问题
I'm using Jersey with an embedded version of Grizzly and I'd like to bind/listen on localhost ONLY. I'm creating the ThreadSelector using the GrizzlyWebContainerFactory with the create call:
threadSelector = GrizzlyWebContainerFactory.create("http://127.0.0.1:8080/", initParams);
This works, but I'm still able to hit the server from an external machine. How can I get it to bind to/listen on ONLY localhost?
This is for configuration stuff, so I don't want anything off box to be able to connect to this server.
回答1:
I was able to do this using the hostname localhost
in Jersey 2.3.1 with an embedded version of Grizzly:
import org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpServerFactory;
// ...
GrizzlyHttpServerFactory.createHttpServer(
URI.create("http://localhost:9580/my-app/")
);
Testing results in:
> curl -I http://myhost.com:9580/my-app
curl: (7) couldn't connect to host
Whereas when starting the Grizzly server with the URIs "http://0.0.0.0:9580/my-app/"
, or "http://myhost.com:9580/my-app/"
I am be able to hit it with
> curl -I http://myhost.com:9580/my-app
HTTP/1.1 200 Not Found
...
Here's a table of which hosts work with which URLs when using GrizzlyHttpServerFactory
. No surprises here, as far as I understand:
# For http://0.0.0.0:9575/my-app | Works?
curl -I http://0.0.0.0:9575/my-app | Yes
curl -I http://127.0.0.1:9575/my-app | Yes
curl -I http://localhost:9575/my-app | Yes
curl -I http://myhost.com:9575/my-app | Yes
|
# For http://127.0.0.1:9575/my-app |
# For http://localhost:9575/my-app |
curl -I http://0.0.0.0:9575/my-app | Yes
curl -I http://127.0.0.1:9575/my-app | Yes
curl -I http://localhost:9575/my-app | Yes
curl -I http://myhost.com:9575/my-app | No
|
# For http://myhost.com:9585/my-app |
curl -I http://0.0.0.0:9585/my-app | No
curl -I http://127.0.0.1:9585/my-app | No
curl -I http://localhost:9575/my-app | No
curl -I http://myhost.com:9585/my-app | Yes
回答2:
You can easily extend the GrizzlyWebContainerFactory to support this requirement (since the class is final, I have created a self-contained utility that allows you to bind the listening socket to localhost). You could use this utility as:
SelectorThread threadSelector = GrizzlyWebContainerFactoryUtil.create("http://127.0.0.1:8080/", initParams, true);
Setting the last parameter to true forces it to bind to localhost. The only code I added to support this requirement is:
selectorThread.setAddress(InetAddress.getByName("localhost"));
The entire utility class is shown below:
import com.sun.grizzly.http.SelectorThread;
import com.sun.grizzly.http.servlet.ServletAdapter;
import com.sun.grizzly.standalone.StaticStreamAlgorithm;
import com.sun.grizzly.tcp.Adapter;
import com.sun.grizzly.tcp.http11.GrizzlyAdapter;
import com.sun.jersey.api.container.ContainerException;
import com.sun.jersey.api.core.ClasspathResourceConfig;
import com.sun.jersey.spi.container.servlet.ServletContainer;
import javax.servlet.Servlet;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.URI;
import java.util.Map;
public class GrizzlyWebContainerFactoryUtil {
public static SelectorThread create(String u, Map<String, String> initParams, boolean localHostOnly)
throws IOException, IllegalArgumentException {
if (u == null)
throw new IllegalArgumentException("The URI must not be null");
return create(URI.create(u), initParams, localHostOnly);
}
public static SelectorThread create(URI u, Map<String, String> initParams, boolean localHostOnly) throws IOException {
return create(u, ServletContainer.class, initParams, localHostOnly);
}
public static SelectorThread create(URI u, Class<? extends Servlet> c,
Map<String, String> initParams, boolean localHostOnly) throws IOException {
if (u == null)
throw new IllegalArgumentException("The URI must not be null");
ServletAdapter adapter = new ServletAdapter();
if (initParams == null) {
adapter.addInitParameter(ClasspathResourceConfig.PROPERTY_CLASSPATH,
System.getProperty("java.class.path").replace(File.pathSeparatorChar, ';'));
} else {
for (Map.Entry<String, String> e : initParams.entrySet()) {
adapter.addInitParameter(e.getKey(), e.getValue());
}
}
adapter.setServletInstance(getInstance(c));
String path = u.getPath();
if (path == null)
throw new IllegalArgumentException("The URI path, of the URI " + u +
", must be non-null");
else if (path.length() == 0)
throw new IllegalArgumentException("The URI path, of the URI " + u +
", must be present");
else if (path.charAt(0) != '/')
throw new IllegalArgumentException("The URI path, of the URI " + u +
". must start with a '/'");
if (path.length() > 1) {
if (path.endsWith("/"))
path = path.substring(0, path.length() - 1);
adapter.setContextPath(path);
}
return create(u, adapter, localHostOnly);
}
private static Servlet getInstance(Class<? extends Servlet> c) {
try {
return c.newInstance();
} catch (Exception e) {
throw new ContainerException(e);
}
}
public static SelectorThread create(URI u, Adapter adapter, boolean localHostOnly)
throws IOException, IllegalArgumentException {
if (u == null)
throw new IllegalArgumentException("The URI must not be null");
// TODO support https
final String scheme = u.getScheme();
if (!scheme.equalsIgnoreCase("http"))
throw new IllegalArgumentException("The URI scheme, of the URI " + u +
", must be equal (ignoring case) to 'http'");
if (adapter instanceof GrizzlyAdapter) {
GrizzlyAdapter ga = (GrizzlyAdapter) adapter;
ga.setResourcesContextPath(u.getRawPath());
}
final SelectorThread selectorThread = new SelectorThread();
selectorThread.setAlgorithmClassName(StaticStreamAlgorithm.class.getName());
final int port = (u.getPort() == -1) ? 80 : u.getPort();
selectorThread.setPort(port);
if (localHostOnly) {
selectorThread.setAddress(InetAddress.getByName("localhost"));
}
selectorThread.setAdapter(adapter);
try {
selectorThread.listen();
} catch (InstantiationException e) {
IOException _e = new IOException();
_e.initCause(e);
throw _e;
}
return selectorThread;
}
}
来源:https://stackoverflow.com/questions/6050407/grizzly-jersey-listening-only-on-localhost