
})
.collect(Collectors.toList());
domainHandler = ElytronContextAssociationHandler.builder()
.setNext(domainHandler)
.setMechanismSupplier(mechanismSupplier)
.setHttpExchangeSupplier(h -> new ElytronHttpExchange(h) {
@Override
public void authenticationComplete(SecurityIdentity securityIdentity, String mechanismName) {
super.authenticationComplete(securityIdentity, mechanismName);
h.putAttachment(ElytronIdentityHandler.IDENTITY_KEY, securityIdentity);
}
})
.build();
return domainHandler;
}
private static HttpHandler wrapHttpHeader(final HttpHandler toWrap, final String header, final String value) {
return new SetHeaderHandler(toWrap, header, value);
}
private static Function<HttpServerExchange, Boolean> ALWAYS_READY = new Function<HttpServerExchange, Boolean>() {
@Override
public Boolean apply(HttpServerExchange httpServerExchange) {
return true;
}
};
public static Builder builder() {
return new Builder();
}
public static class Builder {
private boolean built = false;
private InetSocketAddress bindAddress;
private InetSocketAddress secureBindAddress;
private ModelController modelController;
private SSLContext sslContext;
private SslClientAuthMode sslClientAuthMode;
private HttpAuthenticationFactory httpAuthenticationFactory;
private ConsoleMode consoleMode;
private String consoleSlot;
private ChannelUpgradeHandler upgradeHandler;
private ManagementHttpRequestProcessor managementHttpRequestProcessor;
private Collection<String> allowedOrigins;
private XnioWorker worker;
private Executor executor;
private Map<String, List<Header>> constantHeaders;
private ConsoleAvailability consoleAvailability;
private Builder() {
}
public Builder setBindAddress(InetSocketAddress bindAddress) {
assertNotBuilt();
this.bindAddress = bindAddress;
return this;
}
public Builder setSecureBindAddress(InetSocketAddress secureBindAddress) {
assertNotBuilt();
this.secureBindAddress = secureBindAddress;
return this;
}
public Builder setModelController(ModelController modelController) {
assertNotBuilt();
this.modelController = modelController;
return this;
}
public Builder setSSLContext(SSLContext sslContext) {
assertNotBuilt();
this.sslContext = sslContext;
return this;
}
public Builder setHttpAuthenticationFactory(HttpAuthenticationFactory httpAuthenticationFactory) {
assertNotBuilt();
this.httpAuthenticationFactory = httpAuthenticationFactory;
return this;
}
public Builder setConsoleMode(ConsoleMode consoleMode) {
assertNotBuilt();
this.consoleMode = consoleMode;
return this;
}
public Builder setConsoleSlot(String consoleSlot) {
assertNotBuilt();
this.consoleSlot = consoleSlot;
return this;
}
public Builder setChannelUpgradeHandler(ChannelUpgradeHandler upgradeHandler) {
assertNotBuilt();
this.upgradeHandler = upgradeHandler;
return this;
}
public Builder setManagementHttpRequestProcessor(ManagementHttpRequestProcessor managementHttpRequestProcessor) {
assertNotBuilt();
this.managementHttpRequestProcessor = managementHttpRequestProcessor;
return this;
}
public Builder setAllowedOrigins(Collection<String> allowedOrigins) {
assertNotBuilt();
this.allowedOrigins = allowedOrigins;
return this;
}
public Builder setWorker(XnioWorker worker) {
assertNotBuilt();
this.worker = worker;
return this;
}
public Builder setExecutor(Executor executor) {
assertNotBuilt();
this.executor = executor;
return this;
}
/**
* Set a map of constant headers that should be set on each response by matching the path of the incoming request.
*
* The key is the path prefix that will be matched against the canonicalised path of the incoming request. The value is
* a {@link List} or {@link Header} instances.
*
* The entry set and list interated so if the Map implementation supports ordering the ordering will be preserved.
*/
public Builder setConstantHeaders(Map<String, List<Header>> constantHeaders) {
assertNotBuilt();
this.constantHeaders = constantHeaders;
return this;
}
public ManagementHttpServer build() {
assertNotBuilt();
ManagementHttpServer managementHttpServer = create(this);
built = true;
return managementHttpServer;
}
private void assertNotBuilt() {
if (built) {
throw ROOT_LOGGER.managementHttpServerAlreadyBuild();
}
}
public Builder setConsoleAvailability(ConsoleAvailability consoleAvailability) {
assertNotBuilt();
this.consoleAvailability = consoleAvailability;
return this;
}
}
/**
* Handler to work around a bug with old XNIO versions that did not handle
* content-length for HTTP upgrade. This should be removed when it is no longer
* nessesary to support WF 8.x clients.
*/
private static class UpgradeFixHandler implements HttpHandler {
final HttpHandler next;
private UpgradeFixHandler(HttpHandler next) {
this.next = next;
}
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
if(exchange.getRequestHeaders().contains(Headers.UPGRADE)) {
exchange.addResponseWrapper((factory, ex) -> {
StreamSinkConduit ret = factory.create();
if(exchange.getResponseHeaders().contains(Headers.UPGRADE)) {
exchange.getResponseHeaders().add(Headers.CONTENT_LENGTH, "0");
}
return ret;
});
}
next.handleRequest(exchange);
}
}
private static class RemapHandler implements HttpHandler {
private final PathRemapper remapper;
private final HttpHandler next;
private RemapHandler(PathRemapper remapper, HttpHandler next) {
this.remapper = remapper;
this.next = next;
}
@Override
public void handleRequest(HttpServerExchange exchange) throws Exception {
if (Methods.POST.equals(exchange.getRequestMethod())) {
ResponseCodeHandler.HANDLE_405.handleRequest(exchange);
return;
}
String origReqPath = exchange.getRelativePath();
String remapped = remapper.remapPath(origReqPath);
if (remapped == null) {
ResponseCodeHandler.HANDLE_404.handleRequest(exchange);
return;
}
exchange.setRelativePath(remapped);
// Note: we only change the relative path, not other exchange data that
// incorporates it (like getRequestPath(), getRequestURL()) and not the
// resolved path. If this request gets to DomainApiHandler, it should
// work off the relative path. Other handlers in between may need the
// original data.
next.handleRequest(exchange);
}
}
public SocketAddress getLocalAddress() {
return normalServer.getLocalAddress();
}
public <A extends SocketAddress> A getLocalAddress(Class<A> type) {
return normalServer.getLocalAddress(type);
}
public SocketAddress getSecureLocalAddress() {
return secureServer.getLocalAddress();
}
public <A extends SocketAddress> A getSecureLocalAddress(Class<A> type) {
return secureServer.getLocalAddress(type);
}
}