如何在 Maven/Mortbay Jetty 插件中使用 https / ssl?
Posted
技术标签:
【中文标题】如何在 Maven/Mortbay Jetty 插件中使用 https / ssl?【英文标题】:HowTo use https / ssl with Maven/Mortbay Jetty Plugin? 【发布时间】:2011-04-17 05:32:37 【问题描述】:我想使用 ssl / https,如
中所述http://docs.codehaus.org/display/JETTY/How+to+configure+SSL
使用jetty-maven-plugin,但我不知道如何配置插件。任何提示、示例、教程、演练?
另外,我想知道如何执行上述教程的第 3b 步,其中需要操作码头服务器 (java -classpath $JETTY_HOME/lib/jetty-util-6.1-SNAPSHOT.jar:$JETTY_HOME/lib/jetty-6.1-SNAPSHOT.jar org.mortbay.jetty.security.PKCS12Import jetty.pkcs12 keystore)。
【问题讨论】:
这是我为 Jetty 9 找到的唯一可行的、清晰的分步说明:juplo.de/configure-https-for-jetty-maven-plugin-9-0-x/… 【参考方案1】:如果您想使用 Jetty 9 进行此操作,请注意 从 jetty-9.0 开始,不再可以直接在 pom.xml 中配置 https 连接器:您需要使用 jetty xml 配置文件来执行它。[1]。
这是一个例子:
pom.xml
<properties>
<jetty-version>9.1.2.v20140210</jetty-version>
</properties>
...
<dependency>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-server</artifactId>
<version>$jetty-version</version>
</dependency>
...
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>keytool-maven-plugin</artifactId>
<version>1.3</version>
<executions>
<execution>
<phase>generate-resources</phase>
<id>clean</id>
<goals>
<goal>clean</goal>
</goals>
</execution>
<execution>
<phase>generate-resources</phase>
<id>genkey</id>
<goals>
<goal>generateKeyPair</goal>
</goals>
</execution>
</executions>
<configuration>
<keystore>$project.build.directory/jetty-ssl.keystore</keystore>
<dname>cn=127.0.0.1</dname><!-- put your CN here -->
<keypass>dypBdX1NB3gXA0DXCy9nfyJ4jqUDlaydgbo9OU12g</keypass>
<storepass>dypBdX1NB3gXA0DXCy9nfyJ4jqUDlaydgbo9OU12g</storepass>
<alias>jetty</alias>
<keyalg>RSA</keyalg>
</configuration>
</plugin>
<plugin>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<version>$jetty-version</version>
<configuration>
<jettyXml>src/main/resources/jetty.xml,src/main/resources/jetty-ssl.xml,src/main/resources/jetty-https.xml</jettyXml>
</configuration>
</plugin>
jetty-https.xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call id="httpsConnector" name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="next">http/1.1</Arg>
<Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
</New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="sslHttpConfig"/></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host"><Property name="jetty.host" /></Set>
<Set name="port"><Property name="jetty.https.port" default="8443" /></Set>
<Set name="idleTimeout">30000</Set>
</New>
</Arg>
</Call>
</Configure>
jetty-ssl.xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<!-- ============================================================= -->
<!-- Configure a TLS (SSL) Context Factory -->
<!-- This configuration must be used in conjunction with jetty.xml -->
<!-- and either jetty-https.xml or jetty-spdy.xml (but not both) -->
<!-- ============================================================= -->
<Configure id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="KeyStorePath"><Property name="jetty.home" default="." />/<Property name="jetty.keystore" default="target/jetty-ssl.keystore"/></Set>
<Set name="KeyStorePassword"><Property name="jetty.keystore.password" default="dypBdX1NB3gXA0DXCy9nfyJ4jqUDlaydgbo9OU12g"/></Set>
<Set name="KeyManagerPassword"><Property name="jetty.keymanager.password" default="dypBdX1NB3gXA0DXCy9nfyJ4jqUDlaydgbo9OU12g"/></Set>
<Set name="TrustStorePath"><Property name="jetty.home" default="." />/<Property name="jetty.truststore" default="target/jetty-ssl.keystore"/></Set>
<Set name="TrustStorePassword"><Property name="jetty.truststore.password" default="dypBdX1NB3gXA0DXCy9nfyJ4jqUDlaydgbo9OU12g"/></Set>
<Set name="EndpointIdentificationAlgorithm"></Set>
<Set name="ExcludeCipherSuites">
<Array type="String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>
<!-- =========================================================== -->
<!-- Create a TLS specific HttpConfiguration based on the -->
<!-- common HttpConfiguration defined in jetty.xml -->
<!-- Add a SecureRequestCustomizer to extract certificate and -->
<!-- session information -->
<!-- =========================================================== -->
<New id="sslHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Arg><Ref refid="httpConfig"/></Arg>
<Call name="addCustomizer">
<Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
</Call>
</New>
</Configure>
jetty.xml
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
<Set name="secureScheme">https</Set>
<Set name="securePort">
<Property name="jetty.secure.port" default="8443" />
</Set>
</New>
</Configure>
【讨论】:
这非常接近,但我得到:[错误] 1) 没有绑定 org.codehaus.mojo.keytool.KeyToolCommandLineBuilder 的实现。 [错误] 定位 org.codehaus.mojo.keytool.DefaultKeyTool - 有什么想法吗? 和往常一样,我回答我自己的问题。 keytool-maven-plugin -> 版本 1.5 而不是 1.3【参考方案2】:如果您使用 Pascal 的解决方案遇到此错误:-
Could not find goal 'genkey' in plugin org.codehaus.mojo:keytool-maven-plugin:1.3
-
使用“generateKeyPair”作为目标。 (我相信 genKey 已被弃用。)
添加插件版本。
插件定义应如下所示:-
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>keytool-maven-plugin</artifactId>
<version>1.3</version>
<executions>
<execution>
<phase>generate-resources</phase>
<id>clean</id>
<goals>
<goal>clean</goal>
</goals>
</execution>
<execution>
<phase>generate-resources</phase>
<id>genkey</id>
<goals>
<goal>generateKeyPair</goal>
</goals>
</execution>
</executions>
<configuration>
<keystore>$project.build.directory/jetty-ssl.keystore</keystore>
<dname>cn=my.hostname.tld</dname><!-- put your CN here -->
<keypass>jetty6</keypass>
<storepass>jetty6</storepass>
<alias>jetty6</alias>
<keyalg>RSA</keyalg>
</configuration>
</plugin>
【讨论】:
【参考方案3】:您可以使用 Maven 创建开发证书并在启动 Jetty 时使用它。首先,配置keytool-maven-plugin,创建开发证书:
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>keytool-maven-plugin</artifactId>
<executions>
<execution>
<phase>generate-resources</phase>
<id>clean</id>
<goals>
<goal>clean</goal>
</goals>
</execution>
<execution>
<phase>generate-resources</phase>
<id>genkey</id>
<goals>
<goal>genkey</goal>
</goals>
</execution>
</executions>
<configuration>
<keystore>$project.build.directory/jetty-ssl.keystore</keystore>
<dname>cn=my.hostname.tld</dname><!-- put your CN here-->
<keypass>jetty6</keypass>
<storepass>jetty6</storepass>
<alias>jetty6</alias>
<keyalg>RSA</keyalg>
</configuration>
</plugin>
根据需要更改 CN。然后配置 maven-jetty-plugin 使用开发证书:
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
<version>6.1.10</version>
<configuration>
<contextPath>/context</contextPath>
<scanIntervalSeconds>5</scanIntervalSeconds>
<connectors>
<connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
<port>8080</port>
<maxIdleTime>60000</maxIdleTime>
</connector>
<connector implementation="org.mortbay.jetty.security.SslSocketConnector">
<port>8443</port>
<maxIdleTime>60000</maxIdleTime>
<keystore>$project.build.directory/jetty-ssl.keystore</keystore>
<password>jetty6</password>
<keyPassword>jetty6</keyPassword>
</connector>
</connectors>
</configuration>
</plugin>
运行mvn jetty:run 并打开https://localhost:8443/context。
【讨论】:
帕斯卡,你是有点惊奇......再次感谢! +1 很好的答案!你会说那些Jetty配置也可以和使用Jetty的cargo插件一起使用吗? @PascalThivent:您认为您可以用最新版本的keytool-maven-plugin 和Eclipse 版本的jetty-maven-plugin 来说明上述情况吗?与提出此问题的时间相比,它们都发生了重大变化。
我在这里开了一个新的 SO:***.com/questions/21832716/…。非常感谢!以上是关于如何在 Maven/Mortbay Jetty 插件中使用 https / ssl?的主要内容,如果未能解决你的问题,请参考以下文章