Support http/2 configuration with Reactor-Netty

Just like Jetty, Reactor Netty supports ALPN with JDK8 or with a dependency that delegates TLS to a native library using boringSSL. Closes gh-13333
6 years ago · dd79143d1a
parent c98bb40136
commit dd79143d1a
5 changed files with 71 additions and 7 deletions
--- a/spring-boot-project/spring-boot-dependencies/pom.xml
+++ b/spring-boot-project/spring-boot-dependencies/pom.xml
@ -133,6 +133,7 @@
 		<nekohtml.version>1.9.22</nekohtml.version>
 		<neo4j-ogm.version>3.1.0</neo4j-ogm.version>
 		<netty.version>4.1.27.Final</netty.version>
 		<netty-tcnative.version>2.0.12.Final</netty-tcnative.version>
 		<nio-multipart-parser.version>1.1.0</nio-multipart-parser.version>
 		<postgresql.version>42.2.4</postgresql.version>
 		<quartz.version>2.3.0</quartz.version>
@ -924,6 +925,11 @@
 				<scope>import</scope>
 				<type>pom</type>
 			</dependency>
 			<dependency>
 				<groupId>io.netty</groupId>
 				<artifactId>netty-tcnative-boringssl-static</artifactId>
 				<version>${netty-tcnative.version}</version>
 			</dependency>
 			<dependency>
 				<groupId>io.projectreactor</groupId>
 				<artifactId>reactor-bom</artifactId>
--- a/spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc
+++ b/spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc
@ -753,6 +753,22 @@ This error is not fatal, and the application still starts with HTTP/1.1 SSL supp
 [[howto-configure-http2-netty]]
 ==== HTTP/2 with Reactor Netty
 The `spring-boot-webflux-starter` is using by default Reactor Netty as a server.
 Reactor Netty can be configured for HTTP/2 using the JDK support with JDK 9 or later.
 For JDK 8 environments, or for optimal runtime performance, this server also supports
 HTTP/2 with native libraries. To enable that, your application needs to have an
 additional dependency.
 Spring Boot manages the version for the
 `io.netty:netty-tcnative-boringssl-static` "uber jar", containing native libraries for
 all platforms. Developers can choose to import only the required dependendencies using
 a classifier (see http://netty.io/wiki/forked-tomcat-native.html[the Netty official
 documentation]).
 [[howto-configure-webserver]]
 === Configure the Web Server
--- a/spring-boot-project/spring-boot/pom.xml
+++ b/spring-boot-project/spring-boot/pom.xml
@ -76,6 +76,11 @@
 			<artifactId>reactor-netty</artifactId>
 			<optional>true</optional>
 		</dependency>
 		<dependency>
 			<groupId>io.netty</groupId>
 			<artifactId>netty-tcnative-boringssl-static</artifactId>
 			<optional>true</optional>
 		</dependency>
 		<dependency>
 			<groupId>io.undertow</groupId>
 			<artifactId>undertow-servlet</artifactId>
@ -373,6 +378,21 @@
 			<artifactId>jaybird-jdk18</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.eclipse.jetty</groupId>
 			<artifactId>jetty-client</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.eclipse.jetty.http2</groupId>
 			<artifactId>http2-client</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.eclipse.jetty.http2</groupId>
 			<artifactId>http2-http-client-transport</artifactId>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.hsqldb</groupId>
 			<artifactId>hsqldb</artifactId>
--- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/netty/NettyReactiveWebServerFactory.java
+++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/netty/NettyReactiveWebServerFactory.java
@ -23,6 +23,7 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
 import reactor.netty.http.HttpProtocol;
 import reactor.netty.http.server.HttpServer;
 import org.springframework.boot.web.reactive.server.AbstractReactiveWebServerFactory;
@ -110,10 +111,10 @@ public class NettyReactiveWebServerFactory extends AbstractReactiveWebServerFact
 	private HttpServer createHttpServer() {
 		HttpServer server = HttpServer.create().tcpConfiguration(
-				(tcpServer) -> tcpServer.addressSupplier(() -> getListenAddress()));
+				(tcpServer) -> tcpServer.addressSupplier(this::getListenAddress));
 		if (getSsl() != null && getSsl().isEnabled()) {
 			SslServerCustomizer sslServerCustomizer = new SslServerCustomizer(getSsl(),
-					getSslStoreProvider());
+					getHttp2(), getSslStoreProvider());
 			server = sslServerCustomizer.apply(server);
 		}
 		if (getCompression() != null && getCompression().getEnabled()) {
@ -121,10 +122,23 @@ public class NettyReactiveWebServerFactory extends AbstractReactiveWebServerFact
 					getCompression());
 			server = compressionCustomizer.apply(server);
 		}
 		server = server.protocol(listProtocols());
 		server = (this.useForwardHeaders ? server.forwarded() : server.noForwarded());
 		return applyCustomizers(server);
 	}
 	private HttpProtocol[] listProtocols() {
 		if (getHttp2() != null && getHttp2().isEnabled()) {
 			if (getSsl() != null && getSsl().isEnabled()) {
 				return new HttpProtocol[] { HttpProtocol.H2, HttpProtocol.HTTP11 };
 			}
 			else {
 				return new HttpProtocol[] { HttpProtocol.H2C, HttpProtocol.HTTP11 };
 			}
 		}
 		return new HttpProtocol[] { HttpProtocol.HTTP11 };
 	}
 	private InetSocketAddress getListenAddress() {
 		if (getAddress() != null) {
 			return new InetSocketAddress(getAddress().getHostAddress(), getPort());
--- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/netty/SslServerCustomizer.java
+++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/netty/SslServerCustomizer.java
@ -26,8 +26,9 @@ import javax.net.ssl.TrustManagerFactory;
 import io.netty.handler.ssl.ClientAuth;
 import io.netty.handler.ssl.SslContextBuilder;
 import reactor.netty.http.server.HttpServer;
-import reactor.netty.tcp.SslProvider.DefaultConfigurationType;
+import reactor.netty.tcp.SslProvider;
 import org.springframework.boot.web.server.Http2;
 import org.springframework.boot.web.server.Ssl;
 import org.springframework.boot.web.server.SslStoreProvider;
 import org.springframework.util.ResourceUtils;
@ -42,19 +43,26 @@ public class SslServerCustomizer implements NettyServerCustomizer {
 	private final Ssl ssl;
 	private final Http2 http2;
 	private final SslStoreProvider sslStoreProvider;
-	public SslServerCustomizer(Ssl ssl, SslStoreProvider sslStoreProvider) {
+	public SslServerCustomizer(Ssl ssl, Http2 http2, SslStoreProvider sslStoreProvider) {
 		this.ssl = ssl;
 		this.http2 = http2;
 		this.sslStoreProvider = sslStoreProvider;
 	}
 	@Override
 	public HttpServer apply(HttpServer server) {
 		try {
-			return server
+			return server.secure((contextSpec) -> {
-					.secure((contextSpec) -> contextSpec.sslContext(getContextBuilder())
+				SslProvider.DefaultConfigurationSpec spec = contextSpec
-							.defaultConfiguration(DefaultConfigurationType.NONE));
+						.sslContext(getContextBuilder());
 				if (this.http2 != null && this.http2.isEnabled()) {
 					spec.defaultConfiguration(SslProvider.DefaultConfigurationType.H2);
 				}
 			});
 		}
 		catch (Exception ex) {
 			throw new IllegalStateException(ex);