Two questions on configuring the jetty ant task
to get jetty to listen on a different port, I'm doing this in the jetty.xml:
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.nio.SelectChannelConnector">
<Set name="port"><SystemProperty name="jetty.port" default="9080"/></Set>
</New>
</Arg>
</Call>
and referencing this in the ant script, e.g.
<jetty tempDirectory="..." jettyXml="...jetty.xml">
Unfortunately this simply gets jetty to load both 9080 and 8080. How do I get jetty to not require 8080?
Second question - does the jetty task support forking the jetty process, or do I have to do that with a direct ant exec instead of using the jetty plugin?
Nevermind. For anyone stuck with the same issue, it can be solved like this:
<jetty tempDirectory="...">
<connectors>
<selectChannelConnector port="9999" />
</connectors>
</jetty>
The jetty.xml is removed, calling that adds the referenced port rather than replacing. Similar to the syntax
< systemProperties>
<systemProperty name="jetty.port" value="9181"/>
</systemProperties>
which replaces the port referenced in the jetty xml but adds to instead of overwriting the default port.
Related
So, I am starting up Jetty using the Spring Context, in a standalone java application.
The deployment environment however uses an Apache server for load balancing Web requests to different instances of this application.
Unfortunately, I don't know much about Apache Load Balancing, however things are made simpler for me, and all I have to do is define a 'worker name' for the Jetty instance, probably in the Spring Context file; can anyone help me do this ?
I am shown the below configuration where I should probably be matching the 'jetty2' worker name in my Jetty configuration found in the spring context xml file:
<Configure class="org.eclipse.jetty.webapp.WebAppContext">
<Get name="sessionHandler">
<Get name="sessionManager">
<Call name="setIdManager">
<Arg>
<New class="org.eclipse.jetty.server.session.HashSessionIdManager">
<Set name="WorkerName">jetty2</Set>
</New>
</Arg>
</Call>
</Get>
</Get>
</Configure>
Our java application presently uses SSL for communication between client and server using https. Customer requested if an upgrade can be done to TLS and if they can use both TLS and SSL at different locations. I cant understand clearly how to answer their questions or how to proceed.
jetty-ssl.xml file is as follows :
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" "http://jetty.mortbay.org/configure.dtd">
<!-- =============================================================== -->
<!-- Configure SSL for the Jetty Server -->
<!-- this configuration file should be used in combination with -->
<!-- other configuration files. e.g. -->
<!-- java -jar start.jar etc/jetty.xml etc/jetty-ssl.xml -->
<!-- =============================================================== -->
<Configure id="Server" class="org.mortbay.jetty.Server">
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.security.SslSocketConnector">
<Set name="Port">8443</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="handshakeTimeout">2000</Set>
<Set name="keystore">/xservices-config/keystore</Set>
<Set name="password">password</Set>
<Set name="keyPassword">password</Set>
<Set name="truststore">/keystore</Set>
<Set name="trustPassword">password</Set>
<Set name="handshakeTimeout">2000</Set>
<!-- Set name="ThreadPool">
<New class="org.mortbay.thread.BoundedThreadPool">
<Set name="minThreads">10</Set>
<Set name="maxThreads">250</Set>
</New>
</Set -->
</New>
</Arg>
</Call>
</Configure>
Please let me know how to implement it.
Are you sure you need to "enable" this? I just went back at the jetty documentation and figured, as long as you don't exclude a protocol, you're allowing them all. Check your installation either with a local tool (sslscan, nmap, etc.) or a web application (e.g. from Qualys or COMODO).
If you find with the above analysis that you don't have the versions running, you could use an Apache webserver as HTTPS end-point and mod_proxy the content to jetty.
If that above is your SSL configuration for jetty, I strongly recommend you to harden it! Exclude legacy SSL protocols (e.g. SSLv2) and weak ciphers! As others have mentioned SSLv3 is actually legacy as well and not recommended anymore. In your position, I would get back to your client and check why he wants to have SSLv3 running. Unless he isn't expecting connections from dead old systems (e.g. Win XP with IE), there is not much of a reason to have SSLv3 running. However, if he does not know who is connecting to his page with what browsers, have a look at the logs. If the logs don't show an indication of the web browser used to connect to the application, I strongly recommend to enable it, run it for a period and then take a decision.
On Jetty's main project page compatibility with JASPI (JASPIC/JSR 196) is mentioned.
However, the distribution of Jetty 8 does not seem to contain any classes related to JASPI. There's a jetty-security-8.1.8.v20121106.jar jar in [jetty home]/lib, but this one does not contain any of the JASPIC/JASPI types.
The documentation about JASPIC/JASPI on the Jetty wiki is only a placeholder and does not contain any information.
After some Googling I found JavaDocs on the Eclipse site and discovered there should be a jetty-jaspi-8.1.8.v20121106.jar somewhere. Those JavaDocs are included in the distribution as well. Finally, a jetty-jaspi repo appears at Github.
Obviously there is some amount of support available, but why are those classes seemingly not present in the Jetty distribution and where is the documentation on how to configure this? What am I missing?
This project (https://github.com/guofengzh/jaspi-on-jetty) is a working example of the JASPI API in jetty that uses geronimo-jaspi which in turn calls back to the jetty-jaspi modules for the authentication. Geronimo seems to be providing the configuration mechanism and jetty the authentication modules themselves in this example.
It seems as though you can select a form, digest or basic authentication methods. A quick test of the form based login has shown it appears to function.
The Jaspi authentication factory is setup in jetty-web.xml like so:
<Set name="securityHandler">
<New class="org.eclipse.jetty.security.ConstraintSecurityHandler">
<Set name="loginService">
<New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<Set name="name">JAASRealm</Set>
<Set name="loginModuleName">jaas</Set>
</New>
</Set>
<Set name="authenticatorFactory">
<New class="org.eclipse.jetty.security.jaspi.JaspiAuthenticatorFactory" />
</Set>
</New>
</Set>
And the jaspi configuration file is referenced via a system property in the pom.xml file:
<systemProperty>
<name>org.apache.geronimo.jaspic.configurationFile</name>
<value>./conf/jaspi/form-test-jaspi-2.xml</value>
</systemProperty>
Additionally, the jaspi library you mentioned is added as a dependency in the pom, along with the geronimo jaspi implementation:
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-jaspi</artifactId>
<version>${jetty.version}</version>
</dependency>
<dependency>
<groupId>org.apache.geronimo.components</groupId>
<artifactId>geronimo-jaspi</artifactId>
<version>2.0.0</version>
</dependency>
I have also been unable to find documenation on the topic. It seems as though the jetty-jaspi module is not one of the standard start options, but could be added to the ${jetty.home/lib/ext} directory (see Jetty classloading).
I'm developing a web application and I run Jetty as the development and testing environment when I develop under Eclipse.
When I make changes to Java classes, Eclipse automatically compiles them to the build directory, but Jetty won't see the changes until I stop and start the server. I know that Jetty supports "hot deployment" using ContextDeployer that will refresh updated application contexts, but it relies on a context file in a context directory being updated - which is not very useful in my case.
Is there a way to set up Jetty so that it will reload the web app when any of the classes it uses is updated?
My current jetty.xml looks something like this:
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Set name="ThreadPool"><!-- bla bla --></Set>
<Call name="addConnector"><!-- bla bla --></Call>
<Set name="handler">
<New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection">
<Set name="handlers">
<Array type="org.eclipse.jetty.server.Handler">
<Item>
<New id="webapp" class="org.eclipse.jetty.webapp.WebAppContext">
<Set name="displayName">My Web App</Set>
<Set name="resourceBase">src/main/webapp</Set>
<Set name="descriptor">src/main/webapp/WEB-INF/web.xml</Set>
<Set name="contextPath">/mywebapp</Set>
</New>
</Item>
<Item>
<New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"/>
</Item>
</Array>
</Set>
</New>
</Set>
</Configure>
We have not found a way of doing this (aside from implementing our own version of the org.eclipse.jetty.deploy.providers.WebAppProvider).
We have configured jetty to hot deploy webapps from the webapps folder (property monitoredDirName of the WebappDeployer).
Then to hot deploy, I recreate my link in this folder to the src/main/webapp folder of my Eclipse project. The linked must be suffixed .war.
Not really automatic but good enough and avoids a Jetty restart.
If you go the route of re-implementing a WebappDeployer, I would not monitor the changes in .class files - they change too much when compiled by Eclipse, particularly in the case of automatic builds. I would implement a 'Tomcat like' solution by monitoring changes to the web.xml file. Then a dummy change saved to this file from Eclipse would trigger a redeployment.
It is also possible to configure your jetty app with maven and starting periodical builds with Jenkins (even every couple of seconds, depending on the maschine you are working on)
I have used Jetty in the past but I have little experience with jWebSocket. I would like to add to my current program, which uses the Jetty libraries, and make it also support WebSocket connections though port 80. I have read it can be done but find little to no source or examples to read about it. Any help is appreciated.
I am currently working on the same thing, and so far I have found their task for this on Google Code:
http://code.google.com/p/jwebsocket/issues/detail?id=76
This was posted back in April of 2011:
"There's a separate project jWebSocketJetty available now in the Downloads / Nightly Build Section of jWebSocket.org now."
If you pull up the web.xml from that project, it looks like they've gotten their jwebsocket servlet working with jetty. I'll be looking into this more tomorrow.
You have to modify two configuration files to run jWebSocket on jetty using port 80.
1:- Modify your jWebSocket.xml and add jetty engine entry at top of engine section of xml.
<engines>
<engine>
<name>org.jwebsocket.jetty.JettyEngine</name>
.
.
</engine>
</engines>
You can delete all other engine entries.
2:- Modify jetty.xml. This file can be located at jWebSocketJetty\src\main\resources folder.
Modify first connector entry and set jetty.port property to 80.
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
<Set name="host">
<Property name="jetty.host" />
</Set>
<!-- Jetty default -->
<!--
<Set name="port">
<Property name="jetty.port" default="80"/>
</Set>
-->
<!-- jWebSocket default, can be changed to 80 -->
<!-- but consider to update jWebSocket.js accordingly! -->
<Set name="port">
<Property name="jetty.port" default="80"/>
</Set>
<Set name="maxIdleTime">300000</Set>
<Set name="Acceptors">2</Set>
<Set name="statsOn">false</Set>
<Set name="confidentialPort">443</Set>
<Set name="lowResourcesConnections">20000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
<Set name="responseBufferSize">65536</Set>
</New>
</Arg>
</Call>
I don't know, because I haven't used it, but would their JettyServlet would work?