使用 Jersey 1 服务 https
Serve https with Jersey 1
我正在尝试更新旧的 RESTful API 以允许它提供 https;我实际上并不需要额外的安全性,但我有客户抱怨混合上下文——这是在一个部署的桌面应用程序上,它只使用 REST 进行通信;不是已部署的 Web 应用程序。
这是一个 jersey 1 实现,我试图避免必须升级到 Jersey 2。HTTP 服务非常简单:
this.server = HttpServerFactory.create(baseUri,
new DefaultResourceConfig(DataPaqResource.class));
所以我环顾四周并从 javadoc 中提取以下内容以根据传入的基本 uri 启动 https 或 http:
StartWebServer(String baseUri) throws IOException, NoSuchAlgorithmException{
ResourceListeners.addDataPaqResourceListener(this);
if (baseUri.startsWith("https")) {
SSLContext sslContext = SSLContext.getInstance ("SSL");
this.server = (HttpsServer) HttpServerFactory.create(baseUri,
new DefaultResourceConfig(DataPaqResource.class));
((HttpsServer) this.server).setHttpsConfigurator (new HttpsConfigurator(sslContext) {
public void configure (HttpsParameters params) {
SSLContext c = getSSLContext();
// get the default parameters
SSLParameters sslparams = c.getDefaultSSLParameters();
params.setSSLParameters(sslparams);
}
});
}else {
this.server = HttpServerFactory.create(baseUri,
new DefaultResourceConfig(DataPaqResource.class));
}
System.out.println("Started web server on " + baseUri + " imp " +
this.server.getClass().getName());
}
这适用于 http,但使用 https 我得到:
错误:客户端网络套接字在建立安全 TLS 连接之前断开连接
这个错误来自邮递员,但显然浏览器也失败了。基本上我知道 https 配置不正确,但我不确定如何配置它。我不需要安全;我只需要能够以最少的配置提供 https。
感谢所有帮助!
解决了 - 基本上一切正常,只是我加载了错误的密钥库!
//keystore generated with
//keytool -genkeypair -keyalg RSA -alias self_signed -keypass datapaq -keystore
//datapaq.keystore -storepass datapaq
public class StartWebServer implements DataPaqResourceListener{
private HttpServer server;
private static final String password = "datapaq";
StartWebServer(String baseUri) throws IOException, NoSuchAlgorithmException, KeyStoreException, CertificateException, UnrecoverableKeyException, KeyManagementException{
ResourceListeners.addDataPaqResourceListener(this);
if (baseUri.startsWith("https")) {
this.server = (HttpsServer) HttpServerFactory.create(baseUri,
new DefaultResourceConfig(DataPaqResource.class));
SSLContext sslContext = SSLContext.getInstance ("SSL");
KeyStore ks = getKeyStore();
// Set up the key manager factory
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, password.toCharArray());
// Set up the trust manager factory
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
// Set up the HTTPS context and parameters
((HttpsServer) this.server).setHttpsConfigurator (new HttpsConfigurator(sslContext) {
public void configure (HttpsParameters params) {
try {
// Initialise the SSL context
SSLContext context = getSSLContext();
SSLEngine engine = context.createSSLEngine();
engine.setNeedClientAuth(false);
engine.setWantClientAuth(false);
params.setNeedClientAuth(false);
params.setWantClientAuth(false);
params.setCipherSuites(engine.getEnabledCipherSuites());
params.setProtocols(engine.getEnabledProtocols());
// Set the SSL parameters
SSLParameters sslParameters = context.getSupportedSSLParameters();
params.setSSLParameters(sslParameters);
} catch (Exception ex) {
ex.printStackTrace();
}
}
});
}else {
this.server = HttpServerFactory.create(baseUri,
new DefaultResourceConfig(DataPaqResource.class));
}
}
private KeyStore getKeyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
// Initialise the keystore
char[] password = "datapaq".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
InputStream fis = new FileInputStream("datapaq.keystore");
ks.load(fis, password);
return ks;
}
}
我正在尝试更新旧的 RESTful API 以允许它提供 https;我实际上并不需要额外的安全性,但我有客户抱怨混合上下文——这是在一个部署的桌面应用程序上,它只使用 REST 进行通信;不是已部署的 Web 应用程序。
这是一个 jersey 1 实现,我试图避免必须升级到 Jersey 2。HTTP 服务非常简单:
this.server = HttpServerFactory.create(baseUri,
new DefaultResourceConfig(DataPaqResource.class));
所以我环顾四周并从 javadoc 中提取以下内容以根据传入的基本 uri 启动 https 或 http:
StartWebServer(String baseUri) throws IOException, NoSuchAlgorithmException{
ResourceListeners.addDataPaqResourceListener(this);
if (baseUri.startsWith("https")) {
SSLContext sslContext = SSLContext.getInstance ("SSL");
this.server = (HttpsServer) HttpServerFactory.create(baseUri,
new DefaultResourceConfig(DataPaqResource.class));
((HttpsServer) this.server).setHttpsConfigurator (new HttpsConfigurator(sslContext) {
public void configure (HttpsParameters params) {
SSLContext c = getSSLContext();
// get the default parameters
SSLParameters sslparams = c.getDefaultSSLParameters();
params.setSSLParameters(sslparams);
}
});
}else {
this.server = HttpServerFactory.create(baseUri,
new DefaultResourceConfig(DataPaqResource.class));
}
System.out.println("Started web server on " + baseUri + " imp " +
this.server.getClass().getName());
}
这适用于 http,但使用 https 我得到:
错误:客户端网络套接字在建立安全 TLS 连接之前断开连接
这个错误来自邮递员,但显然浏览器也失败了。基本上我知道 https 配置不正确,但我不确定如何配置它。我不需要安全;我只需要能够以最少的配置提供 https。
感谢所有帮助!
解决了 - 基本上一切正常,只是我加载了错误的密钥库!
//keystore generated with
//keytool -genkeypair -keyalg RSA -alias self_signed -keypass datapaq -keystore
//datapaq.keystore -storepass datapaq
public class StartWebServer implements DataPaqResourceListener{
private HttpServer server;
private static final String password = "datapaq";
StartWebServer(String baseUri) throws IOException, NoSuchAlgorithmException, KeyStoreException, CertificateException, UnrecoverableKeyException, KeyManagementException{
ResourceListeners.addDataPaqResourceListener(this);
if (baseUri.startsWith("https")) {
this.server = (HttpsServer) HttpServerFactory.create(baseUri,
new DefaultResourceConfig(DataPaqResource.class));
SSLContext sslContext = SSLContext.getInstance ("SSL");
KeyStore ks = getKeyStore();
// Set up the key manager factory
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, password.toCharArray());
// Set up the trust manager factory
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
// Set up the HTTPS context and parameters
((HttpsServer) this.server).setHttpsConfigurator (new HttpsConfigurator(sslContext) {
public void configure (HttpsParameters params) {
try {
// Initialise the SSL context
SSLContext context = getSSLContext();
SSLEngine engine = context.createSSLEngine();
engine.setNeedClientAuth(false);
engine.setWantClientAuth(false);
params.setNeedClientAuth(false);
params.setWantClientAuth(false);
params.setCipherSuites(engine.getEnabledCipherSuites());
params.setProtocols(engine.getEnabledProtocols());
// Set the SSL parameters
SSLParameters sslParameters = context.getSupportedSSLParameters();
params.setSSLParameters(sslParameters);
} catch (Exception ex) {
ex.printStackTrace();
}
}
});
}else {
this.server = HttpServerFactory.create(baseUri,
new DefaultResourceConfig(DataPaqResource.class));
}
}
private KeyStore getKeyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
// Initialise the keystore
char[] password = "datapaq".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
InputStream fis = new FileInputStream("datapaq.keystore");
ks.load(fis, password);
return ks;
}
}