SSL how to?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL how to?

kevinb
This post was updated on .
Hello-

I am working on a POC and the question has come up can GRIZZLY/Jersey use SSL? I have searched but not found any examples on how to do this. Here is my code below can some one give me some direction? Yes I will post back the working code as always! Thanks!

Kevin


/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package com.frk.mw.trillium;

import com.frk.mw.trillium.factory.*;

import com.sun.jersey.api.container.grizzly2.GrizzlyWebContainerFactory;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.glassfish.grizzly.http.server.HttpServer;

import javax.ws.rs.core.UriBuilder;
import java.io.IOException;
import java.net.URI;
import java.util.HashMap;
import java.util.Map;
import org.glassfish.grizzly.http.server.StaticHttpHandler;
import pkgs.natives.TrilTGenClient;


public class TrilliumServer {

    /**
     * @param args the command line arguments
     */
    private static URI getBaseURI() {
        return UriBuilder.fromUri("http://localhost/").port(8080).build();
    }
    public static final URI BASE_URI = getBaseURI();

    protected static HttpServer startServer() throws IOException {
        final Map<String, String> initParams = new HashMap<String, String>();

        initParams.put("com.sun.jersey.config.property.packages",
                "com.frk.mw.trillium");

        System.out.println("Starting grizzly...");

        return GrizzlyWebContainerFactory.create(BASE_URI, initParams);
    }

    public static void main(String[] args) throws IOException {

        TrilTGenClient TrilTGenClient = TrilClientCacheFactory.getCacheInstance();            

        HttpServer httpServer = startServer();

        httpServer.getServerConfiguration().addHttpHandler(new StaticHttpHandler("C:\\Projects\\MWTrilliumPOC\\www\\"), "/main");
        httpServer.getServerConfiguration().addHttpHandler(new StaticHttpHandler("C:\\Projects\\MWTrilliumPOC\\www\\js\\"), "/main");

        System.out.println(String.format("Jersey app started with WADL available at "
                + "%sapplication.wadl\nHit enter to stop it...",
                BASE_URI, BASE_URI));
        System.in.read();

        httpServer.stop();
    }
}
Reply | Threaded
Open this post in threaded view
|

Re: SSL how to?

Ryan Lubke-2
Jersey has a sample on doing this.

Have you reviewed:  
https://svn.java.net/svn/jersey~svn/trunk/jersey/samples/https-clientserver-grizzly

?

-rl

On 1/6/12 3:32 PM, kevinb wrote:

> Hello-
>
> I am working on a POC and the question has come up can GRIZZLY/Jersey use
> SSL? I have searched but not found any examples on how to do this. Here is
> my code below can some one give me some direction? Yes I will post back the
> working code as always! Thanks!
>
> Kevin
>
>
> /*
>   * To change this template, choose Tools | Templates
>   * and open the template in the editor.
>   */
> package com.frk.mw.trillium;
>
> import com.frk.mw.trillium.factory.*;
>
> import com.sun.jersey.api.container.grizzly2.GrizzlyWebContainerFactory;
> import java.util.logging.Level;
> import java.util.logging.Logger;
> import org.glassfish.grizzly.http.server.HttpServer;
>
> import javax.ws.rs.core.UriBuilder;
> import java.io.IOException;
> import java.net.URI;
> import java.util.HashMap;
> import java.util.Map;
> import org.glassfish.grizzly.http.server.StaticHttpHandler;
> import pkgs.natives.TrilTGenClient;
>
> /**
>   *
>   * @author kbrisso
>   */
> public class TrilliumServer {
>
>      /**
>       * @param args the command line arguments
>       */
>      private static URI getBaseURI() {
>          return UriBuilder.fromUri("http://localhost/").port(8080).build();
>      }
>      public static final URI BASE_URI = getBaseURI();
>
>      protected static HttpServer startServer() throws IOException {
>          final Map<String, String>  initParams = new HashMap<String,
> String>();
>
>          initParams.put("com.sun.jersey.config.property.packages",
>                  "com.frk.mw.trillium");
>
>          System.out.println("Starting grizzly...");
>
>          return GrizzlyWebContainerFactory.create(BASE_URI, initParams);
>      }
>
>      public static void main(String[] args) throws IOException {
>
>          TrilTGenClient TrilTGenClient =
> TrilClientCacheFactory.getCacheInstance();
>
>          HttpServer httpServer = startServer();
>
>          httpServer.getServerConfiguration().addHttpHandler(new
> StaticHttpHandler("C:\\Projects\\MWTrilliumPOC\\www\\"), "/main");
>          httpServer.getServerConfiguration().addHttpHandler(new
> StaticHttpHandler("C:\\Projects\\MWTrilliumPOC\\www\\js\\"), "/main");
>
>          System.out.println(String.format("Jersey app started with WADL
> available at "
>                  + "%sapplication.wadl\nHit enter to stop it...",
>                  BASE_URI, BASE_URI));
>          System.in.read();
>
>          httpServer.stop();
>      }
> }
>
>
> --
> View this message in context: http://grizzly.1045725.n5.nabble.com/SSL-how-to-tp5126906p5126906.html
> Sent from the Grizzly - Users mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|

Re: SSL how to?

kevinb
This example shows with this GrizzlyWebServer, is there a way to use the GrizzlyWebContainerFactory?
Reply | Threaded
Open this post in threaded view
|

Re: SSL how to?

Ryan Lubke-2
On 1/6/12 8:23 PM, kevinb wrote:
This example shows with this GrizzlyWebServer, is there a way to use the
GrizzlyWebContainerFactory?

Once you have the HttpServer instance, you can make the associated listener(s) secure.

For example:

// -----------------------------------------------------

HttpServer server = ... <Jersey stuff to get the HttpServer instance> ...

server.stop(); // might consider logging a feature request to obtain a server that isn't started
                     // or expose ssl related methods for creating secure containers.

SSLContextConfigurator sslContext = new SSLContextConfigurator(); 
sslContext.setKeyStoreFile("<path to keystore>");
sslContext.setKeyStorePass("<password>");
sslContext.setTrustStoreFile("<path to truststore>");
sslContext.setTrustStorePass("<password>");

for (NetworkListener listener : server.getListeners()) {
    listener.setSecure(true);
    listener.setSSLEngineConfig(
new SSLEngineConfigurator(sslContext).setClientMode(false).setNeedClientAuth(true));
}

... <other init stuff> ...

server.start();

// ------------------------------------------------------

Given that Jersey is going to be making changes to support 2.2, now would be a good time to log a feature
request for creating a secure container without having to try the above.


Reply | Threaded
Open this post in threaded view
|

Re: SSL how to?

oleksiys
Administrator
In reply to this post by kevinb
Hi Kevin,

I talked to Pavel from Jersey team,
he asked to file enhancement request for Jersey and assign it to him.

Thanks.

WBR,
Alexey.

On 01/07/2012 05:23 AM, kevinb wrote:
> This example shows with this GrizzlyWebServer, is there a way to use the
> GrizzlyWebContainerFactory?
>
> --
> View this message in context: http://grizzly.1045725.n5.nabble.com/SSL-how-to-tp5126906p5127174.html
> Sent from the Grizzly - Users mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|

Re: SSL how to?

kevinb
In reply to this post by Ryan Lubke-2
Hi Ryan,

Thanks for the help and the code example.

Below is how I am creating the web server. One question I have is; can the create method take "https" as the URI? It looks like the javadoc states this "The URI scheme must be equal to http"



private static URI getBaseURI() {

        return UriBuilder.fromUri("https://localhost/").port(4463).build();
    }
    public static final URI BASE_URI = getBaseURI();

    protected static HttpServer startServer() throws IOException {
        final Map<String, String> initParams = new HashMap<String, String>();

        initParams.put("com.sun.jersey.config.property.packages",
                "com.frk.mw.trillium");

        System.out.println("Starting grizzly...");      


        return GrizzlyWebContainerFactory.create(BASE_URI, initParams);

    }


Many thanks to all of you for help!

Kevin
Reply | Threaded
Open this post in threaded view
|

Re: SSL how to?

kevinb
Here is my update and some code that I did get working. I used the keys and code provided with the sample link in this thread. I modified the code so it does not use the SecurityFilter.java. The code below will allow SSL connections to the Jersey/REST and the static HTML files that I use. I verified this with WireShark.

Thanks Everyone for your help!

package com.frk.mw.trillium;
       
import com.sun.jersey.api.container.grizzly2.GrizzlyServerFactory;
import com.sun.jersey.api.core.ResourceConfig;
//import com.sun.jersey.samples.https_grizzly.auth.SecurityFilter;
import com.sun.jersey.spi.container.servlet.ServletContainer;
import org.glassfish.grizzly.http.server.HttpServer;
import org.glassfish.grizzly.servlet.ServletHandler;
import org.glassfish.grizzly.ssl.SSLContextConfigurator;
import org.glassfish.grizzly.ssl.SSLEngineConfigurator;
import org.glassfish.grizzly.http.server.StaticHttpHandler;

import javax.ws.rs.core.UriBuilder;
import java.io.IOException;
import java.net.URI;
import pkgs.natives.TrilTGenClient;
import com.frk.mw.trillium.factory.*;


public class Server {

    private static HttpServer webServer;

    public static final URI BASE_URI = getBaseURI();
    public static final String CONTENT = "JERSEY HTTPS EXAMPLE\n";

    private static URI getBaseURI() {
       
         
        return UriBuilder.fromUri("https://localhost/").port(getPort(443)).build();
    }

    private static int getPort(int defaultPort) {
        String port = System.getProperty("jersey.test.port");
        if (null != port) {
            try {
                return Integer.parseInt(port);
            } catch (NumberFormatException e) {
            }
        }
        return defaultPort;
    }

    protected static void startServer() {

        // add Jersey resource servlet

        ServletHandler jerseyAdapter = new ServletHandler();
        jerseyAdapter.addInitParameter("com.sun.jersey.config.property.packages", "com.frk.mw.trillium");
        jerseyAdapter.setContextPath("/");
        jerseyAdapter.setServletInstance(new ServletContainer());

        // add security filter (which handles http basic authentication)

        //jerseyAdapter.addInitParameter(ResourceConfig.PROPERTY_CONTAINER_REQUEST_FILTERS, SecurityFilter.class.getName());

        // Grizzly ssl configuration

        SSLContextConfigurator sslContext = new SSLContextConfigurator();
       
        // set up security context
        sslContext.setKeyStoreFile("C:\\Projects\\MWTrilliumPOC\\keys\\keystore_server"); // contains server keypair
        sslContext.setKeyStorePass("asdfgh");
        sslContext.setTrustStoreFile("C:\\Projects\\MWTrilliumPOC\\keys\\truststore_server"); // contains client certificate
        sslContext.setTrustStorePass("asdfgh");

        try {

            webServer = GrizzlyServerFactory.createHttpServer(
                    getBaseURI(),
                    jerseyAdapter,
                    true,
                    new SSLEngineConfigurator(sslContext).setClientMode(false).setNeedClientAuth(false)
            );
           
           
            webServer.getServerConfiguration().addHttpHandler(new StaticHttpHandler("C:\\Projects\\MWTrilliumPOC\\www\\"), "/main");
            webServer.getServerConfiguration().addHttpHandler(new StaticHttpHandler("C:\\Projects\\MWTrilliumPOC\\www\\js\\"), "/main");


            // start Grizzly embedded server //
            System.out.println("Jersey app started. Try out " + BASE_URI + "\nHit CTRL + C to stop it...");
            webServer.start();

        } catch (Exception ex) {
            System.out.println(ex.getMessage());
        }
    }

    protected static void stopServer() {
        webServer.stop();
    }

    public static void main(String[] args) throws InterruptedException, IOException {
       
       TrilTGenClient TrilTGenClient = TrilClientCacheFactory.getCacheInstance();
       
        startServer();

        System.in.read();
    }
}