Skip to content

Commit

Permalink
Add support for server.ssl.enabled property
Browse files Browse the repository at this point in the history
Fixes gh-2241
  • Loading branch information
philwebb committed Jan 7, 2015
1 parent f9c3bae commit 4ad5c52
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 12 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,7 @@ content into your application; rather pick only the properties that you need.
server.context-parameters.*= # Servlet context init parameters, e.g. server.context-parameters.a=alpha
server.context-path= # the context path, defaults to '/'
server.servlet-path= # the servlet path, defaults to '/'
server.ssl.enabled=true # if SSL support is enabled
server.ssl.client-auth= # want or need
server.ssl.key-alias=
server.ssl.ciphers= # supported SSL ciphers
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2012-2014 the original author or authors.
* Copyright 2012-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand All @@ -25,6 +25,11 @@
*/
public class Ssl {

/**

This comment has been minimized.

Copy link
@snicoll

snicoll Jan 7, 2015

Member

For consistency this should be Enable SSL support. I'll update it.

This comment has been minimized.

Copy link
@philwebb

philwebb Jan 7, 2015

Author Member

Cheers

* If SSL support is enabled.
*/
private boolean enabled = true;

/**
* Whether client authentication is wanted ("want") or needed ("need"). Requires a
* trust store.
Expand Down Expand Up @@ -91,6 +96,14 @@ public class Ssl {
*/
private String protocol = "TLS";

public boolean isEnabled() {
return this.enabled;
}

public void setEnabled(boolean enabled) {
this.enabled = enabled;
}

public ClientAuth getClientAuth() {
return this.clientAuth;
}
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2012-2014 the original author or authors.
* Copyright 2012-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -121,7 +121,7 @@ public EmbeddedServletContainer getEmbeddedServletContainer(
configureWebAppContext(context, initializers);
server.setHandler(context);
this.logger.info("Server initialized with port: " + port);
if (getSsl() != null) {
if (getSsl() != null && getSsl().isEnabled()) {
SslContextFactory sslContextFactory = new SslContextFactory();
configureSsl(sslContextFactory, getSsl());
AbstractConnector connector = getSslServerConnectorFactory().getConnector(
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2012-2014 the original author or authors.
* Copyright 2012-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -240,7 +240,7 @@ protected void customizeConnector(Connector connector) {
// prematurely...
connector.setProperty("bindOnInit", "false");

if (getSsl() != null) {
if (getSsl() != null && getSsl().isEnabled()) {
Assert.state(
connector.getProtocolHandler() instanceof AbstractHttp11JsseProtocol,
"To use SSL, the connector's protocol handler must be an "
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2012-2014 the original author or authors.
* Copyright 2012-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -229,21 +229,20 @@ private Builder createBuilder(int port) {
if (this.directBuffers != null) {
builder.setDirectBuffers(this.directBuffers);
}
if (getSsl() == null) {
builder.addHttpListener(port, getListenAddress());
if (getSsl() != null && getSsl().isEnabled()) {
configureSsl(getSsl(), port, builder);
}
else {
configureSsl(port, builder);
builder.addHttpListener(port, getListenAddress());
}
for (UndertowBuilderCustomizer customizer : this.builderCustomizers) {
customizer.customize(builder);
}
return builder;
}

private void configureSsl(int port, Builder builder) {
private void configureSsl(Ssl ssl, int port, Builder builder) {
try {
Ssl ssl = getSsl();
SSLContext sslContext = SSLContext.getInstance(ssl.getProtocol());
sslContext.init(getKeyManagers(), getTrustManagers(), null);
builder.addHttpsListener(port, getListenAddress(), sslContext);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright 2012-2014 the original author or authors.
* Copyright 2012-2015 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -28,6 +28,7 @@
import java.util.Date;
import java.util.concurrent.TimeUnit;

import javax.net.ssl.SSLException;
import javax.servlet.GenericServlet;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
Expand Down Expand Up @@ -314,6 +315,26 @@ public void basicSsl() throws Exception {
testBasicSslWithKeyStore("src/test/resources/test.jks");
}

@Test
public void sslDisabled() throws Exception {
AbstractEmbeddedServletContainerFactory factory = getFactory();
Ssl ssl = getSsl(null, "password", "src/test/resources/test.jks");
ssl.setEnabled(false);
factory.setSsl(ssl);
this.container = factory.getEmbeddedServletContainer(new ServletRegistrationBean(
new ExampleServlet(true), "/hello"));
this.container.start();
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
new SSLContextBuilder().loadTrustMaterial(null,
new TrustSelfSignedStrategy()).build());
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory)
.build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(
httpClient);
this.thrown.expect(SSLException.class);
getResponse(getLocalUrl("https", "/hello"), requestFactory);
}

@Test
public void sslGetScheme() throws Exception { // gh-2232
AbstractEmbeddedServletContainerFactory factory = getFactory();
Expand Down

0 comments on commit 4ad5c52

Please sign in to comment.