Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

jetty-9 work in progress jetty-server

This commit is contained in:
Greg Wilkins 2012-03-08 21:33:32 +11:00
parent 40c9dd77bf
commit 872282c34c
8 changed files with 154 additions and 1120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
jetty-server/src/main/java/org/eclipse/jetty/server/AbstractConnector.java
View File

@ -62,9 +62,9 @@ public abstract class AbstractConnector extends AggregateLifeCycle implements Ht
private ThreadPool _threadPool;
private String _host;
private int _port = 0;
private String _integralScheme = HttpScheme.HTTPS;
private String _integralScheme = HttpScheme.HTTPS.toString();
private int _integralPort = 0;
private String _confidentialScheme = HttpScheme.HTTPS;
private String _confidentialScheme = HttpScheme.HTTPS.toString();
private int _confidentialPort = 0;
private int _acceptQueueSize = 0;
private int _acceptors = 1;
@ -73,10 +73,10 @@ public abstract class AbstractConnector extends AggregateLifeCycle implements Ht
private boolean _forwarded;
private String _hostHeader;
private String _forwardedHostHeader = HttpHeader.X_FORWARDED_HOST;
private String _forwardedServerHeader = HttpHeader.X_FORWARDED_SERVER;
private String _forwardedForHeader = HttpHeader.X_FORWARDED_FOR;
private String _forwardedProtoHeader = HttpHeader.X_FORWARDED_PROTO;
private String _forwardedHostHeader = HttpHeader.X_FORWARDED_HOST.toString();
private String _forwardedServerHeader = HttpHeader.X_FORWARDED_SERVER.toString();
private String _forwardedForHeader = HttpHeader.X_FORWARDED_FOR.toString();
private String _forwardedProtoHeader = HttpHeader.X_FORWARDED_PROTO.toString();
private String _forwardedCipherSuiteHeader;
private String _forwardedSslSessionIdHeader;
private boolean _reuseAddress = true;
@ -420,7 +420,7 @@ public abstract class AbstractConnector extends AggregateLifeCycle implements Ht
if(ssl_session_id!=null)
{
request.setAttribute("javax.servlet.request.ssl_session_id", ssl_session_id);
request.setScheme(HttpScheme.HTTPS);
request.setScheme(HttpScheme.HTTPS.toString());
}
}
@ -433,7 +433,7 @@ public abstract class AbstractConnector extends AggregateLifeCycle implements Ht
if (_hostHeader != null)
{
// Update host header
httpFields.put(HttpHeader.HOST_BUFFER,_hostHeader);
httpFields.put(HttpHeader.HOST.toString(),_hostHeader);
request.setServerName(null);
request.setServerPort(-1);
request.getServerName();
@ -441,7 +441,7 @@ public abstract class AbstractConnector extends AggregateLifeCycle implements Ht
else if (forwardedHost != null)
{
// Update host header
httpFields.put(HttpHeader.HOST_BUFFER,forwardedHost);
httpFields.put(HttpHeader.HOST.toString(),forwardedHost);
request.setServerName(null);
request.setServerPort(-1);
request.getServerName();
@ -558,7 +558,7 @@ public abstract class AbstractConnector extends AggregateLifeCycle implements Ht
*/
public boolean isConfidential(Request request)
{
return _forwarded && request.getScheme().equalsIgnoreCase(HttpScheme.HTTPS);
return _forwarded && request.getScheme().equalsIgnoreCase(HttpScheme.HTTPS.toString());
}
/* ------------------------------------------------------------ */

9
jetty-server/src/main/java/org/eclipse/jetty/server/AbstractHttpConnection.java
View File

@ -23,7 +23,6 @@ import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.continuation.ContinuationThrowable;
import org.eclipse.jetty.http.EncodedHttpURI;
import org.eclipse.jetty.http.Generator;
import org.eclipse.jetty.http.HttpBuffers;
import org.eclipse.jetty.http.HttpContent;
import org.eclipse.jetty.http.HttpException;
@ -37,10 +36,8 @@ import org.eclipse.jetty.http.HttpStatus;
import org.eclipse.jetty.http.HttpURI;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.http.MimeTypes;
import org.eclipse.jetty.http.Parser;
import org.eclipse.jetty.io.AbstractConnection;
import org.eclipse.jetty.io.BufferCache.ByteBuffer;
import org.eclipse.jetty.io.Buffers;
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.io.EndPoint;
@ -100,12 +97,12 @@ public abstract class AbstractHttpConnection extends AbstractConnection
protected final Server _server;
protected final HttpURI _uri;
protected final Parser _parser;
protected final HttpParser _parser;
protected final HttpFields _requestFields;
protected final Request _request;
protected volatile ServletInputStream _in;
protected final Generator _generator;
protected final HttpGenerator _generator;
protected final HttpFields _responseFields;
protected final Response _response;
protected volatile Output _out;
@ -629,7 +626,7 @@ public abstract class AbstractHttpConnection extends AbstractConnection
}
/* ------------------------------------------------------------ */
public Generator getGenerator()
public HttpGenerator getGenerator()
{
return _generator;
}

1
jetty-server/src/main/java/org/eclipse/jetty/server/AsyncContinuation.java
View File

@ -578,7 +578,6 @@ public class AsyncContinuation implements AsyncContext, Continuation
}
/* ------------------------------------------------------------ */
@Override
public <T extends AsyncListener> T createListener(Class<T> clazz) throws ServletException
{
try

162
jetty-server/src/main/java/org/eclipse/jetty/server/HttpOutput.java
View File

@ -14,15 +14,23 @@
package org.eclipse.jetty.server;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.io.Writer;
import java.nio.ByteBuffer;
import java.nio.channels.CompletionHandler;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.servlet.ServletOutputStream;
import org.eclipse.jetty.http.AbstractGenerator;
import org.eclipse.jetty.http.Generator;
import org.eclipse.jetty.http.HttpGenerator;
import org.eclipse.jetty.http.HttpGenerator.Action;
import org.eclipse.jetty.io.ByteArrayBuffer;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.io.EofException;
import org.eclipse.jetty.util.BufferUtil;
import org.eclipse.jetty.util.ByteArrayOutputStream2;
/** Output.
@ -37,8 +45,11 @@ import org.eclipse.jetty.util.ByteArrayOutputStream2;
public class HttpOutput extends ServletOutputStream
{
protected final AbstractHttpConnection _connection;
protected final AbstractGenerator _generator;
protected final HttpGenerator _generator;
private boolean _closed;
ByteBuffer header=null;
ByteBuffer chunk=null;
ByteBuffer buffer=null;
// These are held here for reuse by Writer
String _characterEncoding;
@ -50,7 +61,7 @@ public class HttpOutput extends ServletOutputStream
public HttpOutput(AbstractHttpConnection connection)
{
_connection=connection;
_generator=(AbstractGenerator)connection.getGenerator();
_generator=(HttpGenerator)connection.getGenerator();
}
/* ------------------------------------------------------------ */
@ -91,14 +102,14 @@ public class HttpOutput extends ServletOutputStream
@Override
public void flush() throws IOException
{
_generator.flush(getMaxIdleTime());
// TODO
}
/* ------------------------------------------------------------ */
@Override
public void write(byte[] b, int off, int len) throws IOException
{
write(new ByteArrayBuffer(b,off,len));
write(ByteBuffer.wrap(b,off,len));
}
/* ------------------------------------------------------------ */
@ -108,7 +119,7 @@ public class HttpOutput extends ServletOutputStream
@Override
public void write(byte[] b) throws IOException
{
write(new ByteArrayBuffer(b));
write(ByteBuffer.wrap(b));
}
/* ------------------------------------------------------------ */
@ -118,70 +129,105 @@ public class HttpOutput extends ServletOutputStream
@Override
public void write(int b) throws IOException
{
if (_closed)
throw new IOException("Closed");
if (!_generator.isOpen())
throw new EofException();
// Block until we can add _content.
while (_generator.isBufferFull())
{
_generator.blockForOutput(getMaxIdleTime());
if (_closed)
throw new IOException("Closed");
if (!_generator.isOpen())
throw new EofException();
}
// Add the _content
if (_generator.addContent((byte)b))
// Buffers are full so commit.
_connection.commitResponse(Generator.MORE);
if (_generator.isAllContentWritten())
{
flush();
close();
}
write(ByteBuffer.wrap(new byte[]{(byte)b}));
}
/* ------------------------------------------------------------ */
private void write(ByteBuffer buffer) throws IOException
private void write(ByteBuffer content) throws IOException
{
if (_closed)
throw new IOException("Closed");
if (!_generator.isOpen())
if (!_generator.isComplete())
throw new EofException();
// Block until we can add _content.
while (_generator.isBufferFull())
try
{
_generator.blockForOutput(getMaxIdleTime());
if (_closed)
throw new IOException("Closed");
if (!_generator.isOpen())
throw new EofException();
while(BufferUtil.hasContent(content))
{
// Generate
Action action=BufferUtil.hasContent(content)?null:Action.COMPLETE;
/* System.err.printf("generate(%s,%s,%s,%s,%s)@%s%n",
BufferUtil.toSummaryString(header),
BufferUtil.toSummaryString(chunk),
BufferUtil.toSummaryString(buffer),
BufferUtil.toSummaryString(content),
action,gen.getState());*/
HttpGenerator.Result result=_generator.generate(header,chunk,buffer,content,action);
/*System.err.printf("%s (%s,%s,%s,%s,%s)@%s%n",
result,
BufferUtil.toSummaryString(header),
BufferUtil.toSummaryString(chunk),
BufferUtil.toSummaryString(buffer),
BufferUtil.toSummaryString(content),
action,gen.getState());*/
switch(result)
{
case NEED_HEADER:
header=BufferUtil.allocate(2048);
break;
case NEED_BUFFER:
buffer=BufferUtil.allocate(8192);
break;
case NEED_CHUNK:
header=null;
chunk=BufferUtil.allocate(HttpGenerator.CHUNK_SIZE);
break;
case FLUSH:
{
Future<Integer> future = _connection.getEndPoint().flush(header,chunk,buffer);
future.get(getMaxIdleTime(),TimeUnit.MILLISECONDS);
break;
}
case FLUSH_CONTENT:
{
Future<Integer> future = _connection.getEndPoint().flush(header,chunk,content);
future.get(getMaxIdleTime(),TimeUnit.MILLISECONDS);
break;
}
case OK:
break;
case SHUTDOWN_OUT:
_connection.getEndPoint().shutdownOutput();
break;
}
}
}
// Add the _content
_generator.addContent(buffer, Generator.MORE);
// Have to flush and complete headers?
if (_generator.isAllContentWritten())
catch(final TimeoutException e)
{
flush();
close();
}
else if (_generator.isBufferFull())
_connection.commitResponse(Generator.MORE);
// Block until our buffer is free
while (buffer.length() > 0 && _generator.isOpen())
throw new InterruptedIOException(e.toString())
{
{
this.initCause(e);
}
};
}
catch (final InterruptedException e)
{
_generator.blockForOutput(getMaxIdleTime());
throw new InterruptedIOException(e.toString())
{
{
this.initCause(e);
}
};
}
catch (final ExecutionException e)
{
throw new IOException(e.toString())
{
{
this.initCause(e);
}
};
}
}
/* ------------------------------------------------------------ */
/*

6
jetty-server/src/main/java/org/eclipse/jetty/server/NCSARequestLog.java
View File

@ -467,7 +467,7 @@ public class NCSARequestLog extends AbstractLifeCycle implements RequestLog
String addr = null;
if (_preferProxiedForAddress)
{
addr = request.getHeader(HttpHeader.X_FORWARDED_FOR);
addr = request.getHeader(HttpHeader.X_FORWARDED_FOR.toString());
}
if (addr == null)
@ -601,7 +601,7 @@ public class NCSARequestLog extends AbstractLifeCycle implements RequestLog
Response response,
StringBuilder b) throws IOException
{
String referer = request.getHeader(HttpHeader.REFERER);
String referer = request.getHeader(HttpHeader.REFERER.toString());
if (referer == null)
b.append("\"-\" ");
else
@ -611,7 +611,7 @@ public class NCSARequestLog extends AbstractLifeCycle implements RequestLog
b.append("\" ");
}
String agent = request.getHeader(HttpHeader.USER_AGENT);
String agent = request.getHeader(HttpHeader.USER_AGENT.toString());
if (agent == null)
b.append("\"-\" ");
else

54
jetty-server/src/main/java/org/eclipse/jetty/server/ResourceCache.java
View File

@ -16,6 +16,8 @@ package org.eclipse.jetty.server;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.nio.channels.FileChannel;
import java.util.Comparator;
import java.util.SortedSet;
import java.util.TreeSet;
@ -28,10 +30,7 @@ import org.eclipse.jetty.http.HttpContent;
import org.eclipse.jetty.http.HttpFields;
import org.eclipse.jetty.http.MimeTypes;
import org.eclipse.jetty.io.ByteArrayBuffer;
import org.eclipse.jetty.io.View;
import org.eclipse.jetty.io.nio.DirectNIOBuffer;
import org.eclipse.jetty.util.BufferUtil;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.resource.Resource;
@ -296,10 +295,17 @@ public class ResourceCache
LOG.warn("invalid resource: "+String.valueOf(resource)+" "+len);
return null;
}
ByteBuffer buffer = new IndirectNIOBuffer(len);
InputStream is = resource.getInputStream();
buffer.readFrom(is,len);
is.close();
ByteBuffer buffer = BufferUtil.allocate(len);
int pos=BufferUtil.flipToFill(buffer);
if (resource.getFile()!=null)
BufferUtil.readFrom(resource.getFile(),buffer);
else
{
InputStream is = resource.getInputStream();
BufferUtil.readFrom(is,len,buffer);
is.close();
}
BufferUtil.flipToFlush(buffer,pos);
return buffer;
}
catch(IOException e)
@ -315,18 +321,27 @@ public class ResourceCache
try
{
if (_useFileMappedBuffer && resource.getFile()!=null)
return new DirectNIOBuffer(resource.getFile());
return BufferUtil.toBuffer(resource.getFile());
int len=(int)resource.length();
if (len<0)
{
LOG.warn("invalid resource: "+String.valueOf(resource)+" "+len);
return null;
}
ByteBuffer buffer = new DirectNIOBuffer(len);
InputStream is = resource.getInputStream();
buffer.readFrom(is,len);
is.close();
ByteBuffer buffer = BufferUtil.allocateDirect(len);
int pos=BufferUtil.flipToFill(buffer);
if (resource.getFile()!=null)
BufferUtil.readFrom(resource.getFile(),buffer);
else
{
InputStream is = resource.getInputStream();
BufferUtil.readFrom(is,len,buffer);
is.close();
}
BufferUtil.flipToFlush(buffer,pos);
return buffer;
}
catch(IOException e)
@ -368,7 +383,7 @@ public class ResourceCache
_contentType=_mimeTypes.getMimeByExtension(_resource.toString());
boolean exists=resource.exists();
_lastModified=exists?resource.lastModified():-1;
_lastModifiedBytes=_lastModified<0?null:new ByteArrayBuffer(HttpFields.formatDate(_lastModified));
_lastModifiedBytes=_lastModified<0?null:BufferUtil.toBuffer(HttpFields.formatDate(_lastModified));
_length=exists?(int)resource.length():0;
_cachedSize.addAndGet(_length);
@ -459,7 +474,7 @@ public class ResourceCache
}
if (buffer==null)
return null;
return new View(buffer);
return buffer.asReadOnlyBuffer();
}
@ -480,8 +495,7 @@ public class ResourceCache
}
if (buffer==null)
return null;
return new View(buffer);
return buffer.asReadOnlyBuffer();
}
/* ------------------------------------------------------------ */
@ -494,8 +508,8 @@ public class ResourceCache
public InputStream getInputStream() throws IOException
{
ByteBuffer indirect = getIndirectBuffer();
if (indirect!=null && indirect.array()!=null)
return new ByteArrayInputStream(indirect.array(),indirect.getIndex(),indirect.length());
if (indirect!=null && indirect.hasArray())
return new ByteArrayInputStream(indirect.array(),indirect.arrayOffset()+indirect.position(),indirect.remaining());
return _resource.getInputStream();
}

315
jetty-server/src/main/java/org/eclipse/jetty/server/bio/SocketConnector.java
View File

@ -1,315 +0,0 @@
// ========================================================================
// Copyright (c) 2003-2009 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
package org.eclipse.jetty.server.bio;
import java.io.IOException;
import java.net.InetAddress;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.SocketException;
import java.util.HashSet;
import java.util.Set;
import org.eclipse.jetty.http.HttpException;
import org.eclipse.jetty.io.ConnectedEndPoint;
import org.eclipse.jetty.io.Connection;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.io.EofException;
import org.eclipse.jetty.io.bio.SocketEndPoint;
import org.eclipse.jetty.server.AbstractConnector;
import org.eclipse.jetty.server.AbstractHttpConnection;
import org.eclipse.jetty.server.BlockingHttpConnection;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.util.component.AggregateLifeCycle;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
/* ------------------------------------------------------------------------------- */
/** Socket Connector.
* This connector implements a traditional blocking IO and threading model.
* Normal JRE sockets are used and a thread is allocated per connection.
* Buffers are managed so that large buffers are only allocated to active connections.
*
* This Connector should only be used if NIO is not available.
*
* @org.apache.xbean.XBean element="bioConnector" description="Creates a BIO based socket connector"
*
*
*/
public class SocketConnector extends AbstractConnector
{
private static final Logger LOG = Log.getLogger(SocketConnector.class);
protected ServerSocket _serverSocket;
protected final Set<EndPoint> _connections;
protected volatile int _localPort=-1;
/* ------------------------------------------------------------ */
/** Constructor.
*
*/
public SocketConnector()
{
_connections=new HashSet<EndPoint>();
}
/* ------------------------------------------------------------ */
public Object getConnection()
{
return _serverSocket;
}
/* ------------------------------------------------------------ */
public void open() throws IOException
{
// Create a new server socket and set to non blocking mode
if (_serverSocket==null || _serverSocket.isClosed())
_serverSocket= newServerSocket(getHost(),getPort(),getAcceptQueueSize());
_serverSocket.setReuseAddress(getReuseAddress());
_localPort=_serverSocket.getLocalPort();
if (_localPort<=0)
throw new IllegalStateException("port not allocated for "+this);
}
/* ------------------------------------------------------------ */
protected ServerSocket newServerSocket(String host, int port,int backlog) throws IOException
{
ServerSocket ss= host==null?
new ServerSocket(port,backlog):
new ServerSocket(port,backlog,InetAddress.getByName(host));
return ss;
}
/* ------------------------------------------------------------ */
public void close() throws IOException
{
if (_serverSocket!=null)
_serverSocket.close();
_serverSocket=null;
_localPort=-2;
}
/* ------------------------------------------------------------ */
@Override
public void accept(int acceptorID)
throws IOException, InterruptedException
{
Socket socket = _serverSocket.accept();
configure(socket);
ConnectorEndPoint connection=new ConnectorEndPoint(socket);
connection.dispatch();
}
/* ------------------------------------------------------------------------------- */
/**
* Allows subclass to override Conection if required.
*/
protected Connection newConnection(EndPoint endpoint)
{
return new BlockingHttpConnection(this, endpoint, getServer());
}
/* ------------------------------------------------------------------------------- */
@Override
public void customize(EndPoint endpoint, Request request)
throws IOException
{
ConnectorEndPoint connection = (ConnectorEndPoint)endpoint;
int lrmit = isLowResources()?_lowResourceMaxIdleTime:_maxIdleTime;
connection.setMaxIdleTime(lrmit);
super.customize(endpoint, request);
}
/* ------------------------------------------------------------------------------- */
public int getLocalPort()
{
return _localPort;
}
/* ------------------------------------------------------------------------------- */
@Override
protected void doStart() throws Exception
{
_connections.clear();
super.doStart();
}
/* ------------------------------------------------------------------------------- */
@Override
protected void doStop() throws Exception
{
super.doStop();
Set<EndPoint> set = new HashSet<EndPoint>();
synchronized(_connections)
{
set.addAll(_connections);
}
for (EndPoint endPoint : set)
{
ConnectorEndPoint connection = (ConnectorEndPoint)endPoint;
connection.close();
}
}
@Override
public void dump(Appendable out, String indent) throws IOException
{
super.dump(out, indent);
Set<EndPoint> connections = new HashSet<EndPoint>();
synchronized (_connections)
{
connections.addAll(_connections);
}
AggregateLifeCycle.dump(out, indent, connections);
}
/* ------------------------------------------------------------------------------- */
/* ------------------------------------------------------------------------------- */
/* ------------------------------------------------------------------------------- */
protected class ConnectorEndPoint extends SocketEndPoint implements Runnable, ConnectedEndPoint
{
volatile Connection _connection;
protected final Socket _socket;
public ConnectorEndPoint(Socket socket) throws IOException
{
super(socket,_maxIdleTime);
_connection = newConnection(this);
_socket=socket;
}
public Connection getConnection()
{
return _connection;
}
public void setConnection(Connection connection)
{
if (_connection!=connection && _connection!=null)
connectionUpgraded(_connection,connection);
_connection=connection;
}
public void dispatch() throws IOException
{
if (getThreadPool()==null || !getThreadPool().dispatch(this))
{
LOG.warn("dispatch failed for {}",_connection);
close();
}
}
@Override
public int fill(ByteBuffer buffer) throws IOException
{
int l = super.fill(buffer);
if (l<0)
close();
return l;
}
@Override
public void close() throws IOException
{
if (_connection instanceof AbstractHttpConnection)
((AbstractHttpConnection)_connection).getRequest().getAsyncContinuation().cancel();
super.close();
}
public void run()
{
try
{
connectionOpened(_connection);
synchronized(_connections)
{
_connections.add(this);
}
while (isStarted() && !isClosed())
{
if (_connection.isIdle())
{
if (isLowResources())
setMaxIdleTime(getLowResourcesMaxIdleTime());
}
_connection=_connection.handle();
}
}
catch (EofException e)
{
LOG.debug("EOF", e);
try{close();}
catch(IOException e2){LOG.ignore(e2);}
}
catch (SocketException e)
{
LOG.debug("EOF", e);
try{close();}
catch(IOException e2){LOG.ignore(e2);}
}
catch (HttpException e)
{
LOG.debug("BAD", e);
try{close();}
catch(IOException e2){LOG.ignore(e2);}
}
catch(Exception e)
{
LOG.warn("handle failed?",e);
try{close();}
catch(IOException e2){LOG.ignore(e2);}
}
finally
{
connectionClosed(_connection);
synchronized(_connections)
{
_connections.remove(this);
}
// wait for client to close, but if not, close ourselves.
try
{
if (!_socket.isClosed())
{
long timestamp=System.currentTimeMillis();
int max_idle=getMaxIdleTime();
_socket.setSoTimeout(getMaxIdleTime());
int c=0;
do
{
c = _socket.getInputStream().read();
}
while (c>=0 && (System.currentTimeMillis()-timestamp)<max_idle);
if (!_socket.isClosed())
_socket.close();
}
}
catch(IOException e)
{
LOG.ignore(e);
}
}
}
}
}

707
jetty-server/src/main/java/org/eclipse/jetty/server/ssl/SslSocketConnector.java
View File

@ -1,707 +0,0 @@
// ========================================================================
// Copyright (c) 2000-2009 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
package org.eclipse.jetty.server.ssl;
import java.io.IOException;
import java.net.ServerSocket;
import java.net.Socket;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.eclipse.jetty.http.HttpScheme;
import org.eclipse.jetty.io.EndPoint;
import org.eclipse.jetty.io.RuntimeIOException;
import org.eclipse.jetty.io.bio.SocketEndPoint;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.bio.SocketConnector;
import org.eclipse.jetty.util.log.Log;
import org.eclipse.jetty.util.log.Logger;
import org.eclipse.jetty.util.ssl.SslContextFactory;
/* ------------------------------------------------------------ */
/**
* SSL Socket Connector.
*
* This specialization of SocketConnector is an abstract listener that can be used as the basis for a
* specific JSSE listener.
*
* The original of this class was heavily based on the work from Court Demas, which in turn is
* based on the work from Forge Research. Since JSSE, this class has evolved significantly from
* that early work.
*
* @org.apache.xbean.XBean element="sslSocketConnector" description="Creates an ssl socket connector"
*
*
*/
public class SslSocketConnector extends SocketConnector implements SslConnector
{
private static final Logger LOG = Log.getLogger(SslSocketConnector.class);
private final SslContextFactory _sslContextFactory;
private int _handshakeTimeout = 0; //0 means use maxIdleTime
/* ------------------------------------------------------------ */
/**
* Constructor.
*/
public SslSocketConnector()
{
this(new SslContextFactory(SslContextFactory.DEFAULT_KEYSTORE_PATH));
setSoLingerTime(30000);
}
/* ------------------------------------------------------------ */
public SslSocketConnector(SslContextFactory sslContextFactory)
{
_sslContextFactory = sslContextFactory;
}
/* ------------------------------------------------------------ */
/**
* @return True if SSL re-negotiation is allowed (default false)
*/
public boolean isAllowRenegotiate()
{
return _sslContextFactory.isAllowRenegotiate();
}
/* ------------------------------------------------------------ */
/**
* Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered
* a vulnerability in SSL/TLS with re-negotiation. If your JVM
* does not have CVE-2009-3555 fixed, then re-negotiation should
* not be allowed.
* @param allowRenegotiate true if re-negotiation is allowed (default false)
*/
public void setAllowRenegotiate(boolean allowRenegotiate)
{
_sslContextFactory.setAllowRenegotiate(allowRenegotiate);
}
/* ------------------------------------------------------------ */
@Override
public void accept(int acceptorID)
throws IOException, InterruptedException
{
Socket socket = _serverSocket.accept();
configure(socket);
ConnectorEndPoint connection=new SslConnectorEndPoint(socket);
connection.dispatch();
}
/* ------------------------------------------------------------ */
@Override
protected void configure(Socket socket)
throws IOException
{
super.configure(socket);
}
/* ------------------------------------------------------------ */
/**
* Allow the Listener a chance to customise the request. before the server does its stuff. <br>
* This allows the required attributes to be set for SSL requests. <br>
* The requirements of the Servlet specs are:
* <ul>
* <li> an attribute named "javax.servlet.request.ssl_id" of type String (since Spec 3.0).</li>
* <li> an attribute named "javax.servlet.request.cipher_suite" of type String.</li>
* <li> an attribute named "javax.servlet.request.key_size" of type Integer.</li>
* <li> an attribute named "javax.servlet.request.X509Certificate" of type
* java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate,
* the order of this array is defined as being in ascending order of trust. The first
* certificate in the chain is the one set by the client, the next is the one used to
* authenticate the first, and so on. </li>
* </ul>
*
* @param endpoint The Socket the request arrived on.
* This should be a {@link SocketEndPoint} wrapping a {@link SSLSocket}.
* @param request HttpRequest to be customised.
*/
@Override
public void customize(EndPoint endpoint, Request request)
throws IOException
{
super.customize(endpoint, request);
request.setScheme(HttpScheme.HTTPS);
SocketEndPoint socket_end_point = (SocketEndPoint)endpoint;
SSLSocket sslSocket = (SSLSocket)socket_end_point.getTransport();
SSLSession sslSession = sslSocket.getSession();
SslCertificates.customize(sslSession,endpoint,request);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getExcludeCipherSuites()
* @deprecated
*/
@Deprecated
public String[] getExcludeCipherSuites() {
return _sslContextFactory.getExcludeCipherSuites();
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getIncludeCipherSuites()
* @deprecated
*/
@Deprecated
public String[] getIncludeCipherSuites()
{
return _sslContextFactory.getIncludeCipherSuites();
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getKeystore()
* @deprecated
*/
@Deprecated
public String getKeystore()
{
return _sslContextFactory.getKeyStorePath();
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getKeystoreType()
* @deprecated
*/
@Deprecated
public String getKeystoreType()
{
return _sslContextFactory.getKeyStoreType();
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getNeedClientAuth()
* @deprecated
*/
@Deprecated
public boolean getNeedClientAuth()
{
return _sslContextFactory.getNeedClientAuth();
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getProtocol()
* @deprecated
*/
@Deprecated
public String getProtocol()
{
return _sslContextFactory.getProtocol();
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getProvider()
* @deprecated
*/
@Deprecated
public String getProvider() {
return _sslContextFactory.getProvider();
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getSecureRandomAlgorithm()
* @deprecated
*/
@Deprecated
public String getSecureRandomAlgorithm()
{
return _sslContextFactory.getSecureRandomAlgorithm();
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getSslKeyManagerFactoryAlgorithm()
* @deprecated
*/
@Deprecated
public String getSslKeyManagerFactoryAlgorithm()
{
return _sslContextFactory.getSslKeyManagerFactoryAlgorithm();
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getSslTrustManagerFactoryAlgorithm()
* @deprecated
*/
@Deprecated
public String getSslTrustManagerFactoryAlgorithm()
{
return _sslContextFactory.getTrustManagerFactoryAlgorithm();
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getTruststore()
* @deprecated
*/
@Deprecated
public String getTruststore()
{
return _sslContextFactory.getTrustStore();
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getSslContextFactory()
*/
// @Override
public SslContextFactory getSslContextFactory()
{
return _sslContextFactory;
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getTruststoreType()
* @deprecated
*/
@Deprecated
public String getTruststoreType()
{
return _sslContextFactory.getTrustStoreType();
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#getWantClientAuth()
* @deprecated
*/
@Deprecated
public boolean getWantClientAuth()
{
return _sslContextFactory.getWantClientAuth();
}
/* ------------------------------------------------------------ */
/**
* By default, we're confidential, given we speak SSL. But, if we've been told about an
* confidential port, and said port is not our port, then we're not. This allows separation of
* listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener
* configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not
* requiring client certs providing mere INTEGRAL constraints.
*/
@Override
public boolean isConfidential(Request request)
{
final int confidentialPort = getConfidentialPort();
return confidentialPort == 0 || confidentialPort == request.getServerPort();
}
/* ------------------------------------------------------------ */
/**
* By default, we're integral, given we speak SSL. But, if we've been told about an integral
* port, and said port is not our port, then we're not. This allows separation of listeners
* providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to
* require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring
* client certs providing mere INTEGRAL constraints.
*/
@Override
public boolean isIntegral(Request request)
{
final int integralPort = getIntegralPort();
return integralPort == 0 || integralPort == request.getServerPort();
}
/* ------------------------------------------------------------ */
@Override
public void open() throws IOException
{
_sslContextFactory.checkKeyStore();
try
{
_sslContextFactory.start();
}
catch(Exception e)
{
throw new RuntimeIOException(e);
}
super.open();
}
/* ------------------------------------------------------------ */
/**
* {@inheritDoc}
*/
@Override
protected void doStart() throws Exception
{
_sslContextFactory.checkKeyStore();
_sslContextFactory.start();
super.doStart();
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.bio.SocketConnector#doStop()
*/
@Override
protected void doStop() throws Exception
{
_sslContextFactory.stop();
super.doStop();
}
/* ------------------------------------------------------------ */
/**
* @param host The host name that this server should listen on
* @param port the port that this server should listen on
* @param backlog See {@link ServerSocket#bind(java.net.SocketAddress, int)}
* @return A new {@link ServerSocket socket object} bound to the supplied address with all other
* settings as per the current configuration of this connector.
* @see #setWantClientAuth(boolean)
* @see #setNeedClientAuth(boolean)
* @exception IOException
*/
@Override
protected ServerSocket newServerSocket(String host, int port,int backlog) throws IOException
{
return _sslContextFactory.newSslServerSocket(host,port,backlog);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setExcludeCipherSuites(java.lang.String[])
* @deprecated
*/
@Deprecated
public void setExcludeCipherSuites(String[] cipherSuites)
{
_sslContextFactory.setExcludeCipherSuites(cipherSuites);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setIncludeCipherSuites(java.lang.String[])
* @deprecated
*/
@Deprecated
public void setIncludeCipherSuites(String[] cipherSuites)
{
_sslContextFactory.setIncludeCipherSuites(cipherSuites);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setKeyPassword(java.lang.String)
* @deprecated
*/
@Deprecated
public void setKeyPassword(String password)
{
_sslContextFactory.setKeyManagerPassword(password);
}
/* ------------------------------------------------------------ */
/**
* @param keystore The resource path to the keystore, or null for built in keystores.
* @deprecated
*/
@Deprecated
public void setKeystore(String keystore)
{
_sslContextFactory.setKeyStorePath(keystore);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setKeystoreType(java.lang.String)
* @deprecated
*/
@Deprecated
public void setKeystoreType(String keystoreType)
{
_sslContextFactory.setKeyStoreType(keystoreType);
}
/* ------------------------------------------------------------ */
/**
* Set the value of the needClientAuth property
*
* @param needClientAuth true iff we require client certificate authentication.
* @deprecated
*/
@Deprecated
public void setNeedClientAuth(boolean needClientAuth)
{
_sslContextFactory.setNeedClientAuth(needClientAuth);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setPassword(java.lang.String)
* @deprecated
*/
@Deprecated
public void setPassword(String password)
{
_sslContextFactory.setKeyStorePassword(password);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setTrustPassword(java.lang.String)
* @deprecated
*/
@Deprecated
public void setTrustPassword(String password)
{
_sslContextFactory.setTrustStorePassword(password);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setProtocol(java.lang.String)
* @deprecated
*/
@Deprecated
public void setProtocol(String protocol)
{
_sslContextFactory.setProtocol(protocol);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setProvider(java.lang.String)
* @deprecated
*/
@Deprecated
public void setProvider(String provider) {
_sslContextFactory.setProvider(provider);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setSecureRandomAlgorithm(java.lang.String)
* @deprecated
*/
@Deprecated
public void setSecureRandomAlgorithm(String algorithm)
{
_sslContextFactory.setSecureRandomAlgorithm(algorithm);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setSslKeyManagerFactoryAlgorithm(java.lang.String)
* @deprecated
*/
@Deprecated
public void setSslKeyManagerFactoryAlgorithm(String algorithm)
{
_sslContextFactory.setSslKeyManagerFactoryAlgorithm(algorithm);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setSslTrustManagerFactoryAlgorithm(java.lang.String)
* @deprecated
*/
@Deprecated
public void setSslTrustManagerFactoryAlgorithm(String algorithm)
{
_sslContextFactory.setTrustManagerFactoryAlgorithm(algorithm);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setTruststore(java.lang.String)
* @deprecated
*/
@Deprecated
public void setTruststore(String truststore)
{
_sslContextFactory.setTrustStore(truststore);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setTruststoreType(java.lang.String)
* @deprecated
*/
@Deprecated
public void setTruststoreType(String truststoreType)
{
_sslContextFactory.setTrustStoreType(truststoreType);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext)
* @deprecated
*/
@Deprecated
public void setSslContext(SSLContext sslContext)
{
_sslContextFactory.setSslContext(sslContext);
}
/* ------------------------------------------------------------ */
/**
* @see org.eclipse.jetty.server.ssl.SslConnector#setSslContext(javax.net.ssl.SSLContext)
* @deprecated
*/
@Deprecated
public SSLContext getSslContext()
{
return _sslContextFactory.getSslContext();
}
/* ------------------------------------------------------------ */
/**
* Set the value of the _wantClientAuth property. This property is used
* internally when opening server sockets.
*
* @param wantClientAuth true if we want client certificate authentication.
* @see SSLServerSocket#setWantClientAuth
* @deprecated
*/
@Deprecated
public void setWantClientAuth(boolean wantClientAuth)
{
_sslContextFactory.setWantClientAuth(wantClientAuth);
}
/* ------------------------------------------------------------ */
/**
* Set the time in milliseconds for so_timeout during ssl handshaking
* @param msec a non-zero value will be used to set so_timeout during
* ssl handshakes. A zero value means the maxIdleTime is used instead.
*/
public void setHandshakeTimeout (int msec)
{
_handshakeTimeout = msec;
}
/* ------------------------------------------------------------ */
public int getHandshakeTimeout ()
{
return _handshakeTimeout;
}
/* ------------------------------------------------------------ */
public class SslConnectorEndPoint extends ConnectorEndPoint
{
public SslConnectorEndPoint(Socket socket) throws IOException
{
super(socket);
}
@Override
public void shutdownOutput() throws IOException
{
close();
}
@Override
public void shutdownInput() throws IOException
{
close();
}
@Override
public void run()
{
try
{
int handshakeTimeout = getHandshakeTimeout();
int oldTimeout = _socket.getSoTimeout();
if (handshakeTimeout > 0)
_socket.setSoTimeout(handshakeTimeout);
final SSLSocket ssl=(SSLSocket)_socket;
ssl.addHandshakeCompletedListener(new HandshakeCompletedListener()
{
boolean handshook=false;
public void handshakeCompleted(HandshakeCompletedEvent event)
{
if (handshook)
{
if (!_sslContextFactory.isAllowRenegotiate())
{
LOG.warn("SSL renegotiate denied: "+ssl);
try{ssl.close();}catch(IOException e){LOG.warn(e);}
}
}
else
handshook=true;
}
});
ssl.startHandshake();
if (handshakeTimeout>0)
_socket.setSoTimeout(oldTimeout);
super.run();
}
catch (SSLException e)
{
LOG.debug(e);
try{close();}
catch(IOException e2){LOG.ignore(e2);}
}
catch (IOException e)
{
LOG.debug(e);
try{close();}
catch(IOException e2){LOG.ignore(e2);}
}
}
}
/* ------------------------------------------------------------ */
/**
* Unsupported.
*
* TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)
* @deprecated
*/
@Deprecated
public String getAlgorithm()
{
throw new UnsupportedOperationException();
}
/* ------------------------------------------------------------ */
/**
* Unsupported.
*
* TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)
* @deprecated
*/
@Deprecated
public void setAlgorithm(String algorithm)
{
throw new UnsupportedOperationException();
}
}