Move to the latest Jetty version that still allows the Web Console to work.  This version has the latest websocket updates that jetty has to offer.

git-svn-id: https://svn.apache.org/repos/asf/activemq/trunk@1187817 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Timothy A. Bish 2011-10-22 22:22:51 +00:00
parent 06611d9c19
commit e7784672ac
10 changed files with 225 additions and 233 deletions

View File

@ -96,5 +96,4 @@ public class HttpTransportFactory extends TransportFactory {
return transport;
}
}

View File

@ -26,17 +26,11 @@ import org.apache.activemq.transport.xstream.XStreamWireFormat;
import org.apache.activemq.util.ServiceStopper;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.bio.SocketConnector;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.servlet.ServletHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.servlet.ServletMapping;
import org.eclipse.jetty.server.nio.SelectChannelConnector;
import org.eclipse.jetty.servlet.ServletContextHandler;
/**
*
*/
public class HttpTransportServer extends TransportServerSupport {
private URI bindAddress;
private TextWireFormat wireFormat;
private Server server;
@ -78,39 +72,17 @@ public class HttpTransportServer extends TransportServerSupport {
protected void doStart() throws Exception {
server = new Server();
if (connector == null) {
connector = new SocketConnector();
connector = new SelectChannelConnector();
}
connector.setHost(bindAddress.getHost());
connector.setPort(bindAddress.getPort());
connector.setServer(server);
server.setConnectors(new Connector[] {
connector
});
server.addConnector(connector);
ContextHandler contextHandler = new ContextHandler();
contextHandler.setContextPath("/");
contextHandler.setServer(server);
server.setHandler(contextHandler);
ServletContextHandler contextHandler =
new ServletContextHandler(server, "/", ServletContextHandler.NO_SECURITY);
SessionHandler sessionHandler = new SessionHandler();
contextHandler.setHandler(sessionHandler);
ServletHandler servletHandler = new ServletHandler();
sessionHandler.setHandler(servletHandler);
ServletHolder holder = new ServletHolder();
holder.setName("httpTunnel");
holder.setClassName(HttpTunnelServlet.class.getName());
servletHandler.setServlets(new ServletHolder[] {
holder
});
ServletMapping mapping = new ServletMapping();
mapping.setServletName("httpTunnel");
mapping.setPathSpec("/*");
servletHandler.setServletMappings(new ServletMapping[] {
mapping
});
contextHandler.addServlet(HttpTunnelServlet.class, "/");
contextHandler.setAttribute("acceptListener", getAcceptListener());
contextHandler.setAttribute("wireFormat", getWireFormat());
@ -130,5 +102,4 @@ public class HttpTransportServer extends TransportServerSupport {
public InetSocketAddress getSocketAddress() {
return null;
}
}

View File

@ -96,15 +96,11 @@ public class HttpTunnelServlet extends HttpServlet {
packet = (Command)transportChannel.getQueue().poll(requestTimeout, TimeUnit.MILLISECONDS);
DataOutputStream stream = new DataOutputStream(response.getOutputStream());
// while( packet !=null ) {
wireFormat.marshal(packet, stream);
count++;
// packet = (Command) transportChannel.getQueue().poll(0,
// TimeUnit.MILLISECONDS);
// }
} catch (InterruptedException ignore) {
}
if (count == 0) {
response.setStatus(HttpServletResponse.SC_REQUEST_TIMEOUT);
}
@ -137,7 +133,6 @@ public class HttpTunnelServlet extends HttpServlet {
}
private boolean canProcessWireFormatVersion(int version) {
// TODO:
return true;
}

View File

@ -33,8 +33,6 @@ import org.apache.activemq.wireformat.WireFormat;
/**
* Factory of HTTPS based transports
*
*
*/
public class HttpsTransportFactory extends HttpTransportFactory {

View File

@ -32,38 +32,38 @@ public class HttpsTransportServer extends HttpTransportServer {
private String protocol;
private String auth;
public HttpsTransportServer(URI uri, HttpsTransportFactory factory) {
public HttpsTransportServer(URI uri, HttpsTransportFactory factory) {
super(uri, factory);
}
public void doStart() throws Exception {
Krb5AndCertsSslSocketConnector sslConnector = new Krb5AndCertsSslSocketConnector();
Krb5AndCertsSslSocketConnector sslConnector = new Krb5AndCertsSslSocketConnector();
if(auth != null){
sslConnector.setMode(auth);
if(auth != null){
sslConnector.setMode(auth);
}
sslConnector.setKeystore(keyStore);
sslConnector.setPassword(keyStorePassword);
sslConnector.getSslContextFactory().setKeyStore(keyStore);
sslConnector.getSslContextFactory().setKeyStorePassword(keyStorePassword);
// if the keyPassword hasn't been set, default it to the
// key store password
if (keyPassword == null) {
sslConnector.setKeyPassword(keyStorePassword);
sslConnector.getSslContextFactory().setKeyStorePassword(keyStorePassword);
}
if (keyStoreType != null) {
sslConnector.setKeystoreType(keyStoreType);
sslConnector.getSslContextFactory().setKeyStoreType(keyStoreType);
}
if (secureRandomCertficateAlgorithm != null) {
sslConnector.setSecureRandomAlgorithm(secureRandomCertficateAlgorithm);
sslConnector.getSslContextFactory().setSecureRandomAlgorithm(secureRandomCertficateAlgorithm);
}
if (keyCertificateAlgorithm != null) {
sslConnector.setSslKeyManagerFactoryAlgorithm(keyCertificateAlgorithm);
sslConnector.getSslContextFactory().setSslKeyManagerFactoryAlgorithm(keyCertificateAlgorithm);
}
if (trustCertificateAlgorithm != null) {
sslConnector.setSslTrustManagerFactoryAlgorithm(trustCertificateAlgorithm);
sslConnector.getSslContextFactory().setTrustManagerFactoryAlgorithm(trustCertificateAlgorithm);
}
if (protocol != null) {
sslConnector.setProtocol(protocol);
sslConnector.getSslContextFactory().setProtocol(protocol);
}
setConnector(sslConnector);
@ -139,17 +139,17 @@ public class HttpsTransportServer extends HttpTransportServer {
}
/**
* @return the auth
*/
public String getAuth() {
return auth;
}
* @return the auth
*/
public String getAuth() {
return auth;
}
/**
* @param auth the auth to set
*/
public void setAuth(String auth) {
this.auth = auth;
}
/**
* @param auth the auth to set
*/
public void setAuth(String auth) {
this.auth = auth;
}
}

View File

@ -17,8 +17,10 @@
package org.apache.activemq.transport.https;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Principal;
import java.util.List;
import java.util.Collections;
@ -26,12 +28,12 @@ import java.util.Random;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.eclipse.jetty.http.HttpSchemes;
import org.eclipse.jetty.http.ssl.SslContextFactory;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.ssl.ServletSSL;
@ -39,133 +41,156 @@ import org.eclipse.jetty.server.ssl.SslSocketConnector;
/**
* Extend Jetty's {@link SslSocketConnector} to optionally also provide
* Kerberos5ized SSL sockets. The only change in behavior from superclass
* is that we no longer honor requests to turn off NeedAuthentication when
* running with Kerberos support.
* Kerberos5ized SSL sockets. The only change in behavior from superclass is
* that we no longer honor requests to turn off NeedAuthentication when running
* with Kerberos support.
*/
public class Krb5AndCertsSslSocketConnector extends SslSocketConnector {
public static final List<String> KRB5_CIPHER_SUITES =
Collections.unmodifiableList(Collections.singletonList(
"TLS_KRB5_WITH_3DES_EDE_CBC_SHA"));
static {
System.setProperty("https.cipherSuites", KRB5_CIPHER_SUITES.get(0));
}
private static final Logger LOG = LoggerFactory.getLogger(Krb5AndCertsSslSocketConnector.class);
private static final String REMOTE_PRINCIPAL = "remote_principal";
public enum MODE {KRB, CERTS, BOTH} // Support Kerberos, certificates or both?
private boolean useKrb;
private boolean useCerts;
public Krb5AndCertsSslSocketConnector() {
// By default, stick to cert based authentication
super();
useKrb = false;
useCerts = true;
setPasswords();
}
public void setMode(String mode) {
useKrb = mode == MODE.KRB.toString() || mode == MODE.BOTH.toString();
useCerts = mode == MODE.CERTS.toString() || mode == MODE.BOTH.toString();
logIfDebug("useKerb = " + useKrb + ", useCerts = " + useCerts);
}
// If not using Certs, set passwords to random gibberish or else
// Jetty will actually prompt the user for some.
private void setPasswords() {
if(!useCerts) {
Random r = new Random();
System.setProperty("jetty.ssl.password", String.valueOf(r.nextLong()));
System.setProperty("jetty.ssl.keypassword", String.valueOf(r.nextLong()));
}
}
@Override
protected SSLServerSocketFactory createFactory() throws Exception {
if(useCerts)
return super.createFactory();
SSLContext context = super.getProvider()==null
? SSLContext.getInstance(super.getProtocol())
:SSLContext.getInstance(super.getProtocol(), super.getProvider());
context.init(null, null, null);
System.err.println("Creating socket factory");
return context.getServerSocketFactory();
}
/* (non-Javadoc)
* @see org.mortbay.jetty.security.SslSocketConnector#newServerSocket(java.lang.String, int, int)
*/
@Override
protected ServerSocket newServerSocket(String host, int port, int backlog)
throws IOException {
System.err.println("Creating new KrbServerSocket for: " + host);
logIfDebug("Creating new KrbServerSocket for: " + host);
SSLServerSocket ss = null;
if(useCerts) // Get the server socket from the SSL super impl
ss = (SSLServerSocket)super.newServerSocket(host, port, backlog);
else { // Create a default server socket
try {
ss = (SSLServerSocket)(host == null
? createFactory().createServerSocket(port, backlog) :
createFactory().createServerSocket(port, backlog, InetAddress.getByName(host)));
} catch (Exception e)
{
LOG.warn("Could not create KRB5 Listener", e);
throw new IOException("Could not create KRB5 Listener: " + e.toString());
}
public static final List<String> KRB5_CIPHER_SUITES = Collections.unmodifiableList(Collections.singletonList("TLS_KRB5_WITH_3DES_EDE_CBC_SHA"));
static {
System.setProperty("https.cipherSuites", KRB5_CIPHER_SUITES.get(0));
}
// Add Kerberos ciphers to this socket server if needed.
if(useKrb) {
ss.setNeedClientAuth(true);
String [] combined;
if(useCerts) { // combine the cipher suites
String[] certs = ss.getEnabledCipherSuites();
combined = new String[certs.length + KRB5_CIPHER_SUITES.size()];
System.arraycopy(certs, 0, combined, 0, certs.length);
System.arraycopy(KRB5_CIPHER_SUITES.toArray(new String[0]), 0, combined,
certs.length, KRB5_CIPHER_SUITES.size());
} else { // Just enable Kerberos auth
combined = KRB5_CIPHER_SUITES.toArray(new String[0]);
}
private static final Logger LOG = LoggerFactory.getLogger(Krb5AndCertsSslSocketConnector.class);
ss.setEnabledCipherSuites(combined);
}
System.err.println("New socket created");
return ss;
};
private static final String REMOTE_PRINCIPAL = "remote_principal";
@Override
public void customize(EndPoint endpoint, Request request) throws IOException {
if(useKrb) { // Add Kerberos-specific info
SSLSocket sslSocket = (SSLSocket)endpoint.getTransport();
Principal remotePrincipal = sslSocket.getSession().getPeerPrincipal();
logIfDebug("Remote principal = " + remotePrincipal);
request.setScheme(HttpSchemes.HTTPS);
request.setAttribute(REMOTE_PRINCIPAL, remotePrincipal);
public enum MODE {
KRB, CERTS, BOTH
} // Support Kerberos, certificates or both?
if(!useCerts) { // Add extra info that would have been added by super
String cipherSuite = sslSocket.getSession().getCipherSuite();
Integer keySize = Integer.valueOf(ServletSSL.deduceKeyLength(cipherSuite));;
private boolean useKrb;
private boolean useCerts;
request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
request.setAttribute("javax.servlet.request.key_size", keySize);
}
public Krb5AndCertsSslSocketConnector() {
// By default, stick to cert based authentication
super();
useKrb = false;
useCerts = true;
setPasswords();
}
if(useCerts) super.customize(endpoint, request);
System.err.println();
}
public void setMode(String mode) {
useKrb = mode == MODE.KRB.toString() || mode == MODE.BOTH.toString();
useCerts = mode == MODE.CERTS.toString() || mode == MODE.BOTH.toString();
logIfDebug("useKerb = " + useKrb + ", useCerts = " + useCerts);
}
private void logIfDebug(String s) {
if(LOG.isDebugEnabled())
LOG.debug(s);
}
// If not using Certs, set passwords to random gibberish or else
// Jetty will actually prompt the user for some.
private void setPasswords() {
if (!useCerts) {
Random r = new Random();
System.setProperty("jetty.ssl.password", String.valueOf(r.nextLong()));
System.setProperty("jetty.ssl.keypassword", String.valueOf(r.nextLong()));
}
}
// @Override
// protected SSLServerSocketFactory createFactory() throws Exception {
// if(useCerts)
// return super.createFactory();
//
// SSLContext context = super.getProvider()==null
// ? SSLContext.getInstance(super.getProtocol())
// :SSLContext.getInstance(super.getProtocol(), super.getProvider());
// context.init(null, null, null);
//
// System.err.println("Creating socket factory");
// return context.getServerSocketFactory();
// }
@Override
public SslContextFactory getSslContextFactory() {
final SslContextFactory factory = super.getSslContextFactory();
if (useCerts) {
return factory;
}
try {
SSLContext context = factory.getProvider() == null ? SSLContext.getInstance(factory.getProtocol()) : SSLContext.getInstance(factory.getProtocol(),
factory.getProvider());
context.init(null, null, null);
factory.setSslContext(context);
} catch (NoSuchAlgorithmException e) {
} catch (NoSuchProviderException e) {
} catch (KeyManagementException e) {
}
return factory;
}
/*
* (non-Javadoc)
*
* @see
* org.mortbay.jetty.security.SslSocketConnector#newServerSocket(java.lang
* .String, int, int)
*/
@Override
protected ServerSocket newServerSocket(String host, int port, int backlog) throws IOException {
System.err.println("Creating new KrbServerSocket for: " + host);
logIfDebug("Creating new KrbServerSocket for: " + host);
SSLServerSocket ss = null;
if (useCerts) // Get the server socket from the SSL super impl
ss = (SSLServerSocket) super.newServerSocket(host, port, backlog);
else { // Create a default server socket
try {
ss = (SSLServerSocket) super.newServerSocket(host, port, backlog);
} catch (Exception e) {
LOG.warn("Could not create KRB5 Listener", e);
throw new IOException("Could not create KRB5 Listener: " + e.toString());
}
}
// Add Kerberos ciphers to this socket server if needed.
if (useKrb) {
ss.setNeedClientAuth(true);
String[] combined;
if (useCerts) { // combine the cipher suites
String[] certs = ss.getEnabledCipherSuites();
combined = new String[certs.length + KRB5_CIPHER_SUITES.size()];
System.arraycopy(certs, 0, combined, 0, certs.length);
System.arraycopy(KRB5_CIPHER_SUITES.toArray(new String[0]), 0, combined, certs.length, KRB5_CIPHER_SUITES.size());
} else { // Just enable Kerberos auth
combined = KRB5_CIPHER_SUITES.toArray(new String[0]);
}
ss.setEnabledCipherSuites(combined);
}
System.err.println("New socket created");
return ss;
};
@Override
public void customize(EndPoint endpoint, Request request) throws IOException {
if (useKrb) { // Add Kerberos-specific info
SSLSocket sslSocket = (SSLSocket) endpoint.getTransport();
Principal remotePrincipal = sslSocket.getSession().getPeerPrincipal();
logIfDebug("Remote principal = " + remotePrincipal);
request.setScheme(HttpSchemes.HTTPS);
request.setAttribute(REMOTE_PRINCIPAL, remotePrincipal);
if (!useCerts) { // Add extra info that would have been added by
// super
String cipherSuite = sslSocket.getSession().getCipherSuite();
Integer keySize = Integer.valueOf(ServletSSL.deduceKeyLength(cipherSuite));
;
request.setAttribute("javax.servlet.request.cipher_suite", cipherSuite);
request.setAttribute("javax.servlet.request.key_size", keySize);
}
}
if (useCerts)
super.customize(endpoint, request);
System.err.println();
}
private void logIfDebug(String s) {
if (LOG.isDebugEnabled())
LOG.debug(s);
}
}

View File

@ -28,12 +28,9 @@ import org.eclipse.jetty.websocket.WebSocket;
import org.eclipse.jetty.websocket.WebSocketServlet;
/**
*
* Handle connection upgrade requests and creates web sockets
*
*/
public class StompServlet extends WebSocketServlet {
private static final long serialVersionUID = -4716657876092884139L;
private TransportAcceptListener listener;
@ -51,10 +48,10 @@ public class StompServlet extends WebSocketServlet {
getServletContext().getNamedDispatcher("default").forward(request,response);
}
protected WebSocket doWebSocketConnect(HttpServletRequest request, String protocol) {
@Override
public WebSocket doWebSocketConnect(HttpServletRequest request, String protocol) {
StompSocket socket = new StompSocket();
listener.onAccept(socket);
return socket;
}
}

View File

@ -32,22 +32,24 @@ import org.apache.activemq.util.ServiceStopper;
import org.eclipse.jetty.websocket.WebSocket;
/**
*
* Implements web socket and mediates between servlet and the broker
*
*/
class StompSocket extends TransportSupport implements WebSocket, StompTransport {
Outbound outbound;
class StompSocket extends TransportSupport implements WebSocket.OnTextMessage, StompTransport {
Connection outbound;
ProtocolConverter protocolConverter = new ProtocolConverter(this, null);
StompWireFormat wireFormat = new StompWireFormat();
public void onConnect(Outbound outbound) {
this.outbound=outbound;
@Override
public void onOpen(Connection connection) {
this.outbound = connection;
}
public void onMessage(byte frame, byte[] data,int offset, int length) {}
@Override
public void onClose(int closeCode, String message) {
}
public void onMessage(byte frame, String data) {
@Override
public void onMessage(String data) {
try {
protocolConverter.onStompCommand((StompFrame)wireFormat.unmarshal(new ByteSequence(data.getBytes("UTF-8"))));
} catch (Exception e) {
@ -55,23 +57,25 @@ class StompSocket extends TransportSupport implements WebSocket, StompTransport
}
}
public void onDisconnect() {
}
@Override
protected void doStart() throws Exception {
}
@Override
protected void doStop(ServiceStopper stopper) throws Exception {
}
@Override
public int getReceiveCounter() {
return 0;
}
@Override
public String getRemoteAddress() {
return "StompSocket_" + this.hashCode();
}
@Override
public void oneway(Object command) throws IOException {
try {
protocolConverter.onActiveMQCommand((Command)command);
@ -80,16 +84,19 @@ class StompSocket extends TransportSupport implements WebSocket, StompTransport
}
}
@Override
public X509Certificate[] getPeerCertificates() {
return null;
}
@Override
public void sendToActiveMQ(Command command) {
doConsume(command);
}
@Override
public void sendToStomp(StompFrame command) throws IOException {
outbound.sendMessage(WebSocket.SENTINEL_FRAME, command.format());
outbound.sendMessage(command.format());
}
@Override

View File

@ -26,8 +26,8 @@ import org.apache.activemq.util.ServiceStopper;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.bio.SocketConnector;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.server.session.SessionHandler;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.servlet.ServletMapping;
@ -58,7 +58,7 @@ public class WSTransportServer extends TransportServerSupport {
connector
});
ContextHandler contextHandler = new ContextHandler();
ServletContextHandler contextHandler = new ServletContextHandler();
contextHandler.setContextPath("/");
contextHandler.setServer(server);
server.setHandler(contextHandler);

View File

@ -67,7 +67,7 @@
<hsqldb-version>1.7.2.2</hsqldb-version>
<jasypt-version>1.8</jasypt-version>
<jdom-version>1.0</jdom-version>
<jetty-version>7.1.6.v20100715</jetty-version>
<jetty-version>7.5.1.v20110908</jetty-version>
<jsp-version>2.1.v20100127</jsp-version>
<jstl-version>1.1.2</jstl-version>
<jettison-version>1.3</jettison-version>