This site uses cookies. Continue to use the site as normal if you are happy with this, or read more about cookies and how to manage them.

×

This site uses cookies. Continue to use the site as normal if you are happy with this, or read more about cookies and how to manage them.

×

Jetty 9, jetty-runner HTTPS XML configuration

Recently my colleague Daniel and I were tasked with configuring an application that runs using the jetty-runner server to use SSL/HTTPS using XML. Googling around yielded plenty of information about how to do this programmatically using embedded Jetty, but we couldn't seem to find a complete example for this particular use case.

The application packaged as a WAR file runs using a command line similar to:

java -jar jetty-runner.jar application.war

By extrapolating from the programmatic examples for embedded Jetty, and the example Jetty configuration XML documents for Jetty 9, this is the XML configuration we ended up with

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">

<Configure id="Server" class="org.eclipse.jetty.server.Server">
    <!-- Force all communication over secure channels. -->
    <Set name="handler">
        <New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection">
            <Set name="handlers">
                <Array type="org.eclipse.jetty.server.Handler">
                    <Item>
                        <New id="SecuredRedirectHandler" class="org.eclipse.jetty.server.handler.SecuredRedirectHandler" />
                    </Item>
                    <Item>
                        <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection" />
                    </Item>
                    <Item>
                        <New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler" />
                    </Item>
                </Array>
            </Set>
        </New>
    </Set>

    <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
        <Set name="secureScheme">https</Set>
        <Set name="securePort">8443</Set>
    </New>

    <New id="httpsConfig" class="org.eclipse.jetty.server.HttpConfiguration">
        <Call name="addCustomizer">
            <Arg>
                <New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
            </Arg>
        </Call>
    </New>

    <New id="connector" class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="server">
            <Ref refid="Server" />
        </Arg>
        <Arg name="factories">
            <Array type="org.eclipse.jetty.server.ConnectionFactory">
                <Item>
                    <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                        <Arg name="config">
                            <Ref refid="httpConfig" />
                        </Arg>
                    </New>
                </Item>
            </Array>
        </Arg>

        <Set name="port">8080</Set>
    </New>

    <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
        <Set name="KeyStorePath">/home/user/keystore</Set>
        <Set name="KeyStorePassword">super secret phrase</Set>
    </New>

    <New id="sslConnectionFactory" class="org.eclipse.jetty.server.SslConnectionFactory">
        <Arg name="sslContextFactory">
            <Ref refid="sslContextFactory" />
        </Arg>
        <Arg name="next">http/1.1</Arg>
    </New>

    <New id="sslConnector" class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="server">
            <Ref refid="Server" />
        </Arg>
        <Arg name="factories">
            <Array type="org.eclipse.jetty.server.ConnectionFactory">
                <Item>
                    <Ref refid="sslConnectionFactory" />
                </Item>
                <Item>
                    <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                        <Arg name="config">
                            <Ref refid="httpsConfig" />
                        </Arg>
                    </New>
                </Item>
            </Array>
        </Arg>

        <Set name="port">8443</Set>
    </New>

    <Call name="setConnectors">
        <Arg>
            <Array type="org.eclipse.jetty.server.ServerConnector">
                <Item>
                    <Ref refid="connector" />
                </Item>
                <Item>
                    <Ref refid="sslConnector" />
                </Item>
            </Array>
        </Arg>
    </Call>
</Configure>

This configuration forces all communication over HTTPS, redirecting any HTTP requests to the secure channel. If you don't require this restriction then remove the org.eclipse.jetty.server.handler.SecuredRedirectHandler definition.

To use this configuration we adjust the command line as follows:

java -jar jetty-runner.jar --config jetty-config.xml application.war

For information of setting up the keystore please refer to the jetty documentation.

Hopefully this will save others some time.