SSL with Grizzly and Jersey

前端 未结 4 1602
一整个雨季
一整个雨季 2021-02-08 12:30

I\'m trying to get grizzly to use SSL encryption and still work fine with Jersey. I\'ve looked all over the Internet, and I find all kinds of different attempts at SSL with Griz

相关标签:
4条回答
  • 2021-02-08 13:12

    IMO you can use different Factory method to initialize secured Grizzly HttpServer:

    HttpServer secure = GrizzlyServerFactory.createHttpServer(BASE_URI_SECURED,
                            ContainerFactory.createContainer(HttpHandler.class, rc),
                            true,
                            new SSLEngineConfigurator(sslCon));
    

    If you initialize the server like this, you don't need to stop and reconfigure it again.

    Hope this will help.

    0 讨论(0)
  • 2021-02-08 13:18

    The following code works with Grizzly 2.3.7 and I am using Jersey 1.18 - this includes code for SSL Client Authentication - if you don't have the keystores this feature will simply be ignored.

    /**
     * create a Server based on an url and possibly a ResourceConfig
     * 
     * @param url
     * @param rc
     * @param secure
     *          - true if SSL should be used
     * @param contextPath 
     * @return
     * @throws Exception
     */
    public HttpServer createHttpServer(String url, ResourceConfig rc,
            boolean secure, String contextPath) throws Exception {
        // HttpServer result = GrizzlyServerFactory.createHttpServer(url, rc);
        // http://grepcode.com/file/repo1.maven.org/maven2/com.sun.jersey/jersey-grizzly2/1.6/com/sun/jersey/api/container/grizzly2/GrizzlyServerFactory.java#GrizzlyServerFactory.createHttpServer%28java.net.URI%2Ccom.sun.jersey.api.container.grizzly2.ResourceConfig%29
        HttpServer result = new HttpServer();
        final NetworkListener listener = new NetworkListener("grizzly",
                settings.getHost(), settings.getPort());
        result.addListener(listener);
        // do we need SSL?
        if (secure) {
            listener.setSecure(secure);
            SSLEngineConfigurator sslEngineConfigurator = createSSLConfig(true);
            listener.setSSLEngineConfig(sslEngineConfigurator);
        }
        // Map the path to the processor.
        final ServerConfiguration config = result.getServerConfiguration();
        final HttpHandler handler = ContainerFactory.createContainer(
                HttpHandler.class, rc);
        config.addHttpHandler(handler, contextPath);
        return result;
    }
    
      /**
     * create SSL Configuration
     * 
     * @param isServer
     *          true if this is for the server
     * @return
     * @throws Exception
     */
    private SSLEngineConfigurator createSSLConfig(boolean isServer)
            throws Exception {
        final SSLContextConfigurator sslContextConfigurator = new SSLContextConfigurator();
        // override system properties
        final File cacerts = getStoreFile("server truststore",
                "truststore_server.jks");
        if (cacerts != null) {
            sslContextConfigurator.setTrustStoreFile(cacerts.getAbsolutePath());
            sslContextConfigurator.setTrustStorePass(TRUSTSTORE_PASSWORD);
        }
    
        // override system properties
        final File keystore = getStoreFile("server keystore", "keystore_server.jks");
        if (keystore != null) {
            sslContextConfigurator.setKeyStoreFile(keystore.getAbsolutePath());
            sslContextConfigurator.setKeyStorePass(TRUSTSTORE_PASSWORD);
        }
    
        //
        boolean clientMode = false;
        // force client Authentication ...
        boolean needClientAuth = settings.isNeedClientAuth();
        boolean wantClientAuth = settings.isWantClientAuth();
        SSLEngineConfigurator result = new SSLEngineConfigurator(
                sslContextConfigurator.createSSLContext(), clientMode, needClientAuth,
                wantClientAuth);
        return result;
    }
    
    0 讨论(0)
  • 2021-02-08 13:32

    I have a nice and tested example using Grizzly 2.3.3 in: https://github.com/danielnuriyev/scriptedstuff/tree/master/src/com/scriptedstuff/server

    0 讨论(0)
  • 2021-02-08 13:35

    Sorry to take so long to post this up here. Alexey's answer led me to the working solution, which is a lot like Wolfgang Fahl's code. Here's what I ended up with:

    static HttpServer startSecureServer() throws IOException
    {
        System.out.println("Starting server on port " + ConfigLoader.getHttpsServerPort());
        ResourceConfig rc = new PackagesResourceConfig("com.kinpoint.server.grizzlyresources");
    
        SSLContextConfigurator sslCon = new SSLContextConfigurator();
    
        sslCon.setKeyStoreFile(ConfigLoader.getKeystoreLocation()); // contains server keypair
        sslCon.setKeyStorePass(ConfigLoader.getKeystorePassword());
    
        HttpHandler hand = ContainerFactory.createContainer(HttpHandler.class, rc);
    
        HttpServer secure = GrizzlyServerFactory.createHttpServer(BASE_URI_SECURED, hand, true,
                new SSLEngineConfigurator(sslCon, false, false, false));
    
        return secure;
    }
    

    The second parameter in the SSLEngineConfigurator tells it not to use client mode. That was what was messing me up. Thanks for the help.

    0 讨论(0)
提交回复
热议问题