org.mortbay.jetty.security
Class SslSocketConnector
java.lang.Object
org.mortbay.component.AbstractLifeCycle
org.mortbay.jetty.AbstractBuffers
org.mortbay.jetty.AbstractConnector
org.mortbay.jetty.bio.SocketConnector
org.mortbay.jetty.security.SslSocketConnector
- All Implemented Interfaces:
- LifeCycle, Buffers, Connector
public class SslSocketConnector
- extends SocketConnector
JSSE Socket Listener.
This specialization of HttpListener is an abstract listener that can be used as the basis for a
specific JSSE listener.
This is heavily based on the work from Court Demas, which in turn is based on the work from Forge
Research.
- Author:
- Greg Wilkins (gregw@mortbay.com), Court Demas (court@kiwiconsulting.com), Forge Research Pty Ltd ACN 003 491 576, Jan Hlavat�
Methods inherited from class org.mortbay.jetty.AbstractConnector |
connectionClosed, connectionOpened, getAcceptors, getAcceptQueueSize, getConfidentialPort, getConfidentialScheme, getConnections, getConnectionsDurationAve, getConnectionsDurationMax, getConnectionsDurationMin, getConnectionsDurationTotal, getConnectionsOpen, getConnectionsOpenMax, getConnectionsOpenMin, getConnectionsRequestsAve, getConnectionsRequestsMax, getConnectionsRequestsMin, getHost, getIntegralPort, getIntegralScheme, getLowResourceMaxIdleTime, getMaxIdleTime, getName, getPort, getRequests, getResolveNames, getServer, getSoLingerTime, getStatsOn, getStatsOnMs, getThreadPool, join, newContinuation, persist, setAcceptors, setAcceptQueueSize, setConfidentialPort, setConfidentialScheme, setHost, setIntegralPort, setIntegralScheme, setLowResourceMaxIdleTime, setMaxIdleTime, setName, setPort, setResolveNames, setServer, setSoLingerTime, setStatsOn, setThreadPool, statsReset, stopAccept, toString |
KEYPASSWORD_PROPERTY
public static final String KEYPASSWORD_PROPERTY
- String name of key password property.
- See Also:
- Constant Field Values
PASSWORD_PROPERTY
public static final String PASSWORD_PROPERTY
- String name of keystore password property.
- See Also:
- Constant Field Values
SslSocketConnector
public SslSocketConnector()
- Constructor.
configure
protected void configure(Socket socket)
throws IOException
- Overrides:
configure
in class AbstractConnector
- Throws:
IOException
createFactory
protected SSLServerSocketFactory createFactory()
throws Exception
- Throws:
Exception
customize
public void customize(EndPoint endpoint,
Request request)
throws IOException
- Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:
- an attribute named "javax.servlet.request.cipher_suite" of type String.
- an attribute named "javax.servlet.request.key_size" of type Integer.
- an attribute named "javax.servlet.request.X509Certificate" of type
java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate,
the order of this array is defined as being in ascending order of trust. The first
certificate in the chain is the one set by the client, the next is the one used to
authenticate the first, and so on.
- Specified by:
customize
in interface Connector
- Overrides:
customize
in class SocketConnector
- Parameters:
endpoint
- The Socket the request arrived on.
This should be a SocketEndPoint
wrapping a SSLSocket
.request
- HttpRequest to be customised.
- Throws:
IOException
getExcludeCipherSuites
public String[] getExcludeCipherSuites()
getKeystore
public String getKeystore()
getKeystoreType
public String getKeystoreType()
getNeedClientAuth
public boolean getNeedClientAuth()
getProtocol
public String getProtocol()
getProvider
public String getProvider()
getSecureRandomAlgorithm
public String getSecureRandomAlgorithm()
getSslKeyManagerFactoryAlgorithm
public String getSslKeyManagerFactoryAlgorithm()
getSslTrustManagerFactoryAlgorithm
public String getSslTrustManagerFactoryAlgorithm()
getTruststore
public String getTruststore()
getTruststoreType
public String getTruststoreType()
getWantClientAuth
public boolean getWantClientAuth()
isConfidential
public boolean isConfidential(Request request)
- By default, we're confidential, given we speak SSL. But, if we've been told about an
confidential port, and said port is not our port, then we're not. This allows separation of
listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener
configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not
requiring client certs providing mere INTEGRAL constraints.
- Specified by:
isConfidential
in interface Connector
- Overrides:
isConfidential
in class AbstractConnector
isIntegral
public boolean isIntegral(Request request)
- By default, we're integral, given we speak SSL. But, if we've been told about an integral
port, and said port is not our port, then we're not. This allows separation of listeners
providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to
require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring
client certs providing mere INTEGRAL constraints.
- Specified by:
isIntegral
in interface Connector
- Overrides:
isIntegral
in class AbstractConnector
newServerSocket
protected ServerSocket newServerSocket(String host,
int port,
int backlog)
throws IOException
- Overrides:
newServerSocket
in class SocketConnector
- Parameters:
addr
- The address
that this server should listen onbacklog
- See ServerSocket.bind(java.net.SocketAddress, int)
- Returns:
- A new
socket object
bound to the supplied address with all other
settings as per the current configuration of this connector.
- Throws:
IOException
- See Also:
setWantClientAuth(boolean)
,
setNeedClientAuth(boolean)
,
#setCipherSuites
setExcludeCipherSuites
public void setExcludeCipherSuites(String[] cipherSuites)
setKeyPassword
public void setKeyPassword(String password)
setKeystore
public void setKeystore(String keystore)
setKeystoreType
public void setKeystoreType(String keystoreType)
setNeedClientAuth
public void setNeedClientAuth(boolean needClientAuth)
- Set the value of the needClientAuth property
- Parameters:
needClientAuth
- true iff we require client certificate authentication.
setPassword
public void setPassword(String password)
setTrustPassword
public void setTrustPassword(String password)
setProtocol
public void setProtocol(String protocol)
setProvider
public void setProvider(String _provider)
setSecureRandomAlgorithm
public void setSecureRandomAlgorithm(String algorithm)
setSslKeyManagerFactoryAlgorithm
public void setSslKeyManagerFactoryAlgorithm(String algorithm)
setSslTrustManagerFactoryAlgorithm
public void setSslTrustManagerFactoryAlgorithm(String algorithm)
setTruststore
public void setTruststore(String truststore)
setTruststoreType
public void setTruststoreType(String truststoreType)
setWantClientAuth
public void setWantClientAuth(boolean wantClientAuth)
- Set the value of the _wantClientAuth property. This property is used when
opening server sockets
.
- Parameters:
wantClientAuth
- true iff we want client certificate authentication.- See Also:
SSLServerSocket.setWantClientAuth(boolean)