org.mortbay.jetty.security
Class SslSelectChannelConnector
java.lang.Object
org.mortbay.component.AbstractLifeCycle
org.mortbay.jetty.AbstractBuffers
org.mortbay.jetty.AbstractConnector
org.mortbay.jetty.nio.AbstractNIOConnector
org.mortbay.jetty.nio.SelectChannelConnector
org.mortbay.jetty.security.SslSelectChannelConnector
- All Implemented Interfaces:
- LifeCycle, Buffers, Connector, NIOConnector
public class SslSelectChannelConnector
- extends SelectChannelConnector
SslSelectChannelConnector.
- Author:
- Nik Gonzalez , Greg Wilkins
Field Summary |
static java.lang.String |
DEFAULT_KEYSTORE
Default value for the keystore location path. |
static java.lang.String |
KEYPASSWORD_PROPERTY
String name of key password property. |
static java.lang.String |
PASSWORD_PROPERTY
String name of keystore password property. |
Method Summary |
protected javax.net.ssl.SSLContext |
createSSLContext()
|
protected javax.net.ssl.SSLEngine |
createSSLEngine()
|
void |
customize(EndPoint endpoint,
Request request)
Allow the Listener a chance to customise the request. |
protected void |
doStart()
|
java.lang.String |
getAlgorithm()
|
Buffer |
getBuffer(int size)
|
java.lang.String[] |
getCipherSuites()
Deprecated. As of Java Servlet API 2.0, with no replacement. |
java.lang.String[] |
getExcludeCipherSuites()
|
java.lang.String |
getKeystore()
|
java.lang.String |
getKeystoreType()
|
boolean |
getNeedClientAuth()
|
java.lang.String |
getProtocol()
|
java.lang.String |
getProvider()
|
java.lang.String |
getSecureRandomAlgorithm()
|
java.lang.String |
getSslKeyManagerFactoryAlgorithm()
|
java.lang.String |
getSslTrustManagerFactoryAlgorithm()
|
java.lang.String |
getTruststore()
|
java.lang.String |
getTruststoreType()
|
boolean |
getWantClientAuth()
|
boolean |
isConfidential(Request request)
By default, we're confidential, given we speak SSL. |
boolean |
isIntegral(Request request)
By default, we're integral, given we speak SSL. |
protected Connection |
newConnection(java.nio.channels.SocketChannel channel,
SelectChannelEndPoint endpoint)
|
protected SelectChannelEndPoint |
newEndPoint(java.nio.channels.SocketChannel channel,
SelectorManager.SelectSet selectSet,
java.nio.channels.SelectionKey key)
|
void |
returnBuffer(Buffer buffer)
|
void |
setAlgorithm(java.lang.String algorithm)
|
void |
setCipherSuites(java.lang.String[] cipherSuites)
Deprecated. As of Java Servlet API 2.0, with no replacement. |
void |
setExcludeCipherSuites(java.lang.String[] cipherSuites)
|
void |
setKeyPassword(java.lang.String password)
|
void |
setKeystore(java.lang.String keystore)
|
void |
setKeystoreType(java.lang.String keystoreType)
|
void |
setNeedClientAuth(boolean needClientAuth)
Set the value of the needClientAuth property |
void |
setPassword(java.lang.String password)
|
void |
setProtocol(java.lang.String protocol)
|
void |
setProvider(java.lang.String _provider)
|
void |
setSecureRandomAlgorithm(java.lang.String algorithm)
|
void |
setSslKeyManagerFactoryAlgorithm(java.lang.String algorithm)
|
void |
setSslTrustManagerFactoryAlgorithm(java.lang.String algorithm)
|
void |
setTrustPassword(java.lang.String password)
|
void |
setTruststore(java.lang.String truststore)
|
void |
setTruststoreType(java.lang.String truststoreType)
|
void |
setWantClientAuth(boolean wantClientAuth)
|
Methods inherited from class org.mortbay.jetty.nio.SelectChannelConnector |
accept, close, doStop, getConnection, getDelaySelectKeyUpdate, getLocalPort, getLowResourcesConnections, getLowResourcesMaxIdleTime, newContinuation, open, persist, setDelaySelectKeyUpdate, setLowResourceMaxIdleTime, setLowResourcesConnections, setLowResourcesMaxIdleTime, setMaxIdleTime |
Methods inherited from class org.mortbay.jetty.AbstractConnector |
checkForwardedHeaders, configure, connectionClosed, connectionOpened, getAcceptorPriorityOffset, getAcceptors, getAcceptQueueSize, getConfidentialPort, getConfidentialScheme, getConnections, getConnectionsDurationAve, getConnectionsDurationMax, getConnectionsDurationMin, getConnectionsDurationTotal, getConnectionsOpen, getConnectionsOpenMax, getConnectionsOpenMin, getConnectionsRequestsAve, getConnectionsRequestsMax, getConnectionsRequestsMin, getForwardedForHeader, getForwardedHostHeader, getForwardedServerHeader, getHost, getHostHeader, getIntegralPort, getIntegralScheme, getLeftMostValue, getLowResourceMaxIdleTime, getMaxIdleTime, getName, getPort, getRequests, getResolveNames, getReuseAddress, getServer, getSoLingerTime, getStatsOn, getStatsOnMs, getThreadPool, isForwarded, join, setAcceptorPriorityOffset, setAcceptors, setAcceptQueueSize, setConfidentialPort, setConfidentialScheme, setForwarded, setForwardedForHeader, setForwardedHostHeader, setForwardedServerHeader, setHost, setHostHeader, setIntegralPort, setIntegralScheme, setName, setPort, setResolveNames, setReuseAddress, setServer, setSoLingerTime, setStatsOn, setThreadPool, statsReset, stopAccept, toString |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
DEFAULT_KEYSTORE
public static final java.lang.String DEFAULT_KEYSTORE
- Default value for the keystore location path.
KEYPASSWORD_PROPERTY
public static final java.lang.String KEYPASSWORD_PROPERTY
- String name of key password property.
- See Also:
- Constant Field Values
PASSWORD_PROPERTY
public static final java.lang.String PASSWORD_PROPERTY
- String name of keystore password property.
- See Also:
- Constant Field Values
SslSelectChannelConnector
public SslSelectChannelConnector()
getBuffer
public Buffer getBuffer(int size)
- Specified by:
getBuffer
in interface Buffers
- Overrides:
getBuffer
in class AbstractBuffers
returnBuffer
public void returnBuffer(Buffer buffer)
- Specified by:
returnBuffer
in interface Buffers
- Overrides:
returnBuffer
in class AbstractBuffers
customize
public void customize(EndPoint endpoint,
Request request)
throws java.io.IOException
- Allow the Listener a chance to customise the request. before the server
does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:
- an attribute named "javax.servlet.request.cipher_suite" of type
String.
- an attribute named "javax.servlet.request.key_size" of type Integer.
- an attribute named "javax.servlet.request.X509Certificate" of type
java.security.cert.X509Certificate[]. This is an array of objects of type
X509Certificate, the order of this array is defined as being in ascending
order of trust. The first certificate in the chain is the one set by the
client, the next is the one used to authenticate the first, and so on.
- Specified by:
customize
in interface Connector
- Overrides:
customize
in class SelectChannelConnector
- Parameters:
endpoint
- The Socket the request arrived on. This should be a
SocketEndPoint
wrapping a SSLSocket
.request
- HttpRequest to be customised.
- Throws:
java.io.IOException
getCipherSuites
public java.lang.String[] getCipherSuites()
- Deprecated. As of Java Servlet API 2.0, with no replacement.
getExcludeCipherSuites
public java.lang.String[] getExcludeCipherSuites()
setCipherSuites
public void setCipherSuites(java.lang.String[] cipherSuites)
- Deprecated. As of Java Servlet API 2.0, with no replacement.
setExcludeCipherSuites
public void setExcludeCipherSuites(java.lang.String[] cipherSuites)
setPassword
public void setPassword(java.lang.String password)
setTrustPassword
public void setTrustPassword(java.lang.String password)
setKeyPassword
public void setKeyPassword(java.lang.String password)
getAlgorithm
public java.lang.String getAlgorithm()
setAlgorithm
public void setAlgorithm(java.lang.String algorithm)
getProtocol
public java.lang.String getProtocol()
setProtocol
public void setProtocol(java.lang.String protocol)
setKeystore
public void setKeystore(java.lang.String keystore)
getKeystore
public java.lang.String getKeystore()
getKeystoreType
public java.lang.String getKeystoreType()
getNeedClientAuth
public boolean getNeedClientAuth()
getWantClientAuth
public boolean getWantClientAuth()
setNeedClientAuth
public void setNeedClientAuth(boolean needClientAuth)
- Set the value of the needClientAuth property
- Parameters:
needClientAuth
- true iff we require client certificate authentication.
setWantClientAuth
public void setWantClientAuth(boolean wantClientAuth)
setKeystoreType
public void setKeystoreType(java.lang.String keystoreType)
getProvider
public java.lang.String getProvider()
getSecureRandomAlgorithm
public java.lang.String getSecureRandomAlgorithm()
getSslKeyManagerFactoryAlgorithm
public java.lang.String getSslKeyManagerFactoryAlgorithm()
getSslTrustManagerFactoryAlgorithm
public java.lang.String getSslTrustManagerFactoryAlgorithm()
getTruststore
public java.lang.String getTruststore()
getTruststoreType
public java.lang.String getTruststoreType()
setProvider
public void setProvider(java.lang.String _provider)
setSecureRandomAlgorithm
public void setSecureRandomAlgorithm(java.lang.String algorithm)
setSslKeyManagerFactoryAlgorithm
public void setSslKeyManagerFactoryAlgorithm(java.lang.String algorithm)
setSslTrustManagerFactoryAlgorithm
public void setSslTrustManagerFactoryAlgorithm(java.lang.String algorithm)
setTruststore
public void setTruststore(java.lang.String truststore)
setTruststoreType
public void setTruststoreType(java.lang.String truststoreType)
isConfidential
public boolean isConfidential(Request request)
- By default, we're confidential, given we speak SSL. But, if we've been
told about an confidential port, and said port is not our port, then
we're not. This allows separation of listeners providing INTEGRAL versus
CONFIDENTIAL constraints, such as one SSL listener configured to require
client certs providing CONFIDENTIAL, whereas another SSL listener not
requiring client certs providing mere INTEGRAL constraints.
- Specified by:
isConfidential
in interface Connector
- Overrides:
isConfidential
in class AbstractConnector
- Parameters:
request
- A request
- Returns:
- true if the request is confidential. This normally means the https schema has been used.
isIntegral
public boolean isIntegral(Request request)
- By default, we're integral, given we speak SSL. But, if we've been told
about an integral port, and said port is not our port, then we're not.
This allows separation of listeners providing INTEGRAL versus
CONFIDENTIAL constraints, such as one SSL listener configured to require
client certs providing CONFIDENTIAL, whereas another SSL listener not
requiring client certs providing mere INTEGRAL constraints.
- Specified by:
isIntegral
in interface Connector
- Overrides:
isIntegral
in class AbstractConnector
- Parameters:
request
- A request
- Returns:
- true if the request is integral. This normally means the https schema has been used.
newEndPoint
protected SelectChannelEndPoint newEndPoint(java.nio.channels.SocketChannel channel,
SelectorManager.SelectSet selectSet,
java.nio.channels.SelectionKey key)
throws java.io.IOException
- Overrides:
newEndPoint
in class SelectChannelConnector
- Throws:
java.io.IOException
newConnection
protected Connection newConnection(java.nio.channels.SocketChannel channel,
SelectChannelEndPoint endpoint)
- Overrides:
newConnection
in class SelectChannelConnector
createSSLEngine
protected javax.net.ssl.SSLEngine createSSLEngine()
throws java.io.IOException
- Throws:
java.io.IOException
doStart
protected void doStart()
throws java.lang.Exception
- Overrides:
doStart
in class SelectChannelConnector
- Throws:
java.lang.Exception
createSSLContext
protected javax.net.ssl.SSLContext createSSLContext()
throws java.lang.Exception
- Throws:
java.lang.Exception
Copyright © 1995-2009 Mort Bay Consulting. All Rights Reserved.