1.ssl配置
jetty-maven-plugin上的配置
原文链接: http://juplo.de/configure-https-for-jetty-maven-plugin-9-0-x/
jetty.xml
<?xml version="1.0"?> <!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd"> <!-- ============================================================= --> <!-- Configure the Http Configuration --> <!-- ============================================================= --> <Configure id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration"> <Set name="secureScheme">https</Set> <Set name="securePort"><Property name="jetty.secure.port" default="8443" /></Set> <Set name="outputBufferSize">32768</Set> <Set name="requestHeaderSize">8192</Set> <Set name="responseHeaderSize">8192</Set> <Set name="sendServerVersion">true</Set> <Set name="sendDateHeader">false</Set> <Set name="headerCacheSize">512</Set> <!-- Uncomment to enable handling of X-Forwarded- style headers <Call name="addCustomizer"> <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg> </Call> --> </Configure>
jetty-ssl.xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<!-- ============================================================= -->
<!-- Configure a TLS (SSL) Context Factory -->
<!-- This configuration must be used in conjunction with jetty.xml -->
<!-- and either jetty-https.xml or jetty-spdy.xml (but not both) -->
<!-- ============================================================= -->
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.keystore" default="jetty_9_setting/jetty.keystore"/></Set>
<Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="secret"/></Set>
<Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="secret"/></Set>
<Set name="TrustStorePath"><Property name="jetty.base" default="." />/<Property name="jetty.truststore" default="jetty_9_setting/jetty.keystore"/></Set>
<Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="secret"/></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
<!-- =========================================================== -->
<!-- Create a TLS specific HttpConfiguration based on the -->
<!-- common HttpConfiguration defined in jetty.xml -->
<!-- Add a SecureRequestCustomizer to extract certificate and -->
<!-- session information -->
<!-- =========================================================== -->
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
</Call>
</New>
</Configure>
jetty-http.xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<!-- ============================================================= -->
<!-- Configure the Jetty Server instance with an ID "Server" -->
<!-- by adding a HTTP connector. -->
<!-- This configuration must be used in conjunction with jetty.xml -->
<!-- ============================================================= -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- =========================================================== -->
<!-- Add a HTTP Connector. -->
<!-- Configure an o.e.j.server.ServerConnector with a single -->
<!-- HttpConnectionFactory instance using the common httpConfig -->
<!-- instance defined in jetty.xml -->
<!-- -->
<!-- Consult the javadoc of o.e.j.server.ServerConnector and -->
<!-- o.e.j.server.HttpConnectionFactory for all configuration -->
<!-- that may be set here. -->
<!-- =========================================================== -->
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="httpConfig" /></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host"><Property name="jetty.host" /></Set>
<Set name="port"><Property name="jetty.port" default="8080" /></Set>
<Set name="idleTimeout"><Property name="http.timeout" default="30000"/></Set>
</New>
</Arg>
</Call>
</Configure>
jetty-https.xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<!-- ============================================================= -->
<!-- Configure a HTTPS connector. -->
<!-- This configuration must be used in conjunction with jetty.xml -->
<!-- and jetty-ssl.xml. -->
<!-- ============================================================= -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<!-- =========================================================== -->
<!-- Add a HTTPS Connector. -->
<!-- Configure an o.e.j.server.ServerConnector with connection -->
<!-- factories for TLS (aka SSL) and HTTP to provide HTTPS. -->
<!-- All accepted TLS connections are wired to a HTTP connection.-->
<!-- -->
<!-- Consult the javadoc of o.e.j.server.ServerConnector, -->
<!-- o.e.j.server.SslConnectionFactory and -->
<!-- o.e.j.server.HttpConnectionFactory for all configuration -->
<!-- that may be set here. -->
<!-- =========================================================== -->
<Call id="httpsConnector" name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="next">http/1.1</Arg>
<Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
</New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="sslHttpConfig"/></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host"><Property name="jetty.host" /></Set>
<Set name="port"><Property name="https.port" default="8443" /></Set>
<Set name="idleTimeout"><Property name="https.timeout" default="30000"/></Set>
</New>
</Arg>
</Call>
</Configure>
jetty.keystore
jetty.keystore(上传不了附件?)反正可以用openSsl之类的生成。
在jetty-ssl.xml中需要设置keystore的位置和密码,可以把你所要keystore密码和位置在jetty-ssl.xml设置。
<!-- jetty_9_setting -->
<plugin>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<version>9.0.5.v20130815</version>
<configuration>
<systemProperties>
<systemProperty>
<name>java.security.auth.login.config</name>
<value>props.conf</value>
</systemProperty>
</systemProperties>
<jettyXml>${project.basedir}/jetty_9_setting/jetty.xml,${project.basedir}/jetty_9_setting/jetty-http.xml,${project.basedir}/jetty_9_setting/jetty-ssl.xml,${project.basedir}/jetty_9_setting/jetty-https.xml
</jettyXml>
</configuration>
</plugin>
在pom.xml中,jetty的设置如下:
在<jettyXml>中为各个配置文件的路径加文件名。
jetty distribution(普通模式)上的配置
执行java -jar start.jar --add-to-startd=https,
--add-to-startd执行如下操作:
1)创建https.ini文件激活和配置https连接器模块。https模块增加etc/jetty-https.xml文件到命令行中。
2)创建start.d/ssl.ini文件激活和配置SSL keystore。ssl模块增加etc/jetty-ssl.xml文件到命令行。
2.JNDI配置
若想使用maven进行配置,则无需在pom.xml中进行配置。以配置Datasource为例,在{project}/WEB-INF/中添加配置文件jetty-env.xml:
<Configure id= "wac" class ="org.eclipse.jetty.webapp.WebAppContext">
<New id="myds" class="org.eclipse.jetty.plus.jndi.Resource" >
<Arg><Ref refid='wac' /></Arg>
<Arg>jdbc/myds </Arg>
<Arg>
<New class="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource" >
<Set name ="Url"> jdbc:mysql://localhost:3306/cp </Set>
<Set name ="User"> root</Set>
<Set name ="Password"> 1234</Set>
</New>
</Arg>
</New>
</Configure>
在{project}/WEB-INF/web.xml中添加:
<resource-ref>
<description>My DataSource Reference</description>
<res-ref-name>jdbc/myds</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
其中jdbc/myds为Datasource的名字,在程序中可以通过以下方法获得:
context = new InitialContext();
DataSource source = (DataSource)context.lookup("java:comp/env/jdbc/myds");
PS:在{project}/WEB-INF/jetty-env.xml中配置Datasource, 范围只在Application(项目范围内)。如果在jetty distribution(普通情况下)使用,可以在etc/jetty.xml中配置添加上,需要注意的是要把连接数据库的包(jdbc什么的)放在{jetty.home}/lib/ext中:
<New id= "myds" class ="org.eclipse.jetty.plus.jndi.Resource" >
<Arg><Ref refid ='Server' /></Arg> <!-- 范围为整个 Server -->
<!-- <Arg></Arg> 范围为整个 JVM -->
<Arg>jdbc/myds </Arg>
<Arg>
<New class ="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource" >
<Set name = "Url"> jdbc:mysql://localhost:3306/cp </Set>
<Set name = "User"> root </Set>
<Set name = "Password"> 1234 </Set>
</New>
</Arg>
</New>
还有其他方式,见官方文档。
3.Jaas配置
jetty-maven-plugin上的配置
在pom.xml中声明系统参数:
<!-- jetty_9_setting -->
<plugin>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<version>9.0.5.v20130815</version>
<configuration>
<systemProperties>
<systemProperty>
<name>java.security.auth.login.config</name>
<value>props.conf</value>
</systemProperty>
</systemProperties>
</configuration>
</plugin>
props.conf为jaas的配置文件:
props {
org.eclipse.jetty.jaas.spi.DataSourceLoginModule required
debug="true"
dbJNDIName="jdbc/myds"
userTable="users"
userField="user_name"
credentialField="password"
userRoleTable="users"
userRoleUserField="user_name"
userRoleRoleField="level";
};
该props.conf为用Datasource作为jaas登陆。
jetty distribution(普通模式)上的配置
在start.ini里加上“--module=jaas,然后把配置文件放在{jetty.home}/etc/下并改名为login.conf就可以了