Our java application presently uses SSL for communication between client and server using https. Customer requested if an upgrade can be done to TLS and if they can use both TLS and SSL at different locations. I cant understand clearly how to answer their questions or how to proceed.
jetty-ssl.xml file is as follows :
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd">
<!-- =============================================================== -->
<!-- Configure SSL for the Jetty Server -->
<!-- this configuration file should be used in combination with -->
<!-- other configuration files. e.g. -->
<!-- java -jar start.jar etc/jetty.xml etc/jetty-ssl.xml -->
<!-- =============================================================== -->
<Configure id="Server" class="org.mortbay.jetty.Server">
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.security.SslSocketConnector">
<Set name="Port">8443</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="handshakeTimeout">2000</Set>
<Set name="keystore">/xservices-config/keystore</Set>
<Set name="password">password</Set>
<Set name="keyPassword">password</Set>
<Set name="truststore">/keystore</Set>
<Set name="trustPassword">password</Set>
<Set name="handshakeTimeout">2000</Set>
<!-- Set name="ThreadPool">
<New class="org.mortbay.thread.BoundedThreadPool">
<Set name="minThreads">10</Set>
<Set name="maxThreads">250</Set>
</New>
</Set -->
</New>
</Arg>
</Call>
</Configure>
Please let me know how to implement it.
Are you sure you need to "enable" this? I just went back at the jetty documentation and figured, as long as you don't exclude a protocol, you're allowing them all. Check your installation either with a local tool (sslscan, nmap, etc.) or a web application (e.g. from Qualys or COMODO).
If you find with the above analysis that you don't have the versions running, you could use an Apache webserver as HTTPS end-point and mod_proxy the content to jetty.
If that above is your SSL configuration for jetty, I strongly recommend you to harden it! Exclude legacy SSL protocols (e.g. SSLv2) and weak ciphers! As others have mentioned SSLv3 is actually legacy as well and not recommended anymore. In your position, I would get back to your client and check why he wants to have SSLv3 running. Unless he isn't expecting connections from dead old systems (e.g. Win XP with IE), there is not much of a reason to have SSLv3 running. However, if he does not know who is connecting to his page with what browsers, have a look at the logs. If the logs don't show an indication of the web browser used to connect to the application, I strongly recommend to enable it, run it for a period and then take a decision.
Related
So, I am starting up Jetty using the Spring Context, in a standalone java application.
The deployment environment however uses an Apache server for load balancing Web requests to different instances of this application.
Unfortunately, I don't know much about Apache Load Balancing, however things are made simpler for me, and all I have to do is define a 'worker name' for the Jetty instance, probably in the Spring Context file; can anyone help me do this ?
I am shown the below configuration where I should probably be matching the 'jetty2' worker name in my Jetty configuration found in the spring context xml file:
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="sessionHandler">
<Get name="sessionManager">
<Call name="setIdManager">
<Arg>
<New class="org.eclipse.jetty.server.session.HashSessionIdManager">
<Set name="WorkerName">jetty2</Set>
</New>
</Arg>
</Call>
</Get>
</Get>
</Configure>
readI'm trying to configure CGI (for perl scripts) on Jetty 9.1.5.v20140505, Windows 7. When trying solutions from the inet always getting errors that those functions/methods wouldn't be exist.
Example: http://67-23-9-112.static.slicehost.net/faq?s=900-Content&t=CGI
Adding what they are telling me, getting:
2014-05-22 13:08:09.137:WARN:oejx.XmlConfiguration:main: Config error at <Call name="addContext"><Ar
g>C:\jetty\webapps\app1\cgi-bin\*</Arg><Set name="ResourceBase">C:\jetty\webapps\app1</Set><Set name
="ServingDynamicServlets">TRUE</Set><Call name="addServlet"><Arg>Common Gateway Interface</Arg><Arg>
/</Arg><Arg>com.mortbay.Servlet.CGI</Arg><Put name="Path">/usr/local/bin:/usr/ucb:/bin:/usr/bin</Put
></Call></Call> java.lang.IllegalStateException: No Method: <Call name="addContext"><Arg>C:\jetty\we
bapps\app1\cgi-bin\*</Arg><Set name="ResourceBase">C:\jetty\webapps\app1</Set><Set name="ServingDyna
micServlets">TRUE</Set><Call name="addServlet"><Arg>Common Gateway Interface</Arg><Arg>/</Arg><Arg>c
om.mortbay.Servlet.CGI</Arg><Put name="Path">/usr/local/bin:/usr/ucb:/bin:/usr/bin</Put></Call></Cal
l> on class org.eclipse.jetty.server.Server in file:/C:/jetty/etc/jetty.x
I read an article where a guy said this would be the way for jetty 5 but not for 9. I'm researching for 9 and even in the documentation of jetty 9 I cant find anything about it. http://www.eclipse.org/jetty/documentation/9.1.5.v20140505/cgi-servlet.html doesnt tell me how to configure this jetty ...
Can you guys please help me out :(
Thanks in advice
I able to run Perl scripts like:
print "Content-type: text/html\n\n";
foreach $key (keys %ENV) {
print "$key --> $ENV{$key}<br>";
}
with this perl.xml in my webapps folder:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure class="org.eclipse.jetty.servlet.ServletContextHandler">
<Set name="contextPath">/perl</Set>
<Set name="resourceBase">F:\perl_scripts</Set>
<Call name="addServlet">
<Arg>org.eclipse.jetty.servlets.CGI</Arg>
<Arg>*.pl</Arg>
<Call name="setInitParameter">
<Arg>commandPrefix</Arg>
<Arg>C:\Perl64\bin\perl.exe</Arg>
</Call>
<Call name="setInitParameter">
<Arg>Path</Arg>
<Arg>F:\perl_scripts</Arg>
</Call>
</Call>
</Configure>
Hope this helps.
I'm developing a web application and I run Jetty as the development and testing environment when I develop under Eclipse.
When I make changes to Java classes, Eclipse automatically compiles them to the build directory, but Jetty won't see the changes until I stop and start the server. I know that Jetty supports "hot deployment" using ContextDeployer that will refresh updated application contexts, but it relies on a context file in a context directory being updated - which is not very useful in my case.
Is there a way to set up Jetty so that it will reload the web app when any of the classes it uses is updated?
My current jetty.xml looks something like this:
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Set name="ThreadPool"><!-- bla bla --></Set>
<Call name="addConnector"><!-- bla bla --></Call>
<Set name="handler">
<New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection">
<Set name="handlers">
<Array type="org.eclipse.jetty.server.Handler">
<Item>
<New id="webapp" class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="displayName">My Web App</Set>
<Set name="resourceBase">src/main/webapp</Set>
<Set name="descriptor">src/main/webapp/WEB-INF/web.xml</Set>
<Set name="contextPath">/mywebapp</Set>
</New>
</Item>
<Item>
<New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"/>
</Item>
</Array>
</Set>
</New>
</Set>
</Configure>
We have not found a way of doing this (aside from implementing our own version of the org.eclipse.jetty.deploy.providers.WebAppProvider).
We have configured jetty to hot deploy webapps from the webapps folder (property monitoredDirName of the WebappDeployer).
Then to hot deploy, I recreate my link in this folder to the src/main/webapp folder of my Eclipse project. The linked must be suffixed .war.
Not really automatic but good enough and avoids a Jetty restart.
If you go the route of re-implementing a WebappDeployer, I would not monitor the changes in .class files - they change too much when compiled by Eclipse, particularly in the case of automatic builds. I would implement a 'Tomcat like' solution by monitoring changes to the web.xml file. Then a dummy change saved to this file from Eclipse would trigger a redeployment.
It is also possible to configure your jetty app with maven and starting periodical builds with Jenkins (even every couple of seconds, depending on the maschine you are working on)
I have used Jetty in the past but I have little experience with jWebSocket. I would like to add to my current program, which uses the Jetty libraries, and make it also support WebSocket connections though port 80. I have read it can be done but find little to no source or examples to read about it. Any help is appreciated.
I am currently working on the same thing, and so far I have found their task for this on Google Code:
http://code.google.com/p/jwebsocket/issues/detail?id=76
This was posted back in April of 2011:
"There's a separate project jWebSocketJetty available now in the Downloads / Nightly Build Section of jWebSocket.org now."
If you pull up the web.xml from that project, it looks like they've gotten their jwebsocket servlet working with jetty. I'll be looking into this more tomorrow.
You have to modify two configuration files to run jWebSocket on jetty using port 80.
1:- Modify your jWebSocket.xml and add jetty engine entry at top of engine section of xml.
<engines>
<engine>
<name>org.jwebsocket.jetty.JettyEngine</name>
.
.
</engine>
</engines>
You can delete all other engine entries.
2:- Modify jetty.xml. This file can be located at jWebSocketJetty\src\main\resources folder.
Modify first connector entry and set jetty.port property to 80.
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
<Set name="host">
<Property name="jetty.host" />
</Set>
<!-- Jetty default -->
<!--
<Set name="port">
<Property name="jetty.port" default="80"/>
</Set>
-->
<!-- jWebSocket default, can be changed to 80 -->
<!-- but consider to update jWebSocket.js accordingly! -->
<Set name="port">
<Property name="jetty.port" default="80"/>
</Set>
<Set name="maxIdleTime">300000</Set>
<Set name="Acceptors">2</Set>
<Set name="statsOn">false</Set>
<Set name="confidentialPort">443</Set>
<Set name="lowResourcesConnections">20000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
<Set name="responseBufferSize">65536</Set>
</New>
</Arg>
</Call>
I don't know, because I haven't used it, but would their JettyServlet would work?
Two questions on configuring the jetty ant task
to get jetty to listen on a different port, I'm doing this in the jetty.xml:
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.nio.SelectChannelConnector">
<Set name="port"><SystemProperty name="jetty.port" default="9080"/></Set>
</New>
</Arg>
</Call>
and referencing this in the ant script, e.g.
<jetty tempDirectory="..." jettyXml="...jetty.xml">
Unfortunately this simply gets jetty to load both 9080 and 8080. How do I get jetty to not require 8080?
Second question - does the jetty task support forking the jetty process, or do I have to do that with a direct ant exec instead of using the jetty plugin?
Nevermind. For anyone stuck with the same issue, it can be solved like this:
<jetty tempDirectory="...">
<connectors>
<selectChannelConnector port="9999" />
</connectors>
</jetty>
The jetty.xml is removed, calling that adds the referenced port rather than replacing. Similar to the syntax
< systemProperties>
<systemProperty name="jetty.port" value="9181"/>
</systemProperties>
which replaces the port referenced in the jetty xml but adds to instead of overwriting the default port.