org.mortbay.jetty.security
Class SslSelectChannelConnector

java.lang.Object
  extended by org.mortbay.component.AbstractLifeCycle
      extended by org.mortbay.jetty.AbstractBuffers
          extended by org.mortbay.jetty.AbstractConnector
              extended by org.mortbay.jetty.nio.AbstractNIOConnector
                  extended by org.mortbay.jetty.nio.SelectChannelConnector
                      extended by org.mortbay.jetty.security.SslSelectChannelConnector
All Implemented Interfaces:
LifeCycle, Buffers, Connector, NIOConnector

public class SslSelectChannelConnector
extends SelectChannelConnector

SslSelectChannelConnector.

Author:
Nik Gonzalez , Greg Wilkins

Nested Class Summary
 
Nested classes/interfaces inherited from class org.mortbay.jetty.nio.SelectChannelConnector
SelectChannelConnector.ConnectorEndPoint, SelectChannelConnector.RetryContinuation
 
Nested classes/interfaces inherited from interface org.mortbay.component.LifeCycle
LifeCycle.Listener
 
Field Summary
static java.lang.String DEFAULT_KEYSTORE
          Default value for the keystore location path.
static java.lang.String KEYPASSWORD_PROPERTY
          String name of key password property.
static java.lang.String PASSWORD_PROPERTY
          String name of keystore password property.
 
Fields inherited from class org.mortbay.jetty.AbstractConnector
_lowResourceMaxIdleTime, _maxIdleTime, _soLingerTime
 
Fields inherited from class org.mortbay.jetty.AbstractBuffers
_loss
 
Fields inherited from class org.mortbay.component.AbstractLifeCycle
_listeners
 
Constructor Summary
SslSelectChannelConnector()
           
 
Method Summary
protected  javax.net.ssl.SSLContext createSSLContext()
           
protected  javax.net.ssl.SSLEngine createSSLEngine()
           
 void customize(EndPoint endpoint, Request request)
          Allow the Listener a chance to customise the request.
protected  void doStart()
           
 java.lang.String getAlgorithm()
           
 Buffer getBuffer(int size)
           
 java.lang.String[] getCipherSuites()
          Deprecated. As of Java Servlet API 2.0, with no replacement.
 java.lang.String[] getExcludeCipherSuites()
           
 java.lang.String getKeystore()
           
 java.lang.String getKeystoreType()
           
 boolean getNeedClientAuth()
           
 java.lang.String getProtocol()
           
 java.lang.String getProvider()
           
 java.lang.String getSecureRandomAlgorithm()
           
 java.lang.String getSslKeyManagerFactoryAlgorithm()
           
 java.lang.String getSslTrustManagerFactoryAlgorithm()
           
 java.lang.String getTruststore()
           
 java.lang.String getTruststoreType()
           
 boolean getWantClientAuth()
           
 boolean isConfidential(Request request)
          By default, we're confidential, given we speak SSL.
 boolean isIntegral(Request request)
          By default, we're integral, given we speak SSL.
protected  Connection newConnection(java.nio.channels.SocketChannel channel, SelectChannelEndPoint endpoint)
           
protected  SelectChannelEndPoint newEndPoint(java.nio.channels.SocketChannel channel, SelectorManager.SelectSet selectSet, java.nio.channels.SelectionKey key)
           
 void returnBuffer(Buffer buffer)
           
 void setAlgorithm(java.lang.String algorithm)
           
 void setCipherSuites(java.lang.String[] cipherSuites)
          Deprecated. As of Java Servlet API 2.0, with no replacement.
 void setExcludeCipherSuites(java.lang.String[] cipherSuites)
           
 void setKeyPassword(java.lang.String password)
           
 void setKeystore(java.lang.String keystore)
           
 void setKeystoreType(java.lang.String keystoreType)
           
 void setNeedClientAuth(boolean needClientAuth)
          Set the value of the needClientAuth property
 void setPassword(java.lang.String password)
           
 void setProtocol(java.lang.String protocol)
           
 void setProvider(java.lang.String _provider)
           
 void setSecureRandomAlgorithm(java.lang.String algorithm)
           
 void setSslKeyManagerFactoryAlgorithm(java.lang.String algorithm)
           
 void setSslTrustManagerFactoryAlgorithm(java.lang.String algorithm)
           
 void setTrustPassword(java.lang.String password)
           
 void setTruststore(java.lang.String truststore)
           
 void setTruststoreType(java.lang.String truststoreType)
           
 void setWantClientAuth(boolean wantClientAuth)
           
 
Methods inherited from class org.mortbay.jetty.nio.SelectChannelConnector
accept, close, doStop, getConnection, getDelaySelectKeyUpdate, getLocalPort, getLowResourcesConnections, getLowResourcesMaxIdleTime, newContinuation, open, persist, setDelaySelectKeyUpdate, setLowResourceMaxIdleTime, setLowResourcesConnections, setLowResourcesMaxIdleTime, setMaxIdleTime
 
Methods inherited from class org.mortbay.jetty.nio.AbstractNIOConnector
getUseDirectBuffers, newBuffer, setUseDirectBuffers
 
Methods inherited from class org.mortbay.jetty.AbstractConnector
checkForwardedHeaders, configure, connectionClosed, connectionOpened, getAcceptorPriorityOffset, getAcceptors, getAcceptQueueSize, getConfidentialPort, getConfidentialScheme, getConnections, getConnectionsDurationAve, getConnectionsDurationMax, getConnectionsDurationMin, getConnectionsDurationTotal, getConnectionsOpen, getConnectionsOpenMax, getConnectionsOpenMin, getConnectionsRequestsAve, getConnectionsRequestsMax, getConnectionsRequestsMin, getForwardedForHeader, getForwardedHostHeader, getForwardedServerHeader, getHost, getHostHeader, getIntegralPort, getIntegralScheme, getLeftMostValue, getLowResourceMaxIdleTime, getMaxIdleTime, getName, getPort, getRequests, getResolveNames, getReuseAddress, getServer, getSoLingerTime, getStatsOn, getStatsOnMs, getThreadPool, isForwarded, join, setAcceptorPriorityOffset, setAcceptors, setAcceptQueueSize, setConfidentialPort, setConfidentialScheme, setForwarded, setForwardedForHeader, setForwardedHostHeader, setForwardedServerHeader, setHost, setHostHeader, setIntegralPort, setIntegralScheme, setName, setPort, setResolveNames, setReuseAddress, setServer, setSoLingerTime, setStatsOn, setThreadPool, statsReset, stopAccept, toString
 
Methods inherited from class org.mortbay.jetty.AbstractBuffers
getHeaderBufferSize, getRequestBufferSize, getResponseBufferSize, setHeaderBufferSize, setRequestBufferSize, setResponseBufferSize
 
Methods inherited from class org.mortbay.component.AbstractLifeCycle
addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 
Methods inherited from interface org.mortbay.jetty.Connector
getHeaderBufferSize, getRequestBufferSize, getResponseBufferSize, setHeaderBufferSize, setRequestBufferSize, setResponseBufferSize
 
Methods inherited from interface org.mortbay.component.LifeCycle
addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop
 

Field Detail

DEFAULT_KEYSTORE

public static final java.lang.String DEFAULT_KEYSTORE
Default value for the keystore location path.


KEYPASSWORD_PROPERTY

public static final java.lang.String KEYPASSWORD_PROPERTY
String name of key password property.

See Also:
Constant Field Values

PASSWORD_PROPERTY

public static final java.lang.String PASSWORD_PROPERTY
String name of keystore password property.

See Also:
Constant Field Values
Constructor Detail

SslSelectChannelConnector

public SslSelectChannelConnector()
Method Detail

getBuffer

public Buffer getBuffer(int size)
Specified by:
getBuffer in interface Buffers
Overrides:
getBuffer in class AbstractBuffers

returnBuffer

public void returnBuffer(Buffer buffer)
Specified by:
returnBuffer in interface Buffers
Overrides:
returnBuffer in class AbstractBuffers

customize

public void customize(EndPoint endpoint,
                      Request request)
               throws java.io.IOException
Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:

Specified by:
customize in interface Connector
Overrides:
customize in class SelectChannelConnector
Parameters:
endpoint - The Socket the request arrived on. This should be a SocketEndPoint wrapping a SSLSocket.
request - HttpRequest to be customised.
Throws:
java.io.IOException

getCipherSuites

public java.lang.String[] getCipherSuites()
Deprecated. As of Java Servlet API 2.0, with no replacement.


getExcludeCipherSuites

public java.lang.String[] getExcludeCipherSuites()

setCipherSuites

public void setCipherSuites(java.lang.String[] cipherSuites)
Deprecated. As of Java Servlet API 2.0, with no replacement.


setExcludeCipherSuites

public void setExcludeCipherSuites(java.lang.String[] cipherSuites)

setPassword

public void setPassword(java.lang.String password)

setTrustPassword

public void setTrustPassword(java.lang.String password)

setKeyPassword

public void setKeyPassword(java.lang.String password)

getAlgorithm

public java.lang.String getAlgorithm()

setAlgorithm

public void setAlgorithm(java.lang.String algorithm)

getProtocol

public java.lang.String getProtocol()

setProtocol

public void setProtocol(java.lang.String protocol)

setKeystore

public void setKeystore(java.lang.String keystore)

getKeystore

public java.lang.String getKeystore()

getKeystoreType

public java.lang.String getKeystoreType()

getNeedClientAuth

public boolean getNeedClientAuth()

getWantClientAuth

public boolean getWantClientAuth()

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)
Set the value of the needClientAuth property

Parameters:
needClientAuth - true iff we require client certificate authentication.

setWantClientAuth

public void setWantClientAuth(boolean wantClientAuth)

setKeystoreType

public void setKeystoreType(java.lang.String keystoreType)

getProvider

public java.lang.String getProvider()

getSecureRandomAlgorithm

public java.lang.String getSecureRandomAlgorithm()

getSslKeyManagerFactoryAlgorithm

public java.lang.String getSslKeyManagerFactoryAlgorithm()

getSslTrustManagerFactoryAlgorithm

public java.lang.String getSslTrustManagerFactoryAlgorithm()

getTruststore

public java.lang.String getTruststore()

getTruststoreType

public java.lang.String getTruststoreType()

setProvider

public void setProvider(java.lang.String _provider)

setSecureRandomAlgorithm

public void setSecureRandomAlgorithm(java.lang.String algorithm)

setSslKeyManagerFactoryAlgorithm

public void setSslKeyManagerFactoryAlgorithm(java.lang.String algorithm)

setSslTrustManagerFactoryAlgorithm

public void setSslTrustManagerFactoryAlgorithm(java.lang.String algorithm)

setTruststore

public void setTruststore(java.lang.String truststore)

setTruststoreType

public void setTruststoreType(java.lang.String truststoreType)

isConfidential

public boolean isConfidential(Request request)
By default, we're confidential, given we speak SSL. But, if we've been told about an confidential port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

Specified by:
isConfidential in interface Connector
Overrides:
isConfidential in class AbstractConnector
Parameters:
request - A request
Returns:
true if the request is confidential. This normally means the https schema has been used.

isIntegral

public boolean isIntegral(Request request)
By default, we're integral, given we speak SSL. But, if we've been told about an integral port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

Specified by:
isIntegral in interface Connector
Overrides:
isIntegral in class AbstractConnector
Parameters:
request - A request
Returns:
true if the request is integral. This normally means the https schema has been used.

newEndPoint

protected SelectChannelEndPoint newEndPoint(java.nio.channels.SocketChannel channel,
                                            SelectorManager.SelectSet selectSet,
                                            java.nio.channels.SelectionKey key)
                                     throws java.io.IOException
Overrides:
newEndPoint in class SelectChannelConnector
Throws:
java.io.IOException

newConnection

protected Connection newConnection(java.nio.channels.SocketChannel channel,
                                   SelectChannelEndPoint endpoint)
Overrides:
newConnection in class SelectChannelConnector

createSSLEngine

protected javax.net.ssl.SSLEngine createSSLEngine()
                                           throws java.io.IOException
Throws:
java.io.IOException

doStart

protected void doStart()
                throws java.lang.Exception
Overrides:
doStart in class SelectChannelConnector
Throws:
java.lang.Exception

createSSLContext

protected javax.net.ssl.SSLContext createSSLContext()
                                             throws java.lang.Exception
Throws:
java.lang.Exception


Copyright © 1995-2009 Mort Bay Consulting. All Rights Reserved.