1.ssl配置
jetty-maven-plugin上的配置
原文链接: http://juplo.de/configure-https-for-jetty-maven-plugin-9-0-x/
jetty.xml
<?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd"> <!-- ============================================================= --> <!-- Configure the Http Configuration --> <!-- ============================================================= --> <Configure id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> <Set name="secureScheme">https</Set> <Set name="securePort"><Property name="jetty.secure.port" default="8443" /></Set> <Set name="outputBufferSize">32768</Set> <Set name="requestHeaderSize">8192</Set> <Set name="responseHeaderSize">8192</Set> <Set name="sendServerVersion">true</Set> <Set name="sendDateHeader">false</Set> <Set name="headerCacheSize">512</Set> <!-- Uncomment to enable handling of X-Forwarded- style headers <Call name="addCustomizer"> <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg> </Call> --> </Configure>
jetty-ssl.xml
<?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd"> <!-- ============================================================= --> <!-- Configure a TLS (SSL) Context Factory --> <!-- This configuration must be used in conjunction with jetty.xml --> <!-- and either jetty-https.xml or jetty-spdy.xml (but not both) --> <!-- ============================================================= --> <Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory"> <Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="jetty_9_setting/jetty.keystore"/></Set> <Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="secret"/></Set> <Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="secret"/></Set> <Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="jetty_9_setting/jetty.keystore"/></Set> <Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="secret"/></Set> <Set name="EndpointIdentificationAlgorithm"></Set> <Set name="ExcludeCipherSuites"> <Array type="String"> <Item>SSL_RSA_WITH_DES_CBC_SHA</Item> <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item> <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item> <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item> <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item> <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item> <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item> </Array> </Set> <!-- =========================================================== --> <!-- Create a TLS specific HttpConfiguration based on the --> <!-- common HttpConfiguration defined in jetty.xml --> <!-- Add a SecureRequestCustomizer to extract certificate and --> <!-- session information --> <!-- =========================================================== --> <New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> <Arg><Ref refid="httpConfig"/></Arg> <Call name="addCustomizer"> <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg> </Call> </New> </Configure>
jetty-http.xml
<?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd"> <!-- ============================================================= --> <!-- Configure the Jetty Server instance with an ID "Server" --> <!-- by adding a HTTP connector. --> <!-- This configuration must be used in conjunction with jetty.xml --> <!-- ============================================================= --> <Configure id="Server" class="org.eclipse.jetty.server.Server"> <!-- =========================================================== --> <!-- Add a HTTP Connector. --> <!-- Configure an o.e.j.server.ServerConnector with a single --> <!-- HttpConnectionFactory instance using the common httpConfig --> <!-- instance defined in jetty.xml --> <!-- --> <!-- Consult the javadoc of o.e.j.server.ServerConnector and --> <!-- o.e.j.server.HttpConnectionFactory for all configuration --> <!-- that may be set here. --> <!-- =========================================================== --> <Call name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"><Ref refid="Server" /></Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> <Arg name="config"><Ref refid="httpConfig" /></Arg> </New> </Item> </Array> </Arg> <Set name="host"><Property name="jetty.host" /></Set> <Set name="port"><Property name="jetty.port" default="8080" /></Set> <Set name="idleTimeout"><Property name="http.timeout" default="30000"/></Set> </New> </Arg> </Call> </Configure>
jetty-https.xml
<?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd"> <!-- ============================================================= --> <!-- Configure a HTTPS connector. --> <!-- This configuration must be used in conjunction with jetty.xml --> <!-- and jetty-ssl.xml. --> <!-- ============================================================= --> <Configure id="Server" class="org.eclipse.jetty.server.Server"> <!-- =========================================================== --> <!-- Add a HTTPS Connector. --> <!-- Configure an o.e.j.server.ServerConnector with connection --> <!-- factories for TLS (aka SSL) and HTTP to provide HTTPS. --> <!-- All accepted TLS connections are wired to a HTTP connection.--> <!-- --> <!-- Consult the javadoc of o.e.j.server.ServerConnector, --> <!-- o.e.j.server.SslConnectionFactory and --> <!-- o.e.j.server.HttpConnectionFactory for all configuration --> <!-- that may be set here. --> <!-- =========================================================== --> <Call id="httpsConnector" name="addConnector"> <Arg> <New class="org.eclipse.jetty.server.ServerConnector"> <Arg name="server"><Ref refid="Server" /></Arg> <Arg name="factories"> <Array type="org.eclipse.jetty.server.ConnectionFactory"> <Item> <New class="org.eclipse.jetty.server.SslConnectionFactory"> <Arg name="next">http/1.1</Arg> <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg> </New> </Item> <Item> <New class="org.eclipse.jetty.server.HttpConnectionFactory"> <Arg name="config"><Ref refid="sslHttpConfig"/></Arg> </New> </Item> </Array> </Arg> <Set name="host"><Property name="jetty.host" /></Set> <Set name="port"><Property name="https.port" default="8443" /></Set> <Set name="idleTimeout"><Property name="https.timeout" default="30000"/></Set> </New> </Arg> </Call> </Configure>
jetty.keystore
jetty.keystore(上传不了附件?)反正可以用openSsl之类的生成。
在jetty-ssl.xml中需要设置keystore的位置和密码,可以把你所要keystore密码和位置在jetty-ssl.xml设置。
<!-- jetty_9_setting --> <plugin> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-maven-plugin</artifactId> <version>9.0.5.v20130815</version> <configuration> <systemProperties> <systemProperty> <name>java.security.auth.login.config</name> <value>props.conf</value> </systemProperty> </systemProperties> <jettyXml>${project.basedir}/jetty_9_setting/jetty.xml,${project.basedir}/jetty_9_setting/jetty-http.xml,${project.basedir}/jetty_9_setting/jetty-ssl.xml,${project.basedir}/jetty_9_setting/jetty-https.xml </jettyXml> </configuration> </plugin>
在pom.xml中,jetty的设置如下:
在<jettyXml>中为各个配置文件的路径加文件名。
jetty distribution(普通模式)上的配置
执行java -jar start.jar --add-to-startd=https,
--add-to-startd执行如下操作:
1)创建https.ini文件激活和配置https连接器模块。https模块增加etc/jetty-https.xml文件到命令行中。
2)创建start.d/ssl.ini文件激活和配置SSL keystore。ssl模块增加etc/jetty-ssl.xml文件到命令行。
2.JNDI配置
若想使用maven进行配置,则无需在pom.xml中进行配置。以配置Datasource为例,在{project}/WEB-INF/中添加配置文件jetty-env.xml:
<Configure id= "wac" class ="org.eclipse.jetty.webapp.WebAppContext"> <New id="myds" class="org.eclipse.jetty.plus.jndi.Resource" > <Arg><Ref refid='wac' /></Arg> <Arg>jdbc/myds </Arg> <Arg> <New class="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource" > <Set name ="Url"> jdbc:mysql://localhost:3306/cp </Set> <Set name ="User"> root</Set> <Set name ="Password"> 1234</Set> </New> </Arg> </New> </Configure>
在{project}/WEB-INF/web.xml中添加:
<resource-ref> <description>My DataSource Reference</description> <res-ref-name>jdbc/myds</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> </resource-ref>
其中jdbc/myds为Datasource的名字,在程序中可以通过以下方法获得:
context = new InitialContext(); DataSource source = (DataSource)context.lookup("java:comp/env/jdbc/myds");
PS:在{project}/WEB-INF/jetty-env.xml中配置Datasource, 范围只在Application(项目范围内)。如果在jetty distribution(普通情况下)使用,可以在etc/jetty.xml中配置添加上,需要注意的是要把连接数据库的包(jdbc什么的)放在{jetty.home}/lib/ext中:
<New id= "myds" class ="org.eclipse.jetty.plus.jndi.Resource" > <Arg><Ref refid ='Server' /></Arg> <!-- 范围为整个 Server --> <!-- <Arg></Arg> 范围为整个 JVM --> <Arg>jdbc/myds </Arg> <Arg> <New class ="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource" > <Set name = "Url"> jdbc:mysql://localhost:3306/cp </Set> <Set name = "User"> root </Set> <Set name = "Password"> 1234 </Set> </New> </Arg> </New>
还有其他方式,见官方文档。
3.Jaas配置
jetty-maven-plugin上的配置
在pom.xml中声明系统参数:
<!-- jetty_9_setting --> <plugin> <groupId>org.eclipse.jetty</groupId> <artifactId>jetty-maven-plugin</artifactId> <version>9.0.5.v20130815</version> <configuration> <systemProperties> <systemProperty> <name>java.security.auth.login.config</name> <value>props.conf</value> </systemProperty> </systemProperties> </configuration> </plugin>
props.conf为jaas的配置文件:
props { org.eclipse.jetty.jaas.spi.DataSourceLoginModule required debug="true" dbJNDIName="jdbc/myds" userTable="users" userField="user_name" credentialField="password" userRoleTable="users" userRoleUserField="user_name" userRoleRoleField="level"; };
该props.conf为用Datasource作为jaas登陆。
jetty distribution(普通模式)上的配置
在start.ini里加上“--module=jaas,然后把配置文件放在{jetty.home}/etc/下并改名为login.conf就可以了