I am trying to run jetty in ssl mode with client authentication.
I pass keystore.But instead of passing truststore, i import my certificate into java/jre/lib/security/cacerts. please find the jetty.xml configuration
<Call class="java.lang.System" name="setProperty">
<Arg>javax.net.ssl.keyStore</Arg>
<Arg><SystemProperty name="jetty.home" default="." />/../workspace/conf/xyz.ks</Arg>
</Call>
<Call class="java.lang.System" name="setProperty">
<Arg>javax.net.ssl.keyStorePassword</Arg>
<Arg>abc</Arg>
</Call>
<Call class="java.lang.System" name="setProperty">
<Arg>javax.net.ssl.keyStoreType</Arg>
<Arg>JKS</Arg>
</Call>
Socketconnector
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.security.SslSocketConnector">
<Set name="Port"><SystemProperty name="port"/></Set>
<Set name="maxIdleTime">600000</Set>
<Set name="keystore"><SystemProperty name="javax.net.ssl.keyStore"/></Set>
<Set name="keyPassword"><SystemProperty name="javax.net.ssl.keyStorePassword"/></Set>
<!--Set name="truststore"><SystemProperty name="javax.net.ssl.trustStore"/></Set>
<Set name="trustPassword"><SystemProperty name="javax.net.ssl.trustStorePassword"/></Set-->
<Set name="needClientAuth">true</Set>
</New>
</Arg>
</Call>
Now when i hit the url https://localhost:1234/xyz?wsdl i get bad_certificate exception which is caused due to null cert chain.
i) can java cacerts be used to configure jetty?
ii) is it because of the webservice call because in the logs it is shown as the server is started.
I am using jetty 6 and cxf 2.6 webservice.
thanks,
Keerthi.
You should try hitting your URL from a browser, after adding your client certificate to your browser certificate store. By the way you will know if your error is due to server or client side misconfiguration.
Related
I'm trying to get Jetty 9.4.30 running as an OSGi Service (following this: https://examples.javacodegeeks.com/enterprise-java/jetty/jetty-osgi-example/ with updated versions) that can host WebApp Bundles. I can deploy and servlets work fine, but JSPs aren't working and I keep hitting an exception for TLD loading caused by:
Caused by:
java.lang.NullPointerException
at org.apache.jasper.JspCompilationContext.getTldResourcePath(JspCompilationContext.java:563)
at org.apache.jasper.compiler.Parser.parseTaglibDirective(Parser.java:430)
at org.apache.jasper.compiler.Parser.parseDirective(Parser.java:489)
The problem is almost exactly that described at http://bengreen.eu/fancyhtml/quickreference/jettyjsp9error.html, except that in this case the author is using Jetty as Embedded and is able to set org.eclipse.jetty.containerInitializers using code where the server is started.
In OSGi, I don't have a place where I'm starting it - it's all happening in the bundles. After a lot of tweaking (and untweaking) config files the closest I feel I've got is when I copied the configuration performed in code into the jetty-web.xml file (which would be deployed in each WAB and isn't ideal in itself) as follows:
<Configure id="webappctxt" class="org.eclipse.jetty.webapp.WebAppContext">
<New id="initList" class="java.util.ArrayList"></New>
<Call name="setAttribute">
<Arg>org.eclipse.jetty.containerInitializers</Arg>
<Arg>
<Call class="java.util.Arrays" name="asList">
<Array type="org.eclipse.jetty.plus.annotation.ContainerInitializer">
<Item>
<New
class="org.eclipse.jetty.plus.annotation.ContainerInitializer">
<Arg>
<New class="org.eclipse.jetty.apache.jsp.JettyJasperInitializer"></New>
</Arg>
<Arg></Arg>
</New>
</Item>
</Array>
</Call>
</Arg>
</Call>
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.annotations.ServletContainerInitializersStarter">
<Arg>
<Ref refid="webappctxt" />
</Arg>
</New>
</Arg>
</Call>
<Get name="ServletContext">
<Call name="setAttribute">
<Arg>org.apache.tomcat.InstanceManager</Arg>
<Arg>
<New class="org.apache.tomcat.SimpleInstanceManager"></New>
</Arg>
</Call>
</Get>
</Configure>
When running, I can see the org.eclipse.jetty.annotations.ServletContainerInitializersStarter, and it has the TLDs from the platform (so all my dependencies seem to be there!) but the XML version of the code fails because there are two constructors for org.eclipse.jetty.plus.annotation.ContainerInitializer:
ContainerInitializer​(java.lang.ClassLoader loader, java.lang.String toString)
ContainerInitializer​(javax.servlet.ServletContainerInitializer target, java.lang.Class<?>[] classes)
...and the Jetty XML code picks the first one and throws a "java.lang.IllegalArgumentException: argument type mismatch".
Plugins currently "required" by my WAB are:
Require-Bundle: org.eclipse.jetty.jndi;bundle-version="9.4.30",
org.mortbay.jasper.apache-jsp;bundle-version="8.5.54",
org.eclipse.jetty.server;bundle-version="9.4.30",
org.eclipse.jetty.deploy;bundle-version="9.4.30",
org.eclipse.jetty.http;bundle-version="9.4.30",
org.eclipse.jetty.io;bundle-version="9.4.30",
org.eclipse.jetty.osgi.boot;bundle-version="9.4.30",
org.eclipse.jetty.security;bundle-version="9.4.30",
org.eclipse.jetty.servlet;bundle-version="9.4.30",
org.eclipse.jetty.util;bundle-version="9.4.30",
org.eclipse.jetty.webapp;bundle-version="9.4.30",
org.eclipse.jetty.xml;bundle-version="9.4.30",
org.eclipse.jetty.annotations;bundle-version="9.4.30",
org.eclipse.jetty.apache-jsp;bundle-version="9.4.30"
...and only the WAB bundle is set to auto-start.
For completeness, the VM arguments to configure plugins are:
-Djetty.home.bundle=jetty-config-bundle -Djava.naming.factory.url.pkgs=org.eclipse.jetty.jndi -Djava.naming.factory.initial=org.eclipse.jetty.jndi.InitialContextFactory
And jetty-config-bundle does contain the jetty.xml, etc. files and they are being processed.
Can anyone tell me if they've got this working, and how? Is it configurable to just work without needing a jetty-web.xml in each WAB, or am I missing a dependency bundle on my plugin?
I have configured SSL for Solr using following tutorial (https://lucene.apache.org/solr/guide/6_6/enabling-ssl.html) and it is accepting HTTPS connections. I want to open a separate port for HTTP now so that Solr can receive HTTP and HTTPS requests at the same time.
AFAIS Solr does not support both HTTP and HTTPS at the same time. You can only use one of them at a time.
Reference:
Check comment by Shalin in below post
here
Check last comment by Shawn in below post
here
In Jetty.XML,
Uncomment the connector for HTTPS
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="org.eclipse.jetty.http.ssl.SslContextFactory">
<Set name="keyStore"><SystemProperty name="jetty.home" default="."/>/etc/solrtest.keystore</Set>
<Set name="keyStorePassword">secret</Set>
<Set name="needClientAuth"><SystemProperty name="jetty.ssl.clientAuth" default="false"/></Set>
</New>
</Arg>
<Set name="port"><SystemProperty name="jetty.ssl.port" default="8983"/></Set>
<Set name="maxIdleTime">30000</Set>
</New>
</Arg>
</Call>
I need to use https for jetty maven plugin.
I googled following answer
https://stackoverflow.com/a/3795116/2674303
But looks like this answer is not suitable for jetty-maven-plugin of 9 version.
idea complains about syntax
How to fix my problem?
Ok, since jetty-9.0 it is no longer possible to configure a https connector directly in the pom.xml: you need to use jetty xml config files to do it.
I am new to exchange ,so excuse my code copy/paste.
jetty.xml
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="secureScheme">https</Set>
<Set name="securePort"><Property name="jetty.secure.port" default="8443" /></Set>
<Set name="outputBufferSize">32768</Set>
<Set name="requestHeaderSize">8192</Set>
<Set name="responseHeaderSize">8192</Set>
<Set name="sendServerVersion">true</Set>
<Set name="sendDateHeader">false</Set>
<Set name="headerCacheSize">512</Set>
<!-- Uncomment to enable handling of X-Forwarded- style headers
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/>
</Arg>
</Call>
-->
</New>
Look here, for whole bunch of xml's and if it is helpful please check my answer as correct
I'm making a small servlet app in Java, with Maven, in Netbeans. I'm using SQLite database, and newest Jetty server. I have problem with creating connection pool for use in servlets. What works(in servlet):
Class.forName("org.sqlite.JDBC");
String url = "jdbc:sqlite:c:\\db\\base";
Connection con = DriverManager.getConnection(url);
And this works without specific settings in jetty.xml/web.xml/pom.xml
I have libraries to use SQLite and connection pools (org.xerial.sqlite-jdbc, commons-pool, commons-dbcp).
What doesn't work:
web.xml:
<resource-ref>
<description>DB Connection Pool</description>
<res-ref-name>jdbc/DSTestPool</res-ref-name>
<res-type>javax.sql.ConnectionPoolDataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
jetty.xml
<New id="DSTestPool" class="org.eclipse.jetty.plus.jndi.Resource">
<Arg>jdbc/DSTestPool</Arg>
<Arg>
<New class="org.sqlite.SQLiteConnectionPoolDataSource">
<Set name="driverClassName">org.sqlite.JDBC</Set>
<Set name="url">jdbc:sqlite:c:\\db\\base</Set>
</New>
</Arg>
</New>
pom.xml - dependencies.
This configuration, even without changes in code (change to using pool) creates error in jetty console:
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
....
Caused by:
java.lang.IllegalStateException: Nothing to bind for name jdbc/DSTestPool at org.eclipse.jetty.plus.webapp.PlusDescriptorProcessor.bindEntry(PlusDescriptorProcessor.java:895)
...
Opening app in Jetty: Error 503
I think there is something wrong with my declaration of jdbc/DSTestPool in jetty.xml, I've tried different parameters, but result was the same.
There is one parameter missing in your jetty.xml, you can declare any of the following types:
org.eclipse.jetty.plus.jndi.EnvEntry: for env-entry type of entries
org.eclipse.jetty.plus.jndi.Resource: for all other type of resources
org.eclipse.jetty.plus.jndi.Transaction: for a JTA manager
org.eclipse.jetty.plus.jndi.Link: for link between a web.xml resource name and a naming entry
And each of these types follow the same pattern:
<New class="org.eclipse.jetty.plus.jndi.xxxx">
<Arg><!-- scope --></Arg>
<Arg><!-- name --></Arg>
<Arg><!-- value --></Arg>
</New>
Your jetty.xml file have the name and value but the scope is missing.
Try with the following for JVM instance scope (the name is unique across the JVM instance)
<New id="DSTestPool" class="org.eclipse.jetty.plus.jndi.Resource">
<Arg></Arg><!-- empty arg -->
<Arg>jdbc/DSTestPool</Arg>
<Arg>
<New class="org.sqlite.SQLiteConnectionPoolDataSource">
<Set name="driverClassName">org.sqlite.JDBC</Set>
<Set name="url">jdbc:sqlite:c:\\db\\base</Set>
</New>
</Arg>
</New>
Or something like the following for a web app context scope (the name is unique to the WebAppContext instance)
<Configure id='wac' class="org.eclipse.jetty.webapp.WebAppContext">
<New id="DSTestPool" class="org.eclipse.jetty.plus.jndi.Resource">
<Arg><Ref refid='wac'/></Arg><!-- reference to WebAppContext -->
<Arg>jdbc/DSTestPool</Arg>
<Arg>
<New class="org.sqlite.SQLiteConnectionPoolDataSource">
<Set name="driverClassName">org.sqlite.JDBC</Set>
<Set name="url">jdbc:sqlite:c:\\db\\base</Set>
</New>
</Arg>
</New>
</Configure>
See the documentation here for details.
An approach could be to use HikariCp (or any other pooler..).
In jetty-env.xml:
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<New id="DSTest" class="org.eclipse.jetty.plus.jndi.Resource">
<Arg></Arg>
<Arg>jdbc/ds</Arg>
<Arg>
<New class="com.zaxxer.hikari.HikariDataSource">
<Arg>
<New class="com.zaxxer.hikari.HikariConfig">
<Set name="dataSourceClassName">org.sqlite.SQLiteDataSource</Set>
<Call name="addDataSourceProperty">
<Arg>url</Arg>
<Arg>jdbc:sqlite:path/to/test.db</Arg>
</Call>
</New>
</Arg>
</New>
</Arg>
In web.xml:
<resource-ref id="ds">
<res-ref-name>jdbc/ds</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
then you get datasource:
(DataSource)new InitialContext().lookup("java:/comp/env/jdbc/ds");
...
I am trying to install and run Jetty 7 for the Shibboleth Identity Provider on my server, but i get this error:
[iam#web333 jetty]$ java -jar start.jar jetty.port=27335
2013-06-29 12:01:47.490:WARN:oejx.XmlConfiguration:Config error at <Call name="addConnector">| <Arg>| <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">| <Arg>| <New class="net.shibboleth.utilities.jetty7.DelegateToApplicationSslContextFactory">| <Set name="keyStore">/home/iam/opt/shibboleth-idp/credentials/idp.jks</Set>| <Set name="keyStorePassword">*****</Set>| </New>| </Arg>| <Set name="port">27335</Set>| <Set name="maxIdleTime">30000</Set>| </New>| </Arg>| </Call> java.lang.ClassNotFoundException: net.shibboleth.utilities.jetty7.DelegateToApplicationSslContextFactory
Exception in thread "main" java.lang.ClassNotFoundException: net.shibboleth.utilities.jetty7.DelegateToApplicationSslContextFactory
at java.net.URLClassLoader$1.run(URLClassLoader.java:217)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:205)
at java.lang.ClassLoader.loadClass(ClassLoader.java:321)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294)
at java.lang.ClassLoader.loadClass(ClassLoader.java:266)
at org.eclipse.jetty.util.Loader.loadClass(Loader.java:100)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.nodeClass(XmlConfiguration.java:354)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:754)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1126)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1029)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:777)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1126)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:1029)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.call(XmlConfiguration.java:722)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:388)
at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:343)
at org.eclipse.jetty.xml.XmlConfiguration.configure(XmlConfiguration.java:296)
at org.eclipse.jetty.xml.XmlConfiguration$1.run(XmlConfiguration.java:1247)
at java.security.AccessController.doPrivileged(Native Method)
at org.eclipse.jetty.xml.XmlConfiguration.main(XmlConfiguration.java:1182)
I followed this guide: https://wiki.shibboleth.net/confluence/display/SHIB2/IdPJetty7Prepare and i modify the ports 8080 and 8443 to my port 27335 in the jetty.xml and jetty-ssl.xml config files.
And also in shib-delegatessl.xml i have modified the port 8443 to 27335.
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<Arg>
<New class="net.shibboleth.utilities.jetty7.DelegateToApplicationSslContextFactory">
<Set name="keyStore">/home/iam/opt/shibboleth-idp/credentials/idp.jks</Set>
<Set name="keyStorePassword">********</Set>
</New>
</Arg>
<Set name="port">27335</Set>
<Set name="maxIdleTime">30000</Set>
</New>
</Arg>
</Call>
</Configure>
How do I fix this error? and how can i test Jetty if it works?
Thank you very much.
Best regards!
The jar containing the net.shibboleth.utilities.jetty7.DelegateToApplicationSslContextFactory class needs to be in the server classpath.
Do this:
Put the shibboleth jars into the ${jetty.home}/lib/ext directory.
Test that they are present on the server classpath by executing the following command.
$ java -jar start.jar --list-config
Start Jetty like you did before.
probably this might help:
https://wiki.shibboleth.net/confluence/display/SHIB2/IdPJetty7Prepare
What libs to copy and where is specified there.