Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

For Jetty allow access to SslContextFactory in SslServerCustomizer #20381

Closed
sebukoleth opened this issue Mar 4, 2020 · 1 comment
Closed

For Jetty allow access to SslContextFactory in SslServerCustomizer #20381

sebukoleth opened this issue Mar 4, 2020 · 1 comment
Labels
status: declined A suggestion or change that we don't feel we should currently apply

Comments

@sebukoleth
Copy link

JettyServletWebserverFactory sets up SSL connector by creating an SslServerCustomizer. This customizer's 'customize' method encapsulates the SslContextFactory instance. So we do not have access to this instance to reload the SSL certificates using the Jetty 'hot reload' (jetty/jetty.project#918)
It is also not easy to use this SslServerCustomizer to create another HTTPS connector. For example, we are setting up two HTTPS endpoints - one with 1-way SSL and the other with 2-way SSL. This requires code duplication today.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Mar 4, 2020
@wilkinsona
Copy link
Member

SslServerCustomizer is package-private and is intended for internal use only. Rather than trying to use it, I would recommend using Jetty's API's directly. For example, you can get from a Jetty Server to the SslContextFactory of each HTTPS-capable connector with code like this:

for (Connector connector : server.getConnectors()) {
   if (connector instanceof AbstractConnector) {
      for (ConnectionFactory connectionFactory : ((AbstractConnector) connector)
            .getConnectionFactories()) {
         if (connectionFactory instanceof SslConnectionFactory) {
            SslContextFactory sslContextFactory = ((SslConnectionFactory) connectionFactory)
                  .getSslContextFactory();
            try {
               sslContextFactory.reload((factory) -> {
                  // Reconfigure SSL
               });
            }
            catch (Exception ex) {
               throw new RuntimeException(ex);
            }
         }
      }
   }
}

In Spring Boot, you can access an instance of the Server in a few ways. One way is via a JettyServerCustomizer bean, another is via WebServerApplicationContext.getWebServer() and ((JettyWebServer)webServer).getServer().

Alternatively, if you are already programmatically configuring the second HTTPS-capable connector, you may want to configure the first programmatically as well. This would allow you to create the SslContextFactory and hold a reference to it, rather than having to retrieve it from the Connector that Boot has created for you.

@wilkinsona wilkinsona added status: declined A suggestion or change that we don't feel we should currently apply and removed status: waiting-for-triage An issue we've not yet triaged labels Mar 4, 2020
@csunwold csunwold mentioned this issue May 20, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: declined A suggestion or change that we don't feel we should currently apply
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wilkinsona @sebukoleth @spring-projects-issues