Date: 2004-11-13T11:19:23
   Editor: JeremyBoynes <[EMAIL PROTECTED]>
   Wiki: Apache Geronimo Wiki
   Page: JettySSL
   URL: http://wiki.apache.org/geronimo/JettySSL

   no comment

Change Log:

------------------------------------------------------------------------------
@@ -2,15 +2,20 @@
 
 By default (as of 2004-10-08) Geronimo runs http protocol but not https.  I 
haven't entirely figured out how to get it to run https yet, but here are some 
notes that might help you.
 
-The first step is to set up a "keystore" that contains a digital certificate.  
The server uses this to authenticate itself to the clients.  There are some 
links in the Jetty SSL FAQ below that talk about how to do this.  Geronimo 
expects the keystore to be in `~/.keystore` by default (at least on unix 
systems).
-
-To enable SSL add this to your web app's `geronimo-jetty.xml` deployment 
descriptor (for more info on `geronimo-jetty.xml` see ["Deployment"]):
+The first step is to set up a "keystore" that contains a digital certificate.  
The server uses this to authenticate itself to the clients.  There are some 
links in the Jetty SSL FAQ below that talk about how to do this.
+  
+To enable SSL add this to your web app's `geronimo-jetty.xml` deployment plan 
(for more info on `geronimo-jetty.xml` see ["Deployment"]):
  {{{
-<gbean name="geronimo.server:type=WebConnector,container=Jetty,port=8443" 
-       class="org.apache.geronimo.jetty.connector.HTTPSConnector">
-    <attribute name="port" type="int">8443</attribute>
-    <reference 
name="JettyContainer">geronimo.server:type=WebContainer,container=Jetty</reference>
-</gbean>
+<gbean name="geronimo.server:type=WebConnector,container=Jetty,port=8443" 
class="org.apache.geronimo.jetty.connector.HTTPSConnector">
+        <reference 
name="JettyContainer">geronimo.server:type=WebContainer,container=Jetty</reference>
+        <reference 
name="ServerInfo">geronimo.system:role=ServerInfo</reference>
+        <attribute name="port" type="int">8443</attribute>
+        <attribute name="keystore" 
type="java.lang.String">var/security/ssl-keystore</attribute>
+        <attribute name="password" type="java.lang.String">changeit</attribute>
+        <attribute name="keystoreType" type="java.lang.String">JKS</attribute>
+        <attribute name="useDefaultTrustStore" type="boolean">false</attribute>
+        <attribute name="needClientAuth" type="boolean">false</attribute>
+    </gbean>
 }}}
 
 This is a cut-n-paste from 
`geronimo/modules/assembly/src/plan/j2ee-server-plan.xml` as suggested by 
Jeremy in the link below.
@@ -40,16 +45,6 @@
 === Status ===
 
 At the moment the server starts, and is listening on port 8443, and it appears 
to be running https, but I appear to have botched my certificate generation so 
I can't establish a connection.  The browser tells me that the certificate is 
invalid or corrupt.  If your certificate-fu is more powerful than mine you'll 
probably have no problems.
-
-=== Wishlist ===
-
-It would be nice to be able to specify the passwords and the keystore location 
in the deployment descriptor.  At the moment it looks as if 
`org.apache.geronimo.jetty.connector.JettyConnector` isn't set up to allow this:
- {{{
-        GBeanInfoFactory infoFactory = new GBeanInfoFactory("Jetty HTTP 
Connector", JettyConnector.class);
-        infoFactory.addAttribute("port", int.class, true);
-        infoFactory.addReference("JettyContainer", JettyContainer.class);
-        GBEAN_INFO = infoFactory.getBeanInfo();
-}}}
 
 == References ==
 

Reply via email to