This is an automated email from the ASF dual-hosted git repository. elserj pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/accumulo.git
commit c35f17f5354340ee6da773d84c42fee017f8bb81 Merge: 5af231f 159c97a Author: Josh Elser <els...@apache.org> AuthorDate: Mon Sep 24 17:54:34 2018 -0400 Merge branch '1.9' .../java/org/apache/accumulo/core/conf/Property.java | 4 ++++ .../org/apache/accumulo/monitor/EmbeddedWebServer.java | 18 ++++++++++++------ 2 files changed, 16 insertions(+), 6 deletions(-) diff --cc server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java index ee2ebaa,e8309be..69222ab --- a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java +++ b/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java @@@ -42,29 -49,23 +42,35 @@@ public class EmbeddedWebServer public EmbeddedWebServer(String host, int port) { server = new Server(); final AccumuloConfiguration conf = Monitor.getContext().getConfiguration(); - if (EMPTY.equals(conf.get(Property.MONITOR_SSL_KEYSTORE)) - || EMPTY.equals(conf.get(Property.MONITOR_SSL_KEYSTOREPASS)) - || EMPTY.equals(conf.get(Property.MONITOR_SSL_TRUSTSTORE)) - || EMPTY.equals(conf.get(Property.MONITOR_SSL_TRUSTSTOREPASS))) { + connector = new ServerConnector(server, getConnectionFactories(conf)); + connector.setHost(host); + connector.setPort(port); + + handler = new ServletContextHandler( + ServletContextHandler.SESSIONS | ServletContextHandler.SECURITY); + handler.getSessionHandler().getSessionCookieConfig().setHttpOnly(true); + handler.setContextPath("/"); + } + + private static AbstractConnectionFactory[] getConnectionFactories(AccumuloConfiguration conf) { + HttpConnectionFactory httpFactory = new HttpConnectionFactory(); + EnumSet<Property> requireForSecure = EnumSet.of(Property.MONITOR_SSL_KEYSTORE, - Property.MONITOR_SSL_KEYSTOREPASS, Property.MONITOR_SSL_TRUSTSTORE); ++ Property.MONITOR_SSL_KEYSTOREPASS, Property.MONITOR_SSL_TRUSTSTORE, ++ Property.MONITOR_SSL_TRUSTSTOREPASS); + + if (requireForSecure.stream().map(p -> conf.get(p)).anyMatch(s -> s == null || s.isEmpty())) { + LOG.debug("Not configuring Jetty to use TLS"); - connector = new ServerConnector(server, new HttpConnectionFactory()); - usingSsl = false; + return new AbstractConnectionFactory[] {httpFactory}; } else { - final String trustStorePass = conf.get(Property.MONITOR_SSL_TRUSTSTOREPASS); - if (trustStorePass.isEmpty()) { - LOG.warn("Truststore JKS file has an empty password which prevents any integrity checks."); + LOG.debug("Configuring Jetty to use TLS"); + final SslContextFactory sslContextFactory = new SslContextFactory(); + // If the key password is the same as the keystore password, we don't + // have to explicitly set it. Thus, if the user doesn't provide a key + // password, don't set anything. + final String keyPass = conf.get(Property.MONITOR_SSL_KEYPASS); + if (!Property.MONITOR_SSL_KEYPASS.getDefaultValue().equals(keyPass)) { + sslContextFactory.setKeyManagerPassword(keyPass); } - SslContextFactory sslContextFactory = new SslContextFactory(); sslContextFactory.setKeyStorePath(conf.get(Property.MONITOR_SSL_KEYSTORE)); sslContextFactory.setKeyStorePassword(conf.get(Property.MONITOR_SSL_KEYSTOREPASS)); sslContextFactory.setKeyStoreType(conf.get(Property.MONITOR_SSL_KEYSTORETYPE));