-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 28/03/14 12:55, Felix Meschberger wrote: > In our application which leverages the Felix Http Service we have > implemented a service which provides custom KeyStore and > TrustStores along with their *Managers. Those are not file based > hence we cannot simply configure the file paths. > > On solution to approach this would be to support custom > "org.eclipse.jetty.util.ssl.SslContextFactory" services which the > Jetty Service would take into account. For example along these > lines: > > (1) Define a property > "org.apache.felix.https.jetty.sslcontextfactory" which is a > service selection filter, e.g. "(service.property=some.value)". If > this property is set a SSLContextFactory service matching the given > filter is required. If this property is not set, the default > SSLContextFactory is used and configured from the configuration. > If this property is set to the special value "*" a SSLContextFacory > is just required. (2) If the property is set but not matching > service is available, the Jetty Service will not be started. (3) > Any further SSL relevant properties such as cipher enablement and > disablement will be configured into the SSLContextFactory service > according to configuration (this has an implication on the service > implementation). > > Alternative to (2): (2a) If plain HTTP is enabled, the server > could start with HTTP only and HTTPS would dynamically be added, > when a service becomes available; If HTTP is disabled, the server > would not be started until a service becomes available. > > Alternative to (3): (3a) Any SSL properties are ignored if the > .SslContextFactory service is to be used.
Coincidentally, I was looking at something similar while trying to get SPDY working in Felix HTTP. For that to work I need to supply additional (Jetty) connectors to our Jetty server in order to get it working. My idea to get this working was something similar: allow connectors (or connection factories, maybe that would be even better) to be registered as service and get those service(s) by means of a configuration key. This would be a little more generic and still allow you to supply your own instance of the SslContextFactory. This path would allow us to support additional protocols/connectors without the JettyConfig class blowing up with more and more properties. WDYT? - -- Met vriendelijke groeten | Kind regards Jan Willem Janssen | Software Architect +31 631 765 814 /My world is revolving around PulseOn and Amdatu/ Luminis Technologies B.V. J.C. Wilslaan 29 7313 HK Apeldoorn +31 88 586 46 30 http://www.luminis-technologies.com http://www.luminis.eu KvK (CoC) 09 16 28 93 BTW (VAT) NL8169.78.566.B.01 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTNYPyAAoJEKF/mP2eHDc4pjMQAIfp7p2jnN2Aw7IDheGybra8 uWwDTXrgC8YHwuKpdRURqCPLbD7NJbaWMeGMcfgwStMZhhVBlPwmlAZGYhUsku6m YBU/2zav+SyuljPDFlqcdjqDwz7WIlGVhrUYFsfcr/m8u5f6sgC+QZRdU6Kxcew5 K6LMGKl+SH5e+lFjLyrbokDtLczW2HxXT5oe2IlULMqDb1692zB5jJjdcjTZnoV3 Q/Bz5LQtHDwwTJQCiBuN7e9/YCSsZWQzok7lK07gwdQdQKUnyWLLCeXgP0xYY5rk 2Dxb2L45bl1GJTFPwfpYDjy8uObYq/YQJUZ6PCzYWLMVDjeR/DCwHAi4wuxMVj+V gKym2abAmNDtBhrGZwvwaWhAWriII/xC0awjSZEl/DJCnSrIatzy8g4QwYOhIglb xtahfsVdbCdw9zOOiCdmTMPuvWZVDsN7h6Wjk2shGDT5ibPsNoH93YVyZMbeHXxQ pVDvFqFK3Ug0DDbtPMWu2eYca2i4J6257yr6UimoowMlMQ0ecAyvJjCRayjEyD3l d3pyTbDZFladqzn0Gttp3qwiAMrq8FigsJ3+xjOQFfAygkjIFMYPmQXluT8H8OYP HaJyPdPeoqHEc0J3V8ULij+qQZqpHyGhqRnhoLaj/jwxe6M+kZHnuGVg13sE5884 J/ixsFCiu9SaRmPnwZQL =SKc2 -----END PGP SIGNATURE-----
