root
/
spring-boot
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Polish

Browse Source
pull/1284/merge
Phillip Webb 10 years ago
parent 14c6243637
commit da5c36c3a9
6 changed files with 100 additions and 67 deletions
Show Stats Download Patch File Download Diff File

2
spring-boot-actuator/src/test/java/org/springframework/boot/actuate/health/MongoHealthIndicatorTests.java
Unescape Escape View File

@ -36,7 +36,7 @@ import static org.junit.Assert.assertTrue;
/** /**
* Tests for {@link MongoHealthIndicator}. * Tests for {@link MongoHealthIndicator}.
* *
* @author Christian Dupuis * @author Christian Dupuis
*/ */
public class MongoHealthIndicatorTests { public class MongoHealthIndicatorTests {

2
spring-boot-docs/src/main/asciidoc/howto.adoc
Unescape Escape View File

@ -387,6 +387,8 @@ and then inject the actual (``local'') port as a `@Value`. For example:
} }
---- ----
[[howto-configure-ssl]] [[howto-configure-ssl]]
=== Configure SSL === Configure SSL
SSL can be configured declaratively by setting the various `server.ssl.*` properties, SSL can be configured declaratively by setting the various `server.ssl.*` properties,

1
spring-boot-samples/spring-boot-sample-tomcat-ssl/src/main/java/sample/tomcat/SampleTomcatSslApplication.java
Unescape Escape View File

@ -31,4 +31,5 @@ public class SampleTomcatSslApplication {
public static void main(String[] args) throws Exception { public static void main(String[] args) throws Exception {
SpringApplication.run(SampleTomcatSslApplication.class, args); SpringApplication.run(SampleTomcatSslApplication.class, args);
} }
} }

10
spring-boot/src/main/java/org/springframework/boot/context/embedded/AbstractConfigurableEmbeddedServletContainer.java
Unescape Escape View File

@ -244,11 +244,6 @@ public abstract class AbstractConfigurableEmbeddedServletContainer implements
return this.registerDefaultServlet; return this.registerDefaultServlet;
} }
@Override
public void setJspServletClassName(String jspServletClassName) {
this.jspServletClassName = jspServletClassName;
}
@Override @Override
public void setSsl(Ssl ssl) { public void setSsl(Ssl ssl) {
this.ssl = ssl; this.ssl = ssl;
@ -258,6 +253,11 @@ public abstract class AbstractConfigurableEmbeddedServletContainer implements
return this.ssl; return this.ssl;
} }
@Override
public void setJspServletClassName(String jspServletClassName) {
this.jspServletClassName = jspServletClassName;
}
/** /**
* @return the JSP servlet class name * @return the JSP servlet class name
*/ */

73
spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java
Unescape Escape View File

@ -19,6 +19,7 @@ package org.springframework.boot.context.embedded.jetty;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.net.URL;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collection; import java.util.Collection;
@ -69,7 +70,7 @@ import org.springframework.util.StringUtils;
* @see JettyEmbeddedServletContainer * @see JettyEmbeddedServletContainer
*/ */
public class JettyEmbeddedServletContainerFactory extends public class JettyEmbeddedServletContainerFactory extends
AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware { AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware {
private List<Configuration> configurations = new ArrayList<Configuration>(); private List<Configuration> configurations = new ArrayList<Configuration>();
@ -115,7 +116,7 @@ AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware {
if (getSsl() != null) { if (getSsl() != null) {
SslContextFactory sslContextFactory = new SslContextFactory(); SslContextFactory sslContextFactory = new SslContextFactory();
configureSslContextFactory(sslContextFactory, getSsl()); configureSsl(sslContextFactory, getSsl());
SslSocketConnector sslConnector = new SslSocketConnector(sslContextFactory); SslSocketConnector sslConnector = new SslSocketConnector(sslContextFactory);
sslConnector.setPort(port); sslConnector.setPort(port);
@ -129,47 +130,65 @@ AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware {
return getJettyEmbeddedServletContainer(server); return getJettyEmbeddedServletContainer(server);
} }
protected void configureSslContextFactory(SslContextFactory sslContextFactory, Ssl ssl) { /**
sslContextFactory.setProtocol(ssl.getProtocol()); * Configure the SSL connection.
* @param factory the Jetty {@link SslContextFactory}.
* @param ssl the ssl details.
*/
protected void configureSsl(SslContextFactory factory, Ssl ssl) {
factory.setProtocol(ssl.getProtocol());
configureSslClientAuth(factory, ssl);
configureSslPasswords(factory, ssl);
factory.setCertAlias(ssl.getKeyAlias());
configureSslKeyStore(factory, ssl);
if (ssl.getCiphers() != null) {
factory.setIncludeCipherSuites(ssl.getCiphers());
}
configureSslTrustStore(factory, ssl);
}
private void configureSslClientAuth(SslContextFactory factory, Ssl ssl) {
if (ssl.getClientAuth() == ClientAuth.NEED) { if (ssl.getClientAuth() == ClientAuth.NEED) {
sslContextFactory.setNeedClientAuth(true); factory.setNeedClientAuth(true);
sslContextFactory.setWantClientAuth(true); factory.setWantClientAuth(true);
} }
else if (ssl.getClientAuth() == ClientAuth.WANT) { else if (ssl.getClientAuth() == ClientAuth.WANT) {
sslContextFactory.setWantClientAuth(true); factory.setWantClientAuth(true);
} }
}
private void configureSslPasswords(SslContextFactory factory, Ssl ssl) {
if (ssl.getKeyStorePassword() != null) { if (ssl.getKeyStorePassword() != null) {
sslContextFactory.setKeyStorePassword(ssl.getKeyStorePassword()); factory.setKeyStorePassword(ssl.getKeyStorePassword());
} }
if (ssl.getKeyPassword() != null) { if (ssl.getKeyPassword() != null) {
sslContextFactory.setKeyManagerPassword(ssl.getKeyPassword()); factory.setKeyManagerPassword(ssl.getKeyPassword());
} }
sslContextFactory.setCertAlias(ssl.getKeyAlias()); }
private void configureSslKeyStore(SslContextFactory factory, Ssl ssl) {
try { try {
sslContextFactory.setKeyStoreResource(Resource.newResource(ResourceUtils URL url = ResourceUtils.getURL(ssl.getKeyStore());
.getURL(ssl.getKeyStore()))); factory.setKeyStoreResource(Resource.newResource(url));
} }
catch (IOException e) { catch (IOException ex) {
throw new EmbeddedServletContainerException("Could not find key store '" throw new EmbeddedServletContainerException("Could not find key store '"
+ ssl.getKeyStore() + "'", e); + ssl.getKeyStore() + "'", ex);
}
if (ssl.getCiphers() != null) {
sslContextFactory.setIncludeCipherSuites(ssl.getCiphers());
} }
}
private void configureSslTrustStore(SslContextFactory factory, Ssl ssl) {
if (ssl.getTrustStorePassword() != null) { if (ssl.getTrustStorePassword() != null) {
sslContextFactory.setTrustStorePassword(ssl.getTrustStorePassword()); factory.setTrustStorePassword(ssl.getTrustStorePassword());
} }
if (ssl.getTrustStore() != null) { if (ssl.getTrustStore() != null) {
try { try {
sslContextFactory.setTrustStoreResource(Resource URL url = ResourceUtils.getURL(ssl.getTrustStore());
.newResource(ResourceUtils.getURL(ssl.getTrustStore()))); factory.setTrustStoreResource(Resource.newResource(url));
} }
catch (IOException e) { catch (IOException ex) {
throw new EmbeddedServletContainerException( throw new EmbeddedServletContainerException(
"Could not find trust store '" + ssl.getTrustStore() + "'", e); "Could not find trust store '" + ssl.getTrustStore() + "'", ex);
} }
} }
} }
@ -202,7 +221,7 @@ AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware {
initializersToUse); initializersToUse);
context.setConfigurations(configurations); context.setConfigurations(configurations);
context.getSessionHandler().getSessionManager() context.getSessionHandler().getSessionManager()
.setMaxInactiveInterval(getSessionTimeout()); .setMaxInactiveInterval(getSessionTimeout());
postProcessWebAppContext(context); postProcessWebAppContext(context);
} }
@ -211,8 +230,8 @@ AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware {
if (root != null) { if (root != null) {
try { try {
if (!root.isDirectory()) { if (!root.isDirectory()) {
handler.setBaseResource(Resource.newResource("jar:" + root.toURI() Resource resource = Resource.newResource("jar:" + root.toURI() + "!");
+ "!")); handler.setBaseResource(resource);
} }
else { else {
handler.setBaseResource(Resource.newResource(root)); handler.setBaseResource(Resource.newResource(root));

79
spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java
Unescape Escape View File

@ -79,7 +79,7 @@ import org.springframework.util.StringUtils;
* @see TomcatEmbeddedServletContainer * @see TomcatEmbeddedServletContainer
*/ */
public class TomcatEmbeddedServletContainerFactory extends public class TomcatEmbeddedServletContainerFactory extends
AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware { AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware {
private static final String DEFAULT_PROTOCOL = "org.apache.coyote.http11.Http11NioProtocol"; private static final String DEFAULT_PROTOCOL = "org.apache.coyote.http11.Http11NioProtocol";
@ -226,7 +226,7 @@ AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware {
if (connector.getProtocolHandler() instanceof AbstractProtocol) { if (connector.getProtocolHandler() instanceof AbstractProtocol) {
if (getAddress() != null) { if (getAddress() != null) {
((AbstractProtocol) connector.getProtocolHandler()) ((AbstractProtocol) connector.getProtocolHandler())
.setAddress(getAddress()); .setAddress(getAddress());
} }
} }
if (getUriEncoding() != null) { if (getUriEncoding() != null) {
@ -238,17 +238,14 @@ AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware {
connector.setProperty("bindOnInit", "false"); connector.setProperty("bindOnInit", "false");
if (getSsl() != null) { if (getSsl() != null) {
if (connector.getProtocolHandler() instanceof AbstractHttp11JsseProtocol) { Assert.state(
AbstractHttp11JsseProtocol jsseProtocol = (AbstractHttp11JsseProtocol) connector connector.getProtocolHandler() instanceof AbstractHttp11JsseProtocol,
.getProtocolHandler(); "To use SSL, the connector's protocol handler must be an "
configureJsseProtocol(jsseProtocol, getSsl()); + "AbstractHttp11JsseProtocol subclass");
connector.setScheme("https"); configureSsl((AbstractHttp11JsseProtocol) connector.getProtocolHandler(),
connector.setSecure(true); getSsl());
} connector.setScheme("https");
else { connector.setSecure(true);
throw new IllegalStateException(
"To use SSL, the connector's protocol handler must be an AbstractHttp11JsseProtocol subclass");
}
} }
for (TomcatConnectorCustomizer customizer : this.tomcatConnectorCustomizers) { for (TomcatConnectorCustomizer customizer : this.tomcatConnectorCustomizers) {
@ -256,42 +253,56 @@ AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware {
} }
} }
protected void configureJsseProtocol(AbstractHttp11JsseProtocol jsseProtocol, Ssl ssl) { /**
jsseProtocol.setSSLEnabled(true); * Configure Tomcat's {@link AbstractHttp11JsseProtocol} for SSL.
jsseProtocol.setSslProtocol(ssl.getProtocol()); * @param protocol the protocol
* @param ssl the ssl details
*/
protected void configureSsl(AbstractHttp11JsseProtocol protocol, Ssl ssl) {
protocol.setSSLEnabled(true);
protocol.setSslProtocol(ssl.getProtocol());
configureSslClientAuth(protocol, ssl);
protocol.setKeystorePass(ssl.getKeyStorePassword());
protocol.setKeyPass(ssl.getKeyPassword());
protocol.setKeyAlias(ssl.getKeyAlias());
configureSslKeyStore(protocol, ssl);
String ciphers = StringUtils.arrayToCommaDelimitedString(ssl.getCiphers());
protocol.setCiphers(ciphers);
configureSslTrustStore(protocol, ssl);
}
private void configureSslClientAuth(AbstractHttp11JsseProtocol protocol, Ssl ssl) {
if (ssl.getClientAuth() == ClientAuth.NEED) { if (ssl.getClientAuth() == ClientAuth.NEED) {
jsseProtocol.setClientAuth(Boolean.TRUE.toString()); protocol.setClientAuth(Boolean.TRUE.toString());
} }
else if (ssl.getClientAuth() == ClientAuth.WANT) { else if (ssl.getClientAuth() == ClientAuth.WANT) {
jsseProtocol.setClientAuth("want"); protocol.setClientAuth("want");
} }
jsseProtocol.setKeystorePass(ssl.getKeyStorePassword()); }
jsseProtocol.setKeyPass(ssl.getKeyPassword());
jsseProtocol.setKeyAlias(ssl.getKeyAlias()); private void configureSslKeyStore(AbstractHttp11JsseProtocol protocol, Ssl ssl) {
try { try {
jsseProtocol.setKeystoreFile(ResourceUtils.getFile(ssl.getKeyStore()) File file = ResourceUtils.getFile(ssl.getKeyStore());
.getAbsolutePath()); protocol.setKeystoreFile(file.getAbsolutePath());
} }
catch (FileNotFoundException e) { catch (FileNotFoundException ex) {
throw new EmbeddedServletContainerException("Could not find key store " throw new EmbeddedServletContainerException("Could not find key store "
+ ssl.getKeyStore(), e); + ssl.getKeyStore(), ex);
} }
}
jsseProtocol private void configureSslTrustStore(AbstractHttp11JsseProtocol protocol, Ssl ssl) {
.setCiphers(StringUtils.arrayToCommaDelimitedString(ssl.getCiphers()));
if (ssl.getTrustStore() != null) { if (ssl.getTrustStore() != null) {
try { try {
jsseProtocol.setTruststoreFile(ResourceUtils.getFile(ssl.getTrustStore()) File file = ResourceUtils.getFile(ssl.getTrustStore());
.getAbsolutePath()); protocol.setTruststoreFile(file.getAbsolutePath());
} }
catch (FileNotFoundException e) { catch (FileNotFoundException ex) {
throw new EmbeddedServletContainerException("Could not find trust store " throw new EmbeddedServletContainerException("Could not find trust store "
+ ssl.getTrustStore(), e); + ssl.getTrustStore(), ex);
} }
} }
protocol.setTruststorePass(ssl.getTrustStorePassword());
jsseProtocol.setTruststorePass(ssl.getTrustStorePassword());
} }
/** /**

Write Preview
Loading…
Cancel
Save