我使用jetty 9.2.5创建了一个简单的嵌入式WebSocket服务器。使用不安全的连接时,服务器可以正常运行。当我添加SSL连接器时,客户端无法使用https方案连接," wss" vs" ws",我看到一个badMessage警告:
31710 [qtp6566818-16] WARN org.eclipse.jetty.http.HttpParser - badMessage: 400 Illegal character 0x16 in state=START in '\x16<<<\x03\x01\x00\xAb\x01\x00\x00\xA7\x03\x037%\x03d\xFf\xBd\xE8...\x01\x05\x01\x02\x01\x04\x03\x05\x03\x02\x03\x04\x02\x02\x02>>>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00...\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' for HttpChannelOverHttp@f59306{r=0,c=false,a=IDLE,uri=-}
当我将URI恢复为不安全的WebSocket方案时,客户端没有问题:
40559 [qtp6566818-17] INFO com.datafascia.emerge.websocketEchoService.EchoService - Connected ...
40562 [qtp6566818-17] INFO com.datafascia.emerge.websocketEchoService.EchoService - Session: WebSocketSession[websocket=JettyAnnotatedEventDriver[com.datafascia.emerge.websocketEchoService.EchoService@18c45017],behavior=SERVER,connection=WebSocketServerConnection@77882dcc{IDLE}{f=Flusher[queueSize=0,aggregateSize=0,failure=null],g=Generator[SERVER,validating],p=Parser@61ed4bc3[ExtensionStack,s=START,c=0,len=0,f=null,p=WebSocketPolicy@379e5d9e[behavior=SERVER,maxTextMessageSize=65536,maxTextMessageBufferSize=32768,maxBinaryMessageSize=65536,maxBinaryMessageBufferSize=32768,asyncWriteTimeout=60000,idleTimeout=300000,inputBufferSize=4096]]},remote=WebSocketRemoteEndpoint@2e93a9a8[batching=true],incoming=JettyAnnotatedEventDriver[com.datafascia.emerge.websocketEchoService.EchoService@18c45017],outgoing=ExtensionStack[queueSize=0,extensions=[],incoming=org.eclipse.jetty.websocket.common.WebSocketSession,outgoing=org.eclipse.jetty.websocket.server.WebSocketServerConnection]]
40571 [qtp6566818-16] INFO com.datafascia.emerge.websocketEchoService.EchoService - incomingMessage= 05501140317063844 123CYC EMERGE-123C015083
40578 [qtp6566818-17] INFO com.datafascia.emerge.websocketEchoService.EchoService - Connection closed with statusCode: 1005, reason: null
服务器的代码几乎取自我在jetty网站和互联网上遇到的例子。以下是设置WebSocket servlet的代码:
// Setup the websocket server
Server server = new Server(websocketPort);
if (wssEnabled) {
// Add http/s connectors
//connector = new ServerConnector(server);
//connector.setPort(websocketPort);
// HTTP Configuration
HttpConfiguration http_config = new HttpConfiguration();
http_config.setSecureScheme("https");
http_config.setSecurePort(8443);
http_config.setOutputBufferSize(32768);
http_config.setRequestHeaderSize(8192);
http_config.setResponseHeaderSize(8192);
http_config.setSendServerVersion(true);
http_config.setSendDateHeader(false);
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath("/home/jedwards/keystore");
logger.info("keystore path: {}", sslContextFactory.getKeyStorePath());
sslContextFactory.setKeyStorePassword("1deadparrot");
sslContextFactory.setKeyManagerPassword("1deadparrot");
sslContextFactory.setExcludeCipherSuites(
"SSL_RSA_WITH_DES_CBC_SHA","SSL_DHE_RSA_WITH_DES_CBC_SHA","SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5","SSL_RSA_EXPORT_WITH_DES40_CBC_SHA","SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
// SSL HTTP Configuration
HttpConfiguration https_config = new HttpConfiguration(http_config);
https_config.addCustomizer(new SecureRequestCustomizer());
// SSL Connector
connector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(https_config));
connector.setPort(8443);
connector.setIdleTimeout(500000);
} else {
// Basic HTTP connector
connector = new ServerConnector(server);
connector.setPort(websocketPort);
}
ServletContextHandler ctx = new ServletContextHandler();
ctx.setContextPath("/");
ctx.addServlet(EmergeEchoServiceSocketServlet.class, websocketServicePoint);
server.setHandler(ctx);
server.addConnector(connector);
// Start the websocket server
server.start();
logger.info("server status: {}", server.dump());
server.join();
我使用推荐的命令创建了自签名证书和密钥对:
keytool -keystore keystore -alias jetty -genkey -keyalg RSA
此时我感到很茫然,因为我相信我已经正确设置了嵌入式WebSocket servlet。所以我认为它显而易见,但我无法弄清楚问题。
答案 0 :(得分:0)
我稍微简化了代码,并且能够使SSL WebSockets服务器正常工作。我还在使用自签名证书,所以它只是本地证书。我可以使用IP地址,但不能使用&#34; localhost&#34;例如&#34; WSS://192.168.2.115:8443 /服务点&#34 ;.
这是新代码:
// Setup the websocket server
Server server = new Server();
if (wssEnabled) {
// HTTP Configuration
HttpConfiguration https_config = new HttpConfiguration();
https_config.setSecureScheme("https");
https_config.setSecurePort(8443);
https_config.setSendServerVersion(true);
https_config.setSendDateHeader(false);
https_config.addCustomizer(new SecureRequestCustomizer());
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath("/pathTo//keystore");
sslContextFactory.setTrustStorePath("/pathTo/keystore");
logger.info("keystore path: {}", sslContextFactory.getKeyStorePath());
sslContextFactory.setKeyStorePassword("myPassword");
sslContextFactory.setKeyManagerPassword("myPassword");
sslContextFactory.setTrustStorePassword("myPassword");
sslContextFactory.setExcludeCipherSuites(
"SSL_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_RSA_WITH_DES_CBC_SHA",
"SSL_DHE_DSS_WITH_DES_CBC_SHA",
"SSL_RSA_EXPORT_WITH_RC4_40_MD5",
"SSL_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA",
"SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA");
// SSL Connector
connector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory,HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(https_config));
connector.setPort(8443);
} else {
// Basic HTTP connector
connector = new ServerConnector(server);
connector.setPort(websocketPort);
}
ServletContextHandler ctx = new ServletContextHandler();
ctx.setContextPath("/");
ctx.addServlet(EmergeEchoServiceSocketServlet.class, "/dF" + websocketServicePoint);
server.setHandler(ctx);
server.addConnector(connector);
// Start the websocket server
server.start();
logger.info("server status: {}", server.dump());
server.join();
}