org.springframework.boot.web.server.Ssl Java Examples
The following examples show how to use
org.springframework.boot.web.server.Ssl.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: ServletApplicationFactory.java From spring-boot-admin with Apache License 2.0 | 6 votes |
|
@Override
protected String getManagementBaseUrl() {
String baseUrl = instance.getManagementBaseUrl();
if (!StringUtils.isEmpty(baseUrl)) {
return baseUrl;
}
if (isManagementPortEqual()) {
return UriComponentsBuilder.fromHttpUrl(getServiceUrl()).path("/").path(getDispatcherServletPrefix())
.path(getManagementContextPath()).toUriString();
}
Ssl ssl = (management.getSsl() != null) ? management.getSsl() : server.getSsl();
return UriComponentsBuilder.newInstance().scheme(getScheme(ssl)).host(getManagementHost())
.port(getLocalManagementPort()).path(getManagementContextPath()).toUriString();
}
Example #2
| Source File: ArmeriaReactiveWebServerFactory.java From armeria with Apache License 2.0 | 5 votes |
|
private static com.linecorp.armeria.spring.Ssl toArmeriaSslConfiguration(Ssl ssl) {
if (!ssl.isEnabled()) {
return new com.linecorp.armeria.spring.Ssl();
}
ClientAuth clientAuth = null;
if (ssl.getClientAuth() != null) {
switch (ssl.getClientAuth()) {
case NEED:
clientAuth = ClientAuth.REQUIRE;
break;
case WANT:
clientAuth = ClientAuth.OPTIONAL;
break;
}
}
return new com.linecorp.armeria.spring.Ssl()
.setEnabled(ssl.isEnabled())
.setClientAuth(clientAuth)
.setCiphers(ssl.getCiphers() != null ? ImmutableList.copyOf(ssl.getCiphers()) : null)
.setEnabledProtocols(ssl.getEnabledProtocols() != null ? ImmutableList.copyOf(
ssl.getEnabledProtocols()) : null)
.setKeyAlias(ssl.getKeyAlias())
.setKeyPassword(ssl.getKeyPassword())
.setKeyStore(ssl.getKeyStore())
.setKeyStorePassword(ssl.getKeyStorePassword())
.setKeyStoreType(ssl.getKeyStoreType())
.setKeyStoreProvider(ssl.getKeyStoreProvider())
.setTrustStore(ssl.getTrustStore())
.setTrustStorePassword(ssl.getTrustStorePassword())
.setTrustStoreType(ssl.getTrustStoreType())
.setTrustStoreProvider(ssl.getTrustStoreProvider());
}
Example #3
| Source File: NettyWebServerFactorySslCustomizer.java From tutorials with MIT License | 5 votes |
|
@Override
public void customize(NettyReactiveWebServerFactory serverFactory) {
Ssl ssl = new Ssl();
ssl.setEnabled(true);
ssl.setKeyStore("classpath:sample.jks");
ssl.setKeyAlias("alias");
ssl.setKeyPassword("password");
ssl.setKeyStorePassword("secret");
Http2 http2 = new Http2();
http2.setEnabled(false);
serverFactory.addServerCustomizers(new SslServerCustomizer(ssl, http2, null));
serverFactory.setPort(8443);
}
Example #4
| Source File: DefaultApplicationFactoryTest.java From spring-boot-admin with Apache License 2.0 | 5 votes |
|
@Test
public void test_ssl_management() {
management.setSsl(new Ssl());
management.getSsl().setEnabled(true);
when(pathMappedEndpoints.getPath(EndpointId.of("health"))).thenReturn("/actuator/alive");
publishApplicationReadyEvent(factory, 8080, 9090);
Application app = factory.createApplication();
assertThat(app.getManagementUrl()).isEqualTo("https://" + getHostname() + ":9090/actuator");
assertThat(app.getHealthUrl()).isEqualTo("https://" + getHostname() + ":9090/actuator/alive");
assertThat(app.getServiceUrl()).isEqualTo("http://" + getHostname() + ":8080/");
}
Example #5
| Source File: DefaultApplicationFactoryTest.java From spring-boot-admin with Apache License 2.0 | 5 votes |
|
@Test
public void test_ssl() {
server.setSsl(new Ssl());
server.getSsl().setEnabled(true);
when(pathMappedEndpoints.getPath(EndpointId.of("health"))).thenReturn("/actuator/health");
publishApplicationReadyEvent(factory, 8080, null);
Application app = factory.createApplication();
assertThat(app.getManagementUrl()).isEqualTo("https://" + getHostname() + ":8080/actuator");
assertThat(app.getHealthUrl()).isEqualTo("https://" + getHostname() + ":8080/actuator/health");
assertThat(app.getServiceUrl()).isEqualTo("https://" + getHostname() + ":8080/");
}
Example #6
| Source File: DefaultApplicationFactory.java From spring-boot-admin with Apache License 2.0 | 5 votes |
|
protected String getManagementBaseUrl() {
String baseUrl = instance.getManagementBaseUrl();
if (!StringUtils.isEmpty(baseUrl)) {
return baseUrl;
}
if (isManagementPortEqual()) {
return this.getServiceUrl();
}
Ssl ssl = (management.getSsl() != null) ? management.getSsl() : server.getSsl();
return UriComponentsBuilder.newInstance().scheme(getScheme(ssl)).host(getManagementHost())
.port(getLocalManagementPort()).toUriString();
}
Example #7
| Source File: HttpsServerConfig.java From micro-service with MIT License | 5 votes |
|
private Ssl getSsl() {
Ssl ssl = new Ssl();
ssl.setKeyStore("/root/.keystore");
ssl.setKeyStorePassword("123456");
ssl.setKeyStoreType("PKCS12");
ssl.setKeyAlias("tomcat");
return ssl;
}
Example #8
| Source File: ArmeriaReactiveWebServerFactoryTest.java From armeria with Apache License 2.0 | 5 votes |
|
@Test
void shouldConfigureTlsWithSelfSignedCertificate() {
final ArmeriaReactiveWebServerFactory factory = factory();
final Ssl ssl = new Ssl();
ssl.setEnabled(true);
factory.setSsl(ssl);
runEchoServer(factory, server -> validateEchoResponse(sendPostRequest(httpsClient(server))));
}
Example #9
| Source File: SslCustomizer.java From vertx-spring-boot with Apache License 2.0 | 5 votes |
|
@Override
public HttpServerOptions apply(HttpServerOptions options) {
Ssl ssl = factory.getSsl();
if (ssl == null) {
return options;
}
options.setSsl(ssl.isEnabled());
options.setKeyCertOptions(keyCertOptionsAdapter(ssl));
options.setTrustOptions(trustOptionsAdapter(ssl));
propertyMapper.from(ssl.getClientAuth())
.whenNonNull()
.as(this::clientAuthAdapter)
.to(options::setClientAuth);
propertyMapper.from(ssl.getEnabledProtocols())
.whenNonNull()
.as(Arrays::asList)
.as(LinkedHashSet::new)
.to(options::setEnabledSecureTransportProtocols);
propertyMapper.from(ssl.getCiphers())
.whenNonNull()
.as(Arrays::stream)
.to(stream -> stream.forEach(options::addEnabledCipherSuite));
return options;
}
Example #10
| Source File: JettyITServerCustomizer.java From nifi-registry with Apache License 2.0 | 5 votes |
|
@Override
public void customize(final JettyServletWebServerFactory factory) {
LOGGER.info("Customizing Jetty server for integration tests...");
factory.addServerCustomizers((server) -> {
final Ssl sslProperties = serverProperties.getSsl();
if (sslProperties != null) {
createSslContextFactory(sslProperties);
ServerConnector con = (ServerConnector) server.getConnectors()[0];
int existingConnectorPort = con.getLocalPort();
// create the http configuration
final HttpConfiguration httpConfiguration = new HttpConfiguration();
httpConfiguration.setRequestHeaderSize(HEADER_BUFFER_SIZE);
httpConfiguration.setResponseHeaderSize(HEADER_BUFFER_SIZE);
// add some secure config
final HttpConfiguration httpsConfiguration = new HttpConfiguration(httpConfiguration);
httpsConfiguration.setSecureScheme("https");
httpsConfiguration.setSecurePort(existingConnectorPort);
httpsConfiguration.addCustomizer(new SecureRequestCustomizer());
// build the connector with the endpoint identification algorithm set to null
final ServerConnector httpsConnector = new ServerConnector(server,
new SslConnectionFactory(createSslContextFactory(sslProperties), "http/1.1"),
new HttpConnectionFactory(httpsConfiguration));
server.removeConnector(con);
server.addConnector(httpsConnector);
}
});
LOGGER.info("JettyServer is customized");
}
Example #11
| Source File: SslCustomizerTest.java From vertx-spring-boot with Apache License 2.0 | 5 votes |
|
@Test
public void shouldSetNeedClientAuth() {
given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.NEED);
customizer.apply(mockHttpServerOptions);
verify(mockHttpServerOptions).setClientAuth(ClientAuth.REQUIRED);
}
Example #12
| Source File: SslCustomizerTest.java From vertx-spring-boot with Apache License 2.0 | 5 votes |
|
@Test
public void shouldSetWantClientAuth() {
given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.WANT);
customizer.apply(mockHttpServerOptions);
verify(mockHttpServerOptions).setClientAuth(ClientAuth.REQUEST);
}
Example #13
| Source File: SslCustomizerTest.java From vertx-spring-boot with Apache License 2.0 | 5 votes |
|
@Test
public void shouldSetNoneClientAuth() {
given(mockSsl.getClientAuth()).willReturn(Ssl.ClientAuth.NONE);
customizer.apply(mockHttpServerOptions);
verify(mockHttpServerOptions).setClientAuth(ClientAuth.NONE);
}
Example #14
| Source File: SslCustomizer.java From vertx-spring-boot with Apache License 2.0 | 5 votes |
|
private TrustOptions trustOptionsAdapter(Ssl ssl) {
if ("JKS".equalsIgnoreCase(ssl.getTrustStoreType())) {
return getJksOptions(ssl.getTrustStore(), ssl.getTrustStorePassword());
} else if ("PKCS12".equalsIgnoreCase(ssl.getTrustStoreType())) {
return getPfxOptions(ssl.getTrustStore(), ssl.getTrustStorePassword());
}
return null;
}
Example #15
| Source File: SslCustomizer.java From vertx-spring-boot with Apache License 2.0 | 5 votes |
|
private KeyCertOptions keyCertOptionsAdapter(Ssl ssl) {
if ("JKS".equalsIgnoreCase(ssl.getKeyStoreType())) {
return getJksOptions(ssl.getKeyStore(), ssl.getKeyStorePassword());
} else if ("PKCS12".equalsIgnoreCase(ssl.getKeyStoreType())) {
return getPfxOptions(ssl.getKeyStore(), ssl.getKeyStorePassword());
}
return null;
}
Example #16
| Source File: SslCustomizer.java From vertx-spring-boot with Apache License 2.0 | 5 votes |
|
private ClientAuth clientAuthAdapter(Ssl.ClientAuth clientAuth) {
switch (clientAuth) {
case WANT:
return ClientAuth.REQUEST;
case NEED:
return ClientAuth.REQUIRED;
default:
return ClientAuth.NONE;
}
}
Example #17
| Source File: JettyITServerCustomizer.java From nifi-registry with Apache License 2.0 | 4 votes |
|
private SslContextFactory createSslContextFactory(Ssl properties) {
// Calling SslContextFactory.Server() calls setEndpointIdentificationAlgorithm(null).
// This ensures that Jetty server does not attempt to validate a hostname in the client certificate's SAN.
final SslContextFactory.Server contextFactory = new SslContextFactory.Server();
// if needClientAuth is false then set want to true so we can optionally use certs
if(properties.getClientAuth() == Ssl.ClientAuth.NEED) {
LOGGER.info("Setting Jetty's SSLContextFactory needClientAuth to true");
contextFactory.setNeedClientAuth(true);
} else {
LOGGER.info("Setting Jetty's SSLContextFactory wantClientAuth to true");
contextFactory.setWantClientAuth(true);
}
/* below code sets JSSE system properties when values are provided */
// keystore properties
if (StringUtils.isNotBlank(properties.getKeyStore())) {
contextFactory.setKeyStorePath(properties.getKeyStore());
}
if (StringUtils.isNotBlank(properties.getKeyStoreType())) {
contextFactory.setKeyStoreType(properties.getKeyStoreType());
}
final String keystorePassword = properties.getKeyStorePassword();
final String keyPassword = properties.getKeyPassword();
if (StringUtils.isNotBlank(keystorePassword)) {
// if no key password was provided, then assume the keystore password is the same as the key password.
final String defaultKeyPassword = (StringUtils.isBlank(keyPassword)) ? keystorePassword : keyPassword;
contextFactory.setKeyManagerPassword(keystorePassword);
contextFactory.setKeyStorePassword(defaultKeyPassword);
} else if (StringUtils.isNotBlank(keyPassword)) {
// since no keystore password was provided, there will be no keystore integrity check
contextFactory.setKeyStorePassword(keyPassword);
}
// truststore properties
if (StringUtils.isNotBlank(properties.getTrustStore())) {
contextFactory.setTrustStorePath(properties.getTrustStore());
}
if (StringUtils.isNotBlank(properties.getTrustStoreType())) {
contextFactory.setTrustStoreType(properties.getTrustStoreType());
}
if (StringUtils.isNotBlank(properties.getTrustStorePassword())) {
contextFactory.setTrustStorePassword(properties.getTrustStorePassword());
}
return contextFactory;
}
Example #18
| Source File: DefaultApplicationFactory.java From spring-boot-admin with Apache License 2.0 | 4 votes |
|
protected String getScheme(@Nullable Ssl ssl) {
return ((ssl != null) && ssl.isEnabled()) ? "https" : "http";
}
