如何将安全的Jersey应用程序部署到Heroku

时间:2016-06-09 22:16:41

标签: java heroku jersey grizzly

很容易弄清楚如何将使用Grizzly的Jersey应用程序部署到Heroku。一旦我获得了基本的应用程序,我决定按照https-clientserver-grizzly示例中的说明来保护我的端点,但是遇到了将它部署到Heroku的一些问题。

部署到Heroku后,服务器拒绝响应,关闭所有连接请求而不发送响应。本地我没有问题,只有当我部署到Heroku时才发生此错误。

我在下面列出了 Server.java 文件的相关部分。

public class Server extends ResourceConfig {
    private static final String DEFAULT_SERVER_PORT = "8443";
    private static final String KEY_SERVER_PORT = "server.port";
    private static final String KEY_TRUST_PASSWORD = "TRUST_PASSWORD";
    private static final String KEYSTORE_SERVER_FILE = "./security/keystore_server";
    private static final String LOCALHOST = "https://0.0.0.0:%s/v1";
    private static final String TRUSTSTORE_SERVER_FILE = "./security/truststore_server";

    private final String endpoint;
    private final HttpServer httpServer;

    private Server(final String endpoint) throws KeyManagementException, 
            NoSuchAlgorithmException, KeyStoreException, CertificateException,
            FileNotFoundException, IOException, UnrecoverableKeyException {
        super();

        ...

        URI.create(this.endpoint),
                this,
                true,
                secure());

        this.httpServer.start();

        System.out.println(String.format(
                "Jersey app started with WADL available at %s/application.wadl",
                this.endpoint));
    }


    /**
     * Generates a secure configurator for the server.
     * @return A {@link SSLEngineConfigurator} instance for the server.
     * @throws IOException If the key or trust store password cannot be read.
     * @throws RuntimeException If the configuration is considered invalid.
     */
    private static SSLEngineConfigurator secure() throws IOException, RuntimeException {
        // Set up security context
        final String password = System.getenv(KEY_TRUST_PASSWORD);
        if (password == null) {
            throw new RuntimeException("Truststore password is not set in the environment");
        }

        // Grizzly ssl configuration
        SSLContextConfigurator sslContext = new SSLContextConfigurator();

        // set up security context
        sslContext.setKeyStoreFile(KEYSTORE_SERVER_FILE); // contains server keypair
        sslContext.setKeyStorePass(password);
        sslContext.setTrustStoreFile(TRUSTSTORE_SERVER_FILE); // contains client certificate
        sslContext.setTrustStorePass(password);
        sslContext.setSecurityProtocol("TLS");

        if (!sslContext.validateConfiguration(true)) {
            throw new RuntimeException("SSL context is invalid");
        }

        return new SSLEngineConfigurator(sslContext)
                .setClientMode(false)
                .setNeedClientAuth(false);
    }
}

如果有人为此而奋斗并有任何建议,我将不胜感激!

1 个答案:

答案 0 :(得分:1)

在Heroku上,您不需要自己在Java应用程序中设置HTTPS。 Heroku为您处理HTTPS,并且在Heroku路由器上发生SSL终止,因此流量在到达您的应用时未加密。

只需访问您的网站https://.herokuapp.com

相关问题
最新问题