有人可以帮助将代码从jetty 8迁移到9.2.1。
我需要让jetty监听端口80(http)并将每个请求重定向到443(https)。
这是jetty 8的代码,但它在9.2.1上不起作用。版本9使用ServerConnector,但我无法找到有关如何使用 setConfidentialPort 属性的示例。
Server server = new Server();
//Create a connector on port 80 to listen for HTTP requests
SelectChannelConnector httpConnector = new SelectChannelConnector();
httpConnector.setPort(80);
server.addConnector(httpConnector);
//Create a connector on port 443 to listen for HTTPS requests
SslSocketConnector httpsConnector = new SslSocketConnector();
httpsConnector.setPort(443);
httpsConnector.setKeystore("name_of_the_keystore");
httpsConnector.setPassword("password_for_the_keystore");
httpsConnector.setKeyPassword("password_for_the_key");
server.addConnector(httpsConnector);
//Redirect the HTTP requests to HTTPS port
httpConnector.setConfidentialPort(443);
答案 0 :(得分:10)
我自己也遇到了麻烦。我通过使用https://serverfault.com/questions/367660/how-to-have-jetty-redirect-http-to-https中找到的web.xml将示例转换为以下内容来解决这个问题:
基本上,您必须添加一个安全约束,强制所有路径中的所有数据都是机密的,否则会引发!403错误。然后配置http连接器以将所有!403错误重定向到https:
Server server = new Server();
// HTTP Configuration
HttpConfiguration http_config = new HttpConfiguration();
http_config.addCustomizer(new SecureRequestCustomizer());
//these two settings allow !403 errors to be redirected to https
http_config.setSecureScheme("https");
http_config.setSecurePort(443);
//setup the secure config using the original http config + SecureRequestCustomizer
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());
// SSL Context Factory - tells how to access certificate info
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(EmbeddedJetty.class.getResource("/keystore.jks").toExternalForm());
sslContextFactory.setKeyStorePassword("keystorepassword");
sslContextFactory.setKeyManagerPassword("keymanagerpassword");
//Create a connector on port 80 to listen for HTTP requests (that will get redirected)
ServerConnector httpConnector = new ServerConnector(server);
httpConnector.addConnectionFactory(new HttpConnectionFactory(http_config));
httpConnector.setPort(80);
//Connector on port 443 for HTTPS requests
ServerConnector sslConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString()),
new HttpConnectionFactory(https_config));
sslConnector.setPort(443);
//setup the constraint that causes all http requests to return a !403 error
ConstraintSecurityHandler security = new ConstraintSecurityHandler();
Constraint constraint = new Constraint();
constraint.setDataConstraint(Constraint.DC_CONFIDENTIAL);
//makes the constraint apply to all uri paths
ConstraintMapping mapping = new ConstraintMapping();
mapping.setPathSpec( "/*" );
mapping.setConstraint( constraint );
security.addConstraintMapping(mapping);
//in my case I also define a ServletContextHandler for managing SpringMVC beans
//that I daisy-chain into the security handler like so:
//security.setHandler(servletContextHandler);
server.setHandler(security);
server.setConnectors(new Connector[] { httpConnector, sslConnector });
server.start();
server.join();
答案 1 :(得分:1)
public class Server extends org.eclipse.jetty.server.Server {
public Server(int httpPort, boolean enableSsl, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword, ...) {
initConnector(httpPort, enableSsl, httpsPort, keystorePath, keystorePassword, keyManagerPassword);
...
}
private void initConnector(int httpPort, boolean enableSsl, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword) {
if (enableSsl) {
final HttpConfiguration httpConfig = getHttpConfig(httpsPort);
final HttpConfiguration httpsConfig = getHttpsConfig(httpConfig);
final ServerConnector httpConnector = getHttpConnector(httpConfig, httpPort);
final ServerConnector httpsConnector = getHttpsConnector(httpsConfig, httpsPort, keystorePath, keystorePassword, keyManagerPassword);
setConnectors(httpConnector, httpsConnector);
addHandler(new SecuredRedirectHandler());
} else {
final ServerConnector serverConnector = new ServerConnector(this);
serverConnector.setPort(httpPort);
addConnector(serverConnector);
}
}
private void setConnectors(ServerConnector httpConnector, ServerConnector httpsConnector) {
setConnectors(new Connector[]{httpConnector, httpsConnector});
}
private ServerConnector getHttpsConnector(HttpConfiguration httpsConfig, int httpsPort, String keystorePath, String keystorePassword, String keyManagerPassword) {
final SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(keystorePath);
sslContextFactory.setKeyStorePassword(keystorePassword);
sslContextFactory.setKeyManagerPassword(keyManagerPassword);
sslContextFactory.setTrustStorePath(keystorePath);
sslContextFactory.setTrustStorePassword(keystorePassword);
final ServerConnector httpsConnector = new ServerConnector(this,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpsConfig));
httpsConnector.setPort(httpsPort);
return httpsConnector;
}
private ServerConnector getHttpConnector(HttpConfiguration httpConfig, int httpPort) {
final ServerConnector httpConnector = new ServerConnector(this);
httpConnector.addConnectionFactory(new HttpConnectionFactory(httpConfig));
httpConnector.setPort(httpPort);
return httpConnector;
}
private HttpConfiguration getHttpsConfig(HttpConfiguration httpConfig) {
final HttpConfiguration httpsConfig = new HttpConfiguration(httpConfig);
httpsConfig.addCustomizer(new SecureRequestCustomizer());
return httpsConfig;
}
private HttpConfiguration getHttpConfig(int httpsPort) {
final HttpConfiguration httpConfig = new HttpConfiguration();
httpConfig.addCustomizer(new SecureRequestCustomizer());
httpConfig.setSecureScheme(HttpScheme.HTTPS.asString());
httpConfig.setSecurePort(httpsPort);
return httpConfig;
}
private void addHandler(Handler handler) {
final Handler currentHandler = getHandler();
if (currentHandler == null) {
setHandler(handler);
} else {
if (currentHandler instanceof HandlerList) {
((HandlerList) currentHandler).addHandler(handler);
} else {
final HandlerList handlerList = new HandlerList();
handlerList.addHandler(currentHandler);
handlerList.addHandler(handler);
setHandler(handlerList);
}
}
}
}