Author: degenaro
Date: Fri Jun 17 14:06:44 2016
New Revision: 1748861
URL: http://svn.apache.org/viewvc?rev=1748861&view=rev
Log:
UIMA-4730 Update Web Server (WS) to properly employ https with the new Jetty
Modified:
uima/uima-ducc/trunk/src/main/admin/ducc_post_install
uima/uima-ducc/trunk/uima-ducc-web/src/main/java/org/apache/uima/ducc/ws/server/DuccWebServer.java
uima/uima-ducc/trunk/uima-ducc-web/src/main/java/org/apache/uima/ducc/ws/server/DuccWebServerHelper.java
Modified: uima/uima-ducc/trunk/src/main/admin/ducc_post_install
URL:
http://svn.apache.org/viewvc/uima/uima-ducc/trunk/src/main/admin/ducc_post_install?rev=1748861&r1=1748860&r2=1748861&view=diff
==============================================================================
--- uima/uima-ducc/trunk/src/main/admin/ducc_post_install (original)
+++ uima/uima-ducc/trunk/src/main/admin/ducc_post_install Fri Jun 17 14:06:44
2016
@@ -221,9 +221,9 @@ class PostInstall():
rc = os.system(cmd);
self.default_keystore_prop.v = reply
- print 'keystore created as', reply
-
-
+ print 'keystore = ', keystore
+ #print 'keypass = ', reply
+ #print 'storepass = ', reply
# Setup and verify amq
# make sure verify_ducc is sufficient - maybe move some checks to there?
Modified:
uima/uima-ducc/trunk/uima-ducc-web/src/main/java/org/apache/uima/ducc/ws/server/DuccWebServer.java
URL:
http://svn.apache.org/viewvc/uima/uima-ducc/trunk/uima-ducc-web/src/main/java/org/apache/uima/ducc/ws/server/DuccWebServer.java?rev=1748861&r1=1748860&r2=1748861&view=diff
==============================================================================
---
uima/uima-ducc/trunk/uima-ducc-web/src/main/java/org/apache/uima/ducc/ws/server/DuccWebServer.java
(original)
+++
uima/uima-ducc/trunk/uima-ducc-web/src/main/java/org/apache/uima/ducc/ws/server/DuccWebServer.java
Fri Jun 17 14:06:44 2016
@@ -35,10 +35,13 @@ import org.apache.uima.ducc.common.utils
import org.apache.uima.ducc.ws.DuccPlugins;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Handler;
+import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.NCSARequestLog;
+import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.DefaultHandler;
import org.eclipse.jetty.server.handler.HandlerList;
import org.eclipse.jetty.server.handler.RequestLogHandler;
@@ -87,14 +90,6 @@ public class DuccWebServer {
}
}
-
- /**
- * The default port can be overridden in ducc.properties file, for
example:
- * ducc.ws.port = 41233
- */
- //private int port = 42133;
- //private String ipaddress = null;
-
/**
* To support https, do the following:
*
@@ -102,23 +97,12 @@ public class DuccWebServer {
* keystore in ducc_web/etc directory
* 2. in ducc.properties set SSL port, for example:
* ducc.ws.port.ssl = 42155
- * 3. in ducc.properties set SSL password, for example:
- * ducc.ws.port.ssl.pw = quackquack
- *
- * Note: if SSL port is not set in ducc.properties, the webserver will not
create
- * the SSL connection, and thus secure communications will be
unsupported.
*/
- private int portSsl = -1;
- private String portSslPw = "quackquack";
- private String rootDir = "?";
-
- //
+ private String rootDir = "?";
private Server server;
-
private CommonConfiguration commonConfiguration;
-
public DuccWebServer(CommonConfiguration commonConfiguration) {
this.commonConfiguration = commonConfiguration;
init();
@@ -141,12 +125,22 @@ public class DuccWebServer {
}
public int getPortSsl() {
- return portSsl;
+ String property =
DuccPropertiesResolver.get(DuccPropertiesResolver.ducc_ws_port_https);
+ int portHttps = ConfigValue.PortHttps.getInt(property);
+ return portHttps;
}
public String getRootDir() {
return rootDir;
}
+
+ public String getKeyStorePassword() {
+ return DuccWebServerHelper.getKeyStorePassword();
+ }
+
+ public String getKeyManagerPassword() {
+ return DuccWebServerHelper.getKeyManagerPassword();
+ }
private void init() {
String methodName = "init";
@@ -154,102 +148,92 @@ public class DuccWebServer {
logger.info(methodName, null, messages.fetchLabel("cluster
name")+getClusterName());
logger.info(methodName, null, messages.fetchLabel("class
definition file")+getClassDefinitionFile());
- String property;
+ String property;
- /**
- * Determine server idle timeout
- * ducc.ws.idle.timeout
- */
- property =
DuccPropertiesResolver.get(DuccPropertiesResolver.ducc_ws_idle_timeout);
- int idleTimeout = ConfigValue.IdleTimeout.getInt(property);
+ /**
+ * Determine server idle timeout
+ * ducc.ws.idle.timeout
+ */
+ property =
DuccPropertiesResolver.get(DuccPropertiesResolver.ducc_ws_idle_timeout);
+ int idleTimeout = ConfigValue.IdleTimeout.getInt(property);
- /**
- * Determine server max threads
- * ducc.ws.max.threads
- */
- property =
DuccPropertiesResolver.get(DuccPropertiesResolver.ducc_ws_max_threads);
- int maxThreads = ConfigValue.MaxThreads.getInt(property);
+ /**
+ * Determine server max threads
+ * ducc.ws.max.threads
+ */
+ property =
DuccPropertiesResolver.get(DuccPropertiesResolver.ducc_ws_max_threads);
+ int maxThreads = ConfigValue.MaxThreads.getInt(property);
- /**
- * Determine server http port
- * ducc.ws.port
- */
- property =
DuccPropertiesResolver.get(DuccPropertiesResolver.ducc_ws_port);
- int portHttp = ConfigValue.PortHttp.getInt(property);
+ /**
+ * Determine server http port
+ * ducc.ws.port
+ */
+ property =
DuccPropertiesResolver.get(DuccPropertiesResolver.ducc_ws_port);
+ int portHttp = ConfigValue.PortHttp.getInt(property);
/**
* Determine server https port
* ducc.ws.port.https
*/
- property =
DuccPropertiesResolver.get(DuccPropertiesResolver.ducc_ws_port_https);
- int portHttps = ConfigValue.PortHttps.getInt(property);
-
- try {
- InetAddress inetAddress = InetAddress.getLocalHost();
- String host = inetAddress.getCanonicalHostName();
- DuccWebMonitor.getInstance().register(host, ""+portHttp);
- }
- catch(Exception e) {
- logger.error(methodName, jobid, e);
- }
-
- // === jetty.xml ===
-
- // Setup Threadpool
- QueuedThreadPool threadPool = new QueuedThreadPool();
- threadPool.setMaxThreads(maxThreads);
-
- // Server
- server = new Server(threadPool);
-
- // Scheduler
- server.addBean(new ScheduledExecutorScheduler());
-
- // === jetty-http.xml ===
- ServerConnector http = new ServerConnector(server, new
HttpConnectionFactory());
- http.setPort(portHttp);
- http.setIdleTimeout(idleTimeout);
- server.addConnector(http);
-
- // === jetty-https.xml ===
- // SSL Context Factory
- SslContextFactory sslContextFactory = new SslContextFactory();
- String keystore = DuccWebServerHelper.getDuccWebKeyStore();
+ property =
DuccPropertiesResolver.get(DuccPropertiesResolver.ducc_ws_port_https);
+ int portHttps = ConfigValue.PortHttps.getInt(property);
+ try {
+ InetAddress inetAddress = InetAddress.getLocalHost();
+ String host = inetAddress.getCanonicalHostName();
+ DuccWebMonitor.getInstance().register(host, ""+portHttp);
+ }
+ catch(Exception e) {
+ logger.error(methodName, jobid, e);
+ }
+ // === jetty.xml ===
+ // Setup Threadpool
+ QueuedThreadPool threadPool = new QueuedThreadPool();
+ threadPool.setMaxThreads(maxThreads);
+
+ // Server
+ server = new Server(threadPool);
+
+ // Scheduler
+ server.addBean(new ScheduledExecutorScheduler());
+
+ // === jetty-http.xml ===
+ ServerConnector http = new ServerConnector(server, new
HttpConnectionFactory());
+ http.setPort(portHttp);
+ http.setIdleTimeout(idleTimeout);
+ server.addConnector(http);
+
+ // === jetty-https.xml ===
+ // SSL Context Factory
+ SslContextFactory sslContextFactory = new SslContextFactory();
+ String keystore = DuccWebServerHelper.getDuccWebKeyStore();
+
+ logger.info(methodName, jobid, "keystore="+keystore);
+ HttpConfiguration http_config = new HttpConfiguration();
+ http_config.setSecureScheme("https");
+ http_config.setSecurePort(portHttps);
+ logger.info(methodName, jobid, "portHttps="+portHttps);
+ HttpConfiguration https_config = new HttpConfiguration(http_config);
+ https_config.addCustomizer(new SecureRequestCustomizer());
+ ServerConnector https = new ServerConnector(server,
+ new SslConnectionFactory(sslContextFactory,"http/1.1"),
+ new HttpConnectionFactory(https_config));
+
+ https.setPort(portHttps);
+ sslContextFactory.setKeyStorePath(keystore);
+ String pw = getKeyStorePassword();
+ logger.trace(methodName, jobid, "pw="+pw);
+ sslContextFactory.setKeyStorePassword(getKeyStorePassword());
+ sslContextFactory.setKeyManagerPassword(getKeyManagerPassword());
+
+ server.setConnectors(new Connector[] { http });
+ server.addConnector(https);
+
+ // JSP
-
-
- /*
-
- server = new Server();
- SelectChannelConnector connector0 = new
SelectChannelConnector();
- connector0.setPort(port);
- if(ipaddress != null) {
- connector0.setHost(ipaddress);
- }
- if(portSsl < 0) {
- server.setConnectors(new Connector[]{ connector0 });
- }
- else {
- SslSelectChannelConnector ssl_connector = new
SslSelectChannelConnector();
- ssl_connector.setPort(portSsl);
- if(ipaddress != null) {
- ssl_connector.setHost(ipaddress);
- }
- org.eclipse.jetty.util.ssl.SslContextFactory cf =
ssl_connector.getSslContextFactory();
- //SslContextFactory cf = ssl_connector.getSslContextFactory();
- String keystore = DuccWebServerHelper.getDuccWebKeyStore();
- logger.info(methodName, null, "keystore:"+keystore);
- cf.setKeyStorePath(keystore);
- // cf.setKeyStore(keystore);
- cf.setKeyStorePassword(portSslPw);
- server.setConnectors(new Connector[]{ connector0, ssl_connector
});
- }
- */
- //
ServletContextHandler jspHandler = new
ServletContextHandler(ServletContextHandler.SESSIONS);
jspHandler.setContextPath("/");
jspHandler.setResourceBase("root");
@@ -258,13 +242,13 @@ public class DuccWebServer {
ServletHolder jsp = jspHandler.addServlet(JspServlet.class, "*.jsp");
jsp.setInitParameter("classpath", jspHandler.getClassPath());
//
- ResourceHandler resourceHandler = new ResourceHandler();
- resourceHandler.setDirectoriesListed(true);
- resourceHandler.setWelcomeFiles(new String[]{ "index.html" });
- rootDir = DuccWebServerHelper.getDuccWebRoot();
- resourceHandler.setResourceBase(rootDir);
- //
- try {
+ ResourceHandler resourceHandler = new ResourceHandler();
+ resourceHandler.setDirectoriesListed(true);
+ resourceHandler.setWelcomeFiles(new String[]{ "index.html" });
+ rootDir = DuccWebServerHelper.getDuccWebRoot();
+ resourceHandler.setResourceBase(rootDir);
+ //
+ try {
Properties properties = DuccWebProperties.get();
String ducc_runmode =
properties.getProperty("ducc.runmode","Production");
logger.debug(methodName, null,
"ducc.runmode:"+ducc_runmode);
@@ -285,18 +269,18 @@ public class DuccWebServer {
out.println(text);
out.flush();
out.close();
- }
- catch(Exception e) {
+ }
+ catch(Exception e) {
logger.info(methodName, null, e);
- }
- //
- HandlerList handlers = new HandlerList();
+ }
+ //
+ HandlerList handlers = new HandlerList();
- String key = "ducc.ws.requestLog.RetainDays";
- int dflt = 0;
- int requestLogRetainDays = DuccPropertiesResolver.get(key,
dflt);
- logger.info(methodName, jobid,
"requestLogRetainDays="+requestLogRetainDays);
- if(requestLogRetainDays > 0) {
+ String key = "ducc.ws.requestLog.RetainDays";
+ int dflt = 0;
+ int requestLogRetainDays = DuccPropertiesResolver.get(key, dflt);
+ logger.info(methodName, jobid,
"requestLogRetainDays="+requestLogRetainDays);
+ if(requestLogRetainDays > 0) {
String requestLogTimeZone = "GMT";
String requestLogFmt = "yyyy_MM_dd";
String requestLogFile =
IDuccEnv.DUCC_LOGS_WEBSERVER_DIR+requestLogFmt+".request.log";
@@ -312,32 +296,32 @@ public class DuccWebServer {
requestLogHandler.setRequestLog(requestLog);
handlers.addHandler(requestLogHandler);
logger.info(methodName, jobid,
"requestLogFile="+requestLogFile);
- }
+ }
- DuccHandler duccHandler = new DuccHandler(this);
- ArrayList<Handler> localHandlers =
DuccPlugins.getInstance().gethandlers(this);
- DuccHandlerClassic duccHandlerClassic = new
DuccHandlerClassic(this);
- DuccHandlerJsonFormat duccHandlerJson = new
DuccHandlerJsonFormat(this);
- DuccHandlerProxy duccHandlerProxy = new DuccHandlerProxy();
- DuccHandlerViz duccHandlerViz = new DuccHandlerViz();
- DuccHandlerUserAuthentication duccHandlerUserAuthentication =
new DuccHandlerUserAuthentication();
- SessionHandler sessionHandler = new SessionHandler();
- handlers.addHandler(sessionHandler);
- handlers.addHandler(duccHandlerUserAuthentication);
- for(Handler handler: localHandlers) {
- handlers.addHandler(handler);
- }
- handlers.addHandler(duccHandlerJson);
- handlers.addHandler(duccHandlerProxy);
- handlers.addHandler(duccHandlerClassic);
- handlers.addHandler(duccHandlerViz);
- handlers.addHandler(duccHandler);
- handlers.addHandler(jspHandler);
- handlers.addHandler(resourceHandler);
- handlers.addHandler(new DefaultHandler());
- server.setHandler(handlers);
+ DuccHandler duccHandler = new DuccHandler(this);
+ ArrayList<Handler> localHandlers =
DuccPlugins.getInstance().gethandlers(this);
+ DuccHandlerClassic duccHandlerClassic = new DuccHandlerClassic(this);
+ DuccHandlerJsonFormat duccHandlerJson = new
DuccHandlerJsonFormat(this);
+ DuccHandlerProxy duccHandlerProxy = new DuccHandlerProxy();
+ DuccHandlerViz duccHandlerViz = new DuccHandlerViz();
+ DuccHandlerUserAuthentication duccHandlerUserAuthentication = new
DuccHandlerUserAuthentication();
+ SessionHandler sessionHandler = new SessionHandler();
+ handlers.addHandler(sessionHandler);
+ handlers.addHandler(duccHandlerUserAuthentication);
+ for(Handler handler: localHandlers) {
+ handlers.addHandler(handler);
+ }
+ handlers.addHandler(duccHandlerJson);
+ handlers.addHandler(duccHandlerProxy);
+ handlers.addHandler(duccHandlerClassic);
+ handlers.addHandler(duccHandlerViz);
+ handlers.addHandler(duccHandler);
+ handlers.addHandler(jspHandler);
+ handlers.addHandler(resourceHandler);
+ handlers.addHandler(new DefaultHandler());
+ server.setHandler(handlers);
- logger.trace(methodName, null, messages.fetch("exit"));
+ logger.trace(methodName, null, messages.fetch("exit"));
}
public void start() throws Exception {
Modified:
uima/uima-ducc/trunk/uima-ducc-web/src/main/java/org/apache/uima/ducc/ws/server/DuccWebServerHelper.java
URL:
http://svn.apache.org/viewvc/uima/uima-ducc/trunk/uima-ducc-web/src/main/java/org/apache/uima/ducc/ws/server/DuccWebServerHelper.java?rev=1748861&r1=1748860&r2=1748861&view=diff
==============================================================================
---
uima/uima-ducc/trunk/uima-ducc-web/src/main/java/org/apache/uima/ducc/ws/server/DuccWebServerHelper.java
(original)
+++
uima/uima-ducc/trunk/uima-ducc-web/src/main/java/org/apache/uima/ducc/ws/server/DuccWebServerHelper.java
Fri Jun 17 14:06:44 2016
@@ -24,6 +24,7 @@ import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.Properties;
+import org.apache.uima.ducc.common.IDuccEnv;
import org.apache.uima.ducc.common.utils.DuccLogger;
import org.apache.uima.ducc.common.utils.DuccLoggerComponents;
import org.apache.uima.ducc.common.utils.id.DuccId;
@@ -66,9 +67,42 @@ public class DuccWebServerHelper {
return rootDir;
}
+ /**
+ * retrieve keystore pw from resources.private/ducc.private.properties
+ */
+ public static String getKeyStorePassword() {
+ String location = "getKeyStorePassword";
+ String retVal = null;
+ String pwDir = IDuccEnv.DUCC_HOME_DIR+"resources.private";
+ String fileName =
pwDir+File.separator+"ducc.private.properties";
+ try {
+ File file = new File(fileName);
+ FileInputStream fis = new FileInputStream(file);
+ Properties properties = new Properties();
+ properties.load(fis);
+ fis.close();
+ String key = "ducc.ws.port.ssl.pw";
+ retVal = properties.getProperty(key);
+ }
+ catch (FileNotFoundException e) {
+ logger.debug(location, jobid, fileName+" not found");
+ }
+ catch (IOException e) {
+ logger.debug(location, jobid, fileName+" load error");
+ }
+ return retVal;
+ }
+
+ public static String getKeyManagerPassword() {
+ return getKeyStorePassword();
+ }
+
+ /**
+ * formulate file path to keystore (used for https)
+ */
public static String getDuccWebKeyStore() {
- String rootDir =
getDuccWeb()+File.separator+"etc"+File.separator+"keystore";
- return rootDir;
+ String retVal =
IDuccEnv.DUCC_HOME_DIR+"webserver"+File.separator+"etc"+File.separator+"keystore";
+ return retVal;
}
private static boolean exists(String fileName) {
