本文介绍了jetty 9:设置最基本的SSL / https的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

注意:如果您想查看此演示应用的行为,请访问www.collaborativepowernowinternational.us。在这里,选择testssl.PersonController,你可以创建一个人。然后去编辑指定SSL通道的人员,这会给出重定向循环。

看起来Jetty 9似乎还有更多配置项目进入start.ini文件,我有9.05版本。



为了测试最基本的SSL / https,我取消了start.ini中的以下几行注释:

 #========================== ================================= 
#SSL上下文
#创建密钥存储和信任存储以供
使用#HTTPS和SPDY
#--------------------------------- --------------------------
jetty.keystore = etc / keystore
jetty.keystore.password = OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
jetty.keymanager.password = OBF:1u2u1wml1z7s1z7a1wnl1u2g
jetty.truststore = etc / keystore
jetty.truststore.password = OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
jetty.secure.port = 8443
etc / jetty-ssl.xml

#================================ ===========================
#HTTPS连接器
#必须与jetty-ssl.xml一起使用
#-------------------------------- ---------------------------
jetty.https.port = 8443
etc / jetty-https.xml

没有其他Jetty配置更改。然后,我构建了最基本的Grails应用程序(拥有一个Person类),在其中我设置了某些控制器操作以确保安全,这可以在我的开发计算机上使用较旧的内置Jetty版本(即Grails包含的版本)正常工作。这只需要包含spring-security-core,然后将以下行添加到配置文件中:

  grails.plugins。 springsecurity.secureChannel.definition = [
'/ person / list':'REQUIRES_INSECURE_CHANNEL',
'/ person / delete / **':'REQUIRES_SECURE_CHANNEL',
'/ person / edit / **':'REQUIRES_SECURE_CHANNEL',
'/ person / show':'REQUIRES_INSECURE_CHANNEL'
]

grails.plugins.springsecurity.portMapper.httpPort = 80
grails.plugins.springsecurity.portMapper.httpsPort = 443

当我访问我获得的person / edit动作时浏览器中的重定向循环(在专用的CentOs 6机器上使用已部署的WAR文件到Jetty 9)。这是使用提供的Jetty 9附带的密钥库,只是取消注释start.ini中的行以使用它。



我正在阅读的主要Jetty SSL配置页面是。我不清楚的是,是否足够更新start.ini文件?如果不是的话,那么如何在前一个链接中描述的jetty-https.xml中添加行,即:

  < New id =sslContextFactoryclass =org.eclipse.jetty.util.ssl.SslContextFactory> 
< Set name =KeyStorePath>< Property name =jetty.homedefault =。 />的/ etc /密钥库< /集>
< Set name =KeyStorePassword> OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4< / Set>
< Set name =KeyManagerPassword> OBF:1u2u1wml1z7s1z7a1wnl1u2g< / Set>
< Set name =TrustStorePath>< Property name =jetty.homedefault =。 />的/ etc /密钥库< /集>
< Set name =TrustStorePassword> OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4< / Set>
< / New>

不知道如何添加它们,但它们似乎也是上述start.ini文件行的重复。



你能否帮我解决最基本的Jetty SSL运行问题?非常感谢。




如果不熟悉Grails,可以简单地下载它,然后创建一个域类 - 有一个命令行这个选项。然后给它字段字符串firstName,字符串lastName。然后有命令生成一个控制器并查看它 - 这全部是自动的。然后添加一个弹簧安全核心插件。在本文档的第16/17章中,正如我已经表明的那样,当列出哪些控制器操作是安全的,比如person / edit。

解决方案

您实际上已经有足够的空间来使用我们在Jetty 9.0.6发行版中发布的默认试用密钥存储库中的Jetty部分。



你有以上就足以使SSL在Jetty中工作。我下载了9.0.6发行版,并取消了这些行的注释并且工作正常。那么,我必须进入start.d / demo.ini文件,并使用etc / jetty-ssl.xml和etc / jetty-https.xml删除最后两行,因为它们会运行两次......但我离题了。



如果启动Jetty,您可以导航到 https:// localhost:8443 ,它会抱怨作为一个不受信任的证书,然后加载jetty发布页面。

基于此我可以说这可能是某种类型的grails配置问题,我可悲的是不知道答案也是,对不起。

NOTE: If you want to see the behaviour of this demo app, just go to www.collaborativepowernowinternational.us. Here, select the testssl.PersonController, and you may create a person. Then go and edit the person, where the SSL channel is designated, which will give a redirect loop.

It seems like with Jetty 9 more configuration items went into the start.ini file, I have version 9.05.

In order to test the most basic SSL/https, I am uncommenting the following lines in start.ini:

#===========================================================
# SSL Context
# Create the keystore and trust store for use by
# HTTPS and SPDY
#-----------------------------------------------------------
jetty.keystore=etc/keystore
jetty.keystore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
jetty.keymanager.password=OBF:1u2u1wml1z7s1z7a1wnl1u2g
jetty.truststore=etc/keystore
jetty.truststore.password=OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4
jetty.secure.port=8443
etc/jetty-ssl.xml

#===========================================================
# HTTPS Connector
# Must be used with jetty-ssl.xml
#-----------------------------------------------------------
jetty.https.port=8443
etc/jetty-https.xml

No other Jetty configuration changes. I then built the most basic Grails app (has a Person class) where I set certain controller actions to secure, which works fine on my development machine using an older built in Jetty version (that Grails includes). This is done simply by including spring-security-core and then adding the following lines to a configuration file:

grails.plugins.springsecurity.secureChannel.definition = [
  '/person/list': 'REQUIRES_INSECURE_CHANNEL',
  '/person/delete/**': 'REQUIRES_SECURE_CHANNEL',
  '/person/edit/**': 'REQUIRES_SECURE_CHANNEL',
  '/person/show': 'REQUIRES_INSECURE_CHANNEL'
]

grails.plugins.springsecurity.portMapper.httpPort=80
grails.plugins.springsecurity.portMapper.httpsPort=443

When I access the person/edit action I get a redirect loop in the browser (using deployed WAR file to Jetty 9 on dedicated CentOs 6 machine). This is using the provided keystore that comes with Jetty 9, just uncommenting the lines in start.ini to use it.

The main Jetty SSL configuration page I'm reading is here. What isn't clear to me is, is updating the start.ini file enough? If not, how exactly does one add the lines in jetty-https.xml described in this previous link, i.e. the lines:

 <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
    <Set name="KeyStorePath"><Property name="jetty.home" default="." />/etc/keystore</Set>
    <Set name="KeyStorePassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
    <Set name="KeyManagerPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set>
    <Set name="TrustStorePath"><Property name="jetty.home" default="." />/etc/keystore</Set>
    <Set name="TrustStorePassword">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set>
 </New>

Not sure how to add them, but they also seem a duplicate of the start.ini file lines above.

Can you please help help me get the most basic Jetty SSL running? Thanks much.


If not familiar with Grails, one can simply download it, then create a domain class -- there is a command line option for this. Then give it fields String firstName, String lastName. Then there are commands to generate a controller and views for it -- this is all totally automatic. Then one adds the plugin, spring-security-core. In chapter 16/17 of this doc and as I have shown, when lists which controller actions are secure, such as person/edit.

解决方案

You actually have enough here for just the Jetty portion of this to be working using the default trial keystore we ship in Jetty 9.0.6 distribution.

Simply the blurb you have above is enough to make SSL work within Jetty. I downloaded the 9.0.6 distribution and uncommented those lines and it works. Well, I had to go into the start.d/demo.ini file and remove the last two lines with etc/jetty-ssl.xml and etc/jetty-https.xml because they would get run twice...but I digress.

If you start up Jetty you can navigate to https://localhost:8443 and it will complain about being an untrusted certificate and then load up the jetty distribution page.

Based on that I would say this is likely some sort of grails configuration issue that I sadly don't know the answer too, sorry.

这篇关于jetty 9:设置最基本的SSL / https的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-06 08:23