[jetty-users] regd. loading certificate from truststore without restarting jetty or loosing sslSocket

Fri, 05 Oct 2012 17:03:15 -0700 

Hi,

I need to do ssl client-auth kind of use case using jetty.

The client will be sending their certificate and I'll be registering them
in a truststore and then the client can make new requests using the
certificate.

I have been able to implement everything but the problem is that after
registering the certificate I have to restart jetty for that certificate to
be loaded in.

I don't want to restart jetty every time so I wrote some JMX code to
restart the SslSocketConnector only. But now the trouble is that the
original connection drops after the SslSocketConnector is restarted. If the
connection drops then I can't send a response back to the client whose
certificate I have just registered.

Is there a way to read in certificates from the truuststore without
restarting jetty?

The way I restart SslSocketConnector using JMX is as under:

public void refreshTrustStore() throws Exception {
           System.out.println("In refreshTrustStore");
           try{
               MBeanServer mBeanServer = ManagementFactory.
>
> getPlatformMBeanServer();
>                 Set names = mBeanServer.queryNames(new ObjectName("*:*"),
> null);
>
>                  Iterator it=names.iterator();
>                  while( it.hasNext()) {
>                     ObjectName oname= (ObjectName)it.next();
>
>                     MBeanInfo minfo = mBeanServer.getMBeanInfo(oname);
>
>
>
>                     if
> (minfo.getClassName().equals("org.mortbay.jetty.security.SslSocketConnector"))
> {
>                         System.out.println("found ssl socket connector...
> will try to restart it");
>
>                              System.out.println("Restarting SSL Connector
> on port ");
>                              Object params[] = {};
>                              String signature[] = {};
>                              ;
>                              /**
>                               * Stop and restart the connector to get it
> to re-read the certificate trustfile
>                               */
>                              mBeanServer.invoke(oname, "stop", params,
> signature);
>                              mBeanServer.invoke(oname, "start", params,
> signature);
>
>                           }
>                        }
>                     }
>                catch (Exception e) {
>                  System.out.println("Did not restart SSL Connector: " + e);
>                  e.printStackTrace();
>                  throw e;
>               }
>
>        }
>
> Any help will be greatly appreciated.
>
> Thanks & Regards,
> Manu

_______________________________________________
jetty-users mailing list
[email protected]
https://dev.eclipse.org/mailman/listinfo/jetty-users

Reply via email to