cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject git commit: More work to issolate the differences between Jetty 8/9.
Date Wed, 06 Aug 2014 19:08:58 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 0d5ee5483 -> c044f726f


More work to issolate the differences between Jetty 8/9.


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c044f726
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c044f726
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c044f726

Branch: refs/heads/master
Commit: c044f726fae2a2f35ce5c6c3b9ebbfe54125ad11
Parents: 0d5ee54
Author: Daniel Kulp <dkulp@apache.org>
Authored: Wed Aug 6 15:08:05 2014 -0400
Committer: Daniel Kulp <dkulp@apache.org>
Committed: Wed Aug 6 15:08:30 2014 -0400

----------------------------------------------------------------------
 .../http_jetty/JettyConnectorFactory.java       |  37 ----
 .../http_jetty/JettyHTTPServerEngine.java       | 193 +++++++++++++------
 .../transport/http_jetty/Messages.properties    |  56 +++++-
 .../https_jetty/JettySslConnectorFactory.java   | 151 ---------------
 .../transport/https_jetty/Messages.properties   |  72 -------
 .../src/test/resources/logging.properties       |   4 +-
 6 files changed, 196 insertions(+), 317 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c044f726/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyConnectorFactory.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyConnectorFactory.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyConnectorFactory.java
deleted file mode 100644
index c5273b3..0000000
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyConnectorFactory.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.transport.http_jetty;
-
-import org.eclipse.jetty.server.AbstractConnector;
-
-
-/**
- * Encapsulates creation of Jetty listener.
- */
-public interface JettyConnectorFactory {
-
-    /**
-     * Create a Listener.
-     * @param jettyHTTPServerEngine 
-     * 
-     * @param host the host to bind to.  IP address or hostname is allowed. null to bind
to all hosts.
-     * @param port the listen port
-     */
-    AbstractConnector createConnector(JettyHTTPServerEngine jettyHTTPServerEngine, String
host, int port);
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/c044f726/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
index 0494237..dacb5ba 100644
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
+++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
@@ -29,17 +29,23 @@ import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import javax.annotation.PostConstruct;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.X509KeyManager;
 import javax.servlet.ServletContext;
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.common.i18n.Message;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.PropertyUtils;
+import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.common.util.SystemPropertyAction;
+import org.apache.cxf.configuration.jsse.SSLUtils;
 import org.apache.cxf.configuration.jsse.TLSServerParameters;
+import org.apache.cxf.configuration.security.ClientAuthentication;
 import org.apache.cxf.interceptor.Fault;
 import org.apache.cxf.transport.HttpUriMapper;
-import org.apache.cxf.transport.https_jetty.JettySslConnectorFactory;
+import org.apache.cxf.transport.https.AliasedX509ExtendedKeyManager;
 import org.eclipse.jetty.security.SecurityHandler;
 import org.eclipse.jetty.server.AbstractConnector;
 import org.eclipse.jetty.server.Connector;
@@ -54,6 +60,7 @@ import org.eclipse.jetty.server.session.HashSessionIdManager;
 import org.eclipse.jetty.server.session.HashSessionManager;
 import org.eclipse.jetty.server.session.SessionHandler;
 import org.eclipse.jetty.util.component.Container;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
 import org.eclipse.jetty.util.thread.QueuedThreadPool;
 import org.eclipse.jetty.util.thread.ThreadPool;
 
@@ -94,7 +101,6 @@ public class JettyHTTPServerEngine
     private Server server;
     private Connector connector;
     private List<Handler> handlers;
-    private JettyConnectorFactory connectorFactory;
     private ContextHandlerCollection contexts;
     private Container.Listener mBeanContainer;
     private SessionManager sessionManager;
@@ -330,7 +336,7 @@ public class JettyHTTPServerEngine
             }
             
             if (connector == null) {
-                connector = connectorFactory.createConnector(this, getHost(), getPort());
+                connector = createConnector(getHost(), getPort());
                 if (LOG.isLoggable(Level.FINER)) {
                     logConnector(connector);
                 }
@@ -468,6 +474,128 @@ public class JettyHTTPServerEngine
         ++servantCount;
     }
     
+    private Connector createConnector(String hosto, int porto) {
+        // now we just use the SelectChannelConnector as the default connector
+        SslContextFactory sslcf = null;
+        if (tlsServerParameters != null) { 
+            sslcf = new SslContextFactory() {
+                protected void doStart() throws Exception {
+                    setSslContext(createSSLContext(this));
+                    super.doStart();
+                }
+                public void checkKeyStore() {
+                    //we'll handle this later
+                }
+            };
+            decorateCXFJettySslSocketConnector(sslcf);
+        }
+        
+        
+        //Jetty 8
+        org.eclipse.jetty.server.nio.SelectChannelConnector result = null;
+        if (tlsServerParameters == null) { 
+            result = new org.eclipse.jetty.server.nio.SelectChannelConnector();
+        } else {
+            result = new org.eclipse.jetty.server.ssl.SslSelectChannelConnector(sslcf);
+        }
+        getServer().setSendServerVersion(getSendServerVersion());
+        if (getMaxIdleTime() > 0) {
+            result.setMaxIdleTime(getMaxIdleTime());
+        }
+        
+        
+        //Jetty 9
+        /*
+        org.eclipse.jetty.server.HttpConfiguration httpConfig 
+            = new org.eclipse.jetty.server.HttpConfiguration();
+        httpConfig.setSendServerVersion(getSendServerVersion());
+        org.eclipse.jetty.server.HttpConnectionFactory httpFactory 
+            = new org.eclipse.jetty.server.HttpConnectionFactory(httpConfig);
+        org.eclipse.jetty.server.ServerConnector result = null;
+        if (tlsServerParameters == null) {
+            result = new org.eclipse.jetty.server.ServerConnector(server, httpFactory);
+        } else {
+            httpConfig.addCustomizer(new org.eclipse.jetty.server.SecureRequestCustomizer());
+            org.eclipse.jetty.server.SslConnectionFactory scf 
+                = new org.eclipse.jetty.server.SslConnectionFactory(sslcf, httpFactory.getProtocol());
+            result = new org.eclipse.jetty.server.ServerConnector(server, scf, httpFactory);
+        }
+        if (getMaxIdleTime() > 0) {
+            result.setIdleTimeout(getMaxIdleTime());
+        }
+        */
+        
+        
+        result.setPort(porto);
+        if (hosto != null) {
+            result.setHost(hosto);
+        }
+        result.setReuseAddress(isReuseAddress());
+        return result;
+    }
+    
+    protected SSLContext createSSLContext(SslContextFactory scf) throws Exception  {
+        String proto = tlsServerParameters.getSecureSocketProtocol() == null
+            ? "TLS" : tlsServerParameters.getSecureSocketProtocol();
+ 
+        SSLContext context = tlsServerParameters.getJsseProvider() == null
+            ? SSLContext.getInstance(proto)
+                : SSLContext.getInstance(proto, tlsServerParameters.getJsseProvider());
+            
+        KeyManager keyManagers[] = tlsServerParameters.getKeyManagers();
+        if (tlsServerParameters.getCertAlias() != null) {
+            keyManagers = getKeyManagersWithCertAlias(keyManagers);
+        }
+        context.init(tlsServerParameters.getKeyManagers(), 
+                     tlsServerParameters.getTrustManagers(),
+                     tlsServerParameters.getSecureRandom());
+
+        String[] cs = 
+            SSLUtils.getCiphersuites(
+                    tlsServerParameters.getCipherSuites(),
+                    SSLUtils.getServerSupportedCipherSuites(context),
+                    tlsServerParameters.getCipherSuitesFilter(),
+                    LOG, true);
+                
+        scf.setExcludeCipherSuites(cs);
+        return context;
+    }
+    protected KeyManager[] getKeyManagersWithCertAlias(KeyManager keyManagers[]) throws Exception
{
+        if (tlsServerParameters.getCertAlias() != null) {
+            for (int idx = 0; idx < keyManagers.length; idx++) {
+                if (keyManagers[idx] instanceof X509KeyManager) {
+                    keyManagers[idx] = new AliasedX509ExtendedKeyManager(
+                        tlsServerParameters.getCertAlias(), (X509KeyManager)keyManagers[idx]);
+                }
+            }
+        }
+        return keyManagers;
+    }
+    protected void setClientAuthentication(SslContextFactory con,
+                                           ClientAuthentication clientAuth) {
+        con.setWantClientAuth(true);
+        if (clientAuth != null) {
+            if (clientAuth.isSetWant()) {
+                con.setWantClientAuth(clientAuth.isWant());
+            }
+            if (clientAuth.isSetRequired()) {
+                con.setNeedClientAuth(clientAuth.isRequired());
+            }
+        }
+    }    
+    /**
+     * This method sets the security properties for the CXF extension
+     * of the JettySslConnector.
+     */
+    private void decorateCXFJettySslSocketConnector(
+            SslContextFactory con
+    ) {
+        setClientAuthentication(con,
+                                tlsServerParameters.getClientAuthentication());
+        con.setCertAlias(tlsServerParameters.getCertAlias());
+    }
+    
+
     private static Container getContainer(Object server) {
         if (server instanceof Container) {
             return (Container)server;
@@ -554,7 +682,9 @@ public class JettyHTTPServerEngine
                     contextHandler = (ContextHandler) handler;
                     Handler jh = contextHandler.getHandler();
                     if (jh instanceof JettyHTTPHandler
-                        && contextName.equals(contextHandler.getContextPath())
+                        && (contextName.equals(contextHandler.getContextPath())
+                            || (StringUtils.isEmpty(contextName) 
+                                && "/".equals(contextHandler.getContextPath())))
                         && ((JettyHTTPHandler)jh).getName().equals(smap)) {
                         try {
                             contexts.removeHandler(handler);                            
@@ -648,8 +778,6 @@ public class JettyHTTPServerEngine
                         + port + " does not support SSL connections.");
                 return;
             }
-            connectorFactory = 
-                getHTTPSConnectorFactory(tlsServerParameters);            
             protocol = "https";
             
         } else {
@@ -657,57 +785,10 @@ public class JettyHTTPServerEngine
                 throw new RuntimeException("Connector " + connector + " for JettyServerEngine
Port " 
                       + port + " does not support non-SSL connections.");
             }
-            connectorFactory = getHTTPConnectorFactory();            
             protocol = "http";
         }
         LOG.fine("Configured port " + port + " for \"" + protocol + "\".");
     }
-
-    /**
-     * This method creates a connector factory. If there are TLS parameters
-     * then it creates a TLS enabled one.
-     */
-    protected JettyConnectorFactory getHTTPConnectorFactory() {
-        return new JettyConnectorFactory() {
-            public AbstractConnector createConnector(JettyHTTPServerEngine engine, String
hosto, int porto) {
-                
-                
-                // now we just use the SelectChannelConnector as the default connector
-                org.eclipse.jetty.server.nio.SelectChannelConnector result = 
-                    new org.eclipse.jetty.server.nio.SelectChannelConnector();
-                engine.getServer().setSendServerVersion(getSendServerVersion());
-                if (engine.getMaxIdleTime() > 0) {
-                    result.setMaxIdleTime(engine.getMaxIdleTime());
-                }
-                
-                /*
-                HttpConfiguration httpConfig = new HttpConfiguration();
-                httpConfig.setSendServerVersion(getSendServerVersion());
-                HttpConnectionFactory httpFactory = new HttpConnectionFactory(httpConfig);
-                ServerConnector result = new ServerConnector(server, httpFactory);
-                if (engine.getMaxIdleTime() > 0) {
-                    result.setIdleTimeout(engine.getMaxIdleTime());
-                }
-                */
-                
-                result.setPort(porto);
-                if (hosto != null) {
-                    result.setHost(hosto);
-                }
-                result.setReuseAddress(engine.isReuseAddress());
-                return result;
-            }
-        };
-    }
-    
-    /**
-     * This method creates a connector factory enabled with the JSSE
-     */
-    protected JettyConnectorFactory getHTTPSConnectorFactory(
-            TLSServerParameters tlsParams
-    ) {
-        return new JettySslConnectorFactory(tlsParams);
-    }
     
     /**
      * This method is called after configure on this object.
@@ -752,7 +833,11 @@ public class JettyHTTPServerEngine
                 } else {
                     connector.getClass().getMethod("close").invoke(connector);
                 }
-            } finally {         
+            } finally {  
+                if (contexts != null) {
+                    contexts.stop();
+                }
+                contexts = null;
                 server.stop();
                 server.destroy();
                 server = null;

http://git-wip-us.apache.org/repos/asf/cxf/blob/c044f726/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/Messages.properties
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/Messages.properties
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/Messages.properties
index 5c173f4..3e864f3 100644
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/Messages.properties
+++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/Messages.properties
@@ -28,4 +28,58 @@ FAILED_TO_SHUTDOWN_ENGINE_MSG = Failed to shutdown Jetty server on port
{0,numbe
 UNKNOWN_CONNECTOR_MSG = Unknown connector type {0}, can''t set the socket reuseAddress flag.
 INVALID_ENCODING_MSG = Invalid character set {0} in request.
 FALLBACK_THREADING_PARAMETERS_MSG = No explicitly configured threading parameters for port
{0}, using fallback values min:{1} max:{2}
-NOT_ENOUGH_THREADS = Not enough threads configured for port {0}.  Need at least {1} ({3}
for Jetty selectors and set managers) but only {2} configured.
\ No newline at end of file
+NOT_ENOUGH_THREADS = Not enough threads configured for port {0}.  Need at least {1} ({3}
for Jetty selectors and set managers) but only {2} configured.
+
+
+SSL_CONTEXT_INIT_FAILURE = Problem initializing ssl for the outbound request, exception reported
from security provider is : {0}
+UNKNOWN_SSL_CLIENT_POLICY_DATA = Unknown SSLClientPolicy property : {0}
+UNKNOWN_SSL_SERVER_POLICY_DATA = Unknown SSLServerPolicy property : {0}
+UNSUPPORTED_SSL_CLIENT_POLICY_DATA = Unsupported SSLClientPolicy property : {0}
+UNSUPPORTED_SSL_SERVER_POLICY_DATA = Unsupported SSLServerPolicy property : {0}
+KEY_STORE_NOT_SET = The location of the key store has not been set via a system parameter
or through configuration so the default value of {0} will be used.
+KEY_STORE_SET = The keystore location is set to {0}.
+KEY_STORE_SYSTEM_PROPERTY_SET = The keystore location is set via a system property to {0}.
+KEY_STORE_TYPE_NOT_SET = The key store type has not been set in configuration so the default
value of {0} will be used.
+KEY_STORE_TYPE_SET = The key store type has been set in configuration to {0}.
+LOADED_KEYSTORE = Successfully loaded keystore, {0}.
+FAILED_TO_LOAD_KEYSTORE = Loading the keystore {0}, failed with the following problem: {1}.
+FAILED_TO_LOAD_KEYSTORE_NULL_PASSWORD = Loading the keystore. {0}, failed because the password
is not set.
+TRUST_STORE_NOT_SET = The location of the trust store has not been set via a system parameter
or through configuration so the default value of {0} will be used.
+TRUST_STORE_SET = The trust store location has been set in configuration to {0}.
+TRUST_STORE_SYSTEM_PROPERTY_SET = The trust store location has been via a system property
to {0}.
+TRUST_STORE_TYPE_NOT_SET = The trust store type has not been set in configuration so the
default value of {0} will be used.
+TRUST_STORE_TYPE_SET = The trust store type has been set in configuration to {0}.
+FAILED_TO_LOAD_TRUST_STORE = Loading the truststore, {0}, failed with the following problem:
{1}.
+LOADED_TRUST_STORE = Successfully loaded trust store, {0}.
+KEY_STORE_PASSWORD_NOT_SET = The key store password has not been set via a system property
or through configuration, reading data from the keystore will fail.
+KEY_STORE_PASSWORD_SET = The key store password was found to be set in configuration and
will be used.
+KEY_STORE_PASSWORD_SYSTEM_PROPERTY_SET = The key store password was found to be set as a
system property and will be used.
+KEY_PASSWORD_NOT_SET = The key password has not been set via a system property or through
configuration, reading data from the keystore will fail.
+KEY_PASSWORD_SET = The key password was found to be set in configuration and will be used.
+KEY_PASSWORD_SYSTEM_PROPERTY_SET = The key  password was found to be set as a system property
and will be used.
+SECURE_SOCKET_PROTOCOL_NOT_SET = The secure socket protocol is not set so using default value
TLSv1.
+SECURE_SOCKET_PROTOCOL_SET = The secure socket protocol has been set to {0}.
+REQUIRE_CLIENT_AUTHENTICATION_NOT_SET = Require client authentication has not been set explicitly
in configuration so defaulting to false.
+REQUIRE_CLIENT_AUTHENTICATION_SET = Require client authentication is set to {0}.
+WANT_CLIENT_AUTHENTICATION_NOT_SET = Want client authentication has not been set explicitly
in configuration so defaulting to false.
+WANT_CLIENT_AUTHENTICATION_SET = Want client authentication is set to {0}.
+KEY_PASSWORD_NOT_SAME_KEYSTORE_PASSWORD = The value specified for the keystore password is
different to the key password. Currently limitations in JSSE requires that they should be
the same. The keystore password value will be used only.
+CIPHERSUITES_SET = The cipher suites have been set to {0}.  
+CIPHERSUITES_NOT_SET = The cipher suites have not been configured, falling back to cipher
suite filters.
+CIPHERSUITE_FILTERS_NOT_SET = The cipher suite filters have not been configured, falling
back to default filters.
+CIPHERSUITE_FILTER = Ciphersuite filter: 
+CIPHERSUITE_INCLUDED = The {0} cipher suite is included by the filter.
+CIPHERSUITE_EXCLUDED = The {0} cipher suite is excluded by the filter.
+CIPHERSUITE_INCLUDE_FILTER = Ciphersuite include filter: {0}
+CIPHERSUITE_EXCLUDE_FILTER = Ciphersuite exclude filter: {0}
+CIPHERSUITES_FILTERED = The enabled cipher suites have been filtered down to {0}.
+CIPHERSUITES_EXCLUDED = The excluded cipher suites have been filtered down to {0}.  
+SUCCESS_INVOKING_SECURITY_CONFIGURER = The custom security configurer {0} configure method
was called successfully.
+ERROR_INVOKING_SECURITY_CONFIGURER = Failure invoking on custom security configurer {0},
exception reported is {1}.
+KEY_STORE_ALGORITHM_NOT_SET = The keystore key manager factory algorithm has not been set
in configuration so the default value {0} will be used.
+KEY_STORE_ALGORITHM_SET = The keystore key manager factory algorithm has been set in configuration
to {0}.
+TRUST_STORE_ALGORITHM_NOT_SET = The truststore key manager factory algorithm has not been
set in configuration so the default value {0} will be used.
+TRUST_STORE_ALGORITHM_SET = The trust store key manager factory algorithm has been set in
configuration to {0}.
+COULD_NOT_CREATE_OUTBOUND_REQUEST_SOCKET = Failed to create a connection to host {0} and
port {1}, error reported is {2}. 
+PROBLEM_CREATING_OUTBOUND_REQUEST_SOCKET = Failed to create a connection to host {0} and
port {1}.
+UNOFFICIAL_SECURITY_CONFIGURER = Use of the security configurer is supported for version
1.0 of Celtix but the API is subject to change in later versions.

http://git-wip-us.apache.org/repos/asf/cxf/blob/c044f726/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
deleted file mode 100644
index e103d0d..0000000
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
+++ /dev/null
@@ -1,151 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.transport.https_jetty;
-
-import java.util.logging.Logger;
-
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.X509KeyManager;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.configuration.jsse.SSLUtils;
-import org.apache.cxf.configuration.jsse.TLSServerParameters;
-import org.apache.cxf.configuration.security.ClientAuthentication;
-import org.apache.cxf.transport.http_jetty.JettyConnectorFactory;
-import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine;
-import org.apache.cxf.transport.https.AliasedX509ExtendedKeyManager;
-import org.eclipse.jetty.server.AbstractConnector;
-import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
-import org.eclipse.jetty.util.ssl.SslContextFactory;
-
-/**
- * This class wraps the JettyConnectorFactory and will create 
- * TLS enabled acceptors.
- */
-public final class JettySslConnectorFactory implements JettyConnectorFactory {
-    private static final Logger LOG = LogUtils.getL7dLogger(JettySslConnectorFactory.class);
   
-    
-    final TLSServerParameters tlsServerParameters;
-    
-    public JettySslConnectorFactory(TLSServerParameters params) {
-        tlsServerParameters = params;
-    }
-
-    /**
-     * Create a Listener.
-     * 
-     * @param host the host to bind to.  IP address or hostname is allowed. null to bind
to all hosts.
-     * @param port the listen port
-     */
-    public AbstractConnector createConnector(JettyHTTPServerEngine engine, String host, int
port) {
-        assert tlsServerParameters != null;
-        
-        SslContextFactory sslcf = new CXFSslContextFactory();
-        SslSelectChannelConnector secureConnector = 
-            new SslSelectChannelConnector(sslcf);
-        if (host != null) {
-            secureConnector.setHost(host);
-        }
-        secureConnector.setPort(port);
-        if (engine.getMaxIdleTime() > 0) {
-            secureConnector.setMaxIdleTime(engine.getMaxIdleTime());
-        }
-        secureConnector.setReuseAddress(engine.isReuseAddress());
-        decorateCXFJettySslSocketConnector(sslcf);
-        return secureConnector;
-    }
-    
-    private class CXFSslContextFactory extends SslContextFactory {
-        public CXFSslContextFactory() {
-            super();
-        }
-        protected void doStart() throws Exception {
-            setSslContext(createSSLContext(this));
-            super.doStart();
-        }
-        public void checkKeyStore() {
-            //we'll handle this later
-        }
-    }
-    
-    protected SSLContext createSSLContext(SslContextFactory scf) throws Exception  {
-        String proto = tlsServerParameters.getSecureSocketProtocol() == null
-            ? "TLS" : tlsServerParameters.getSecureSocketProtocol();
- 
-        SSLContext context = tlsServerParameters.getJsseProvider() == null
-            ? SSLContext.getInstance(proto)
-                : SSLContext.getInstance(proto, tlsServerParameters.getJsseProvider());
-            
-        KeyManager keyManagers[] = tlsServerParameters.getKeyManagers();
-        if (tlsServerParameters.getCertAlias() != null) {
-            keyManagers = getKeyManagersWithCertAlias(keyManagers);
-        }
-        context.init(tlsServerParameters.getKeyManagers(), 
-                     tlsServerParameters.getTrustManagers(),
-                     tlsServerParameters.getSecureRandom());
-
-        String[] cs = 
-            SSLUtils.getCiphersuites(
-                    tlsServerParameters.getCipherSuites(),
-                    SSLUtils.getServerSupportedCipherSuites(context),
-                    tlsServerParameters.getCipherSuitesFilter(),
-                    LOG, true);
-                
-        scf.setExcludeCipherSuites(cs);
-        return context;
-    }
-    protected KeyManager[] getKeyManagersWithCertAlias(KeyManager keyManagers[]) throws Exception
{
-        if (tlsServerParameters.getCertAlias() != null) {
-            for (int idx = 0; idx < keyManagers.length; idx++) {
-                if (keyManagers[idx] instanceof X509KeyManager) {
-                    keyManagers[idx] = new AliasedX509ExtendedKeyManager(
-                        tlsServerParameters.getCertAlias(), (X509KeyManager)keyManagers[idx]);
-                }
-            }
-        }
-        return keyManagers;
-    }
-    protected void setClientAuthentication(SslContextFactory con,
-                                           ClientAuthentication clientAuth) {
-        con.setWantClientAuth(true);
-        if (clientAuth != null) {
-            if (clientAuth.isSetWant()) {
-                con.setWantClientAuth(clientAuth.isWant());
-            }
-            if (clientAuth.isSetRequired()) {
-                con.setNeedClientAuth(clientAuth.isRequired());
-            }
-        }
-    }    
-    /**
-     * This method sets the security properties for the CXF extension
-     * of the JettySslConnector.
-     */
-    private void decorateCXFJettySslSocketConnector(
-            SslContextFactory con
-    ) {
-        setClientAuthentication(con,
-                                tlsServerParameters.getClientAuthentication());
-        con.setCertAlias(tlsServerParameters.getCertAlias());
-    }
-
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/c044f726/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/Messages.properties
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/Messages.properties
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/Messages.properties
deleted file mode 100644
index d107167..0000000
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/Messages.properties
+++ /dev/null
@@ -1,72 +0,0 @@
-#
-#
-#    Licensed to the Apache Software Foundation (ASF) under one
-#    or more contributor license agreements. See the NOTICE file
-#    distributed with this work for additional information
-#    regarding copyright ownership. The ASF licenses this file
-#    to you under the Apache License, Version 2.0 (the
-#    "License"); you may not use this file except in compliance
-#    with the License. You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing,
-#    software distributed under the License is distributed on an
-#    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-#    KIND, either express or implied. See the License for the
-#    specific language governing permissions and limitations
-#    under the License.
-#
-#
-SSL_CONTEXT_INIT_FAILURE = Problem initializing ssl for the outbound request, exception reported
from security provider is : {0}
-UNKNOWN_SSL_CLIENT_POLICY_DATA = Unknown SSLClientPolicy property : {0}
-UNKNOWN_SSL_SERVER_POLICY_DATA = Unknown SSLServerPolicy property : {0}
-UNSUPPORTED_SSL_CLIENT_POLICY_DATA = Unsupported SSLClientPolicy property : {0}
-UNSUPPORTED_SSL_SERVER_POLICY_DATA = Unsupported SSLServerPolicy property : {0}
-KEY_STORE_NOT_SET = The location of the key store has not been set via a system parameter
or through configuration so the default value of {0} will be used.
-KEY_STORE_SET = The keystore location is set to {0}.
-KEY_STORE_SYSTEM_PROPERTY_SET = The keystore location is set via a system property to {0}.
-KEY_STORE_TYPE_NOT_SET = The key store type has not been set in configuration so the default
value of {0} will be used.
-KEY_STORE_TYPE_SET = The key store type has been set in configuration to {0}.
-LOADED_KEYSTORE = Successfully loaded keystore, {0}.
-FAILED_TO_LOAD_KEYSTORE = Loading the keystore {0}, failed with the following problem: {1}.
-FAILED_TO_LOAD_KEYSTORE_NULL_PASSWORD = Loading the keystore. {0}, failed because the password
is not set.
-TRUST_STORE_NOT_SET = The location of the trust store has not been set via a system parameter
or through configuration so the default value of {0} will be used.
-TRUST_STORE_SET = The trust store location has been set in configuration to {0}.
-TRUST_STORE_SYSTEM_PROPERTY_SET = The trust store location has been via a system property
to {0}.
-TRUST_STORE_TYPE_NOT_SET = The trust store type has not been set in configuration so the
default value of {0} will be used.
-TRUST_STORE_TYPE_SET = The trust store type has been set in configuration to {0}.
-FAILED_TO_LOAD_TRUST_STORE = Loading the truststore, {0}, failed with the following problem:
{1}.
-LOADED_TRUST_STORE = Successfully loaded trust store, {0}.
-KEY_STORE_PASSWORD_NOT_SET = The key store password has not been set via a system property
or through configuration, reading data from the keystore will fail.
-KEY_STORE_PASSWORD_SET = The key store password was found to be set in configuration and
will be used.
-KEY_STORE_PASSWORD_SYSTEM_PROPERTY_SET = The key store password was found to be set as a
system property and will be used.
-KEY_PASSWORD_NOT_SET = The key password has not been set via a system property or through
configuration, reading data from the keystore will fail.
-KEY_PASSWORD_SET = The key password was found to be set in configuration and will be used.
-KEY_PASSWORD_SYSTEM_PROPERTY_SET = The key  password was found to be set as a system property
and will be used.
-SECURE_SOCKET_PROTOCOL_NOT_SET = The secure socket protocol is not set so using default value
TLSv1.
-SECURE_SOCKET_PROTOCOL_SET = The secure socket protocol has been set to {0}.
-REQUIRE_CLIENT_AUTHENTICATION_NOT_SET = Require client authentication has not been set explicitly
in configuration so defaulting to false.
-REQUIRE_CLIENT_AUTHENTICATION_SET = Require client authentication is set to {0}.
-WANT_CLIENT_AUTHENTICATION_NOT_SET = Want client authentication has not been set explicitly
in configuration so defaulting to false.
-WANT_CLIENT_AUTHENTICATION_SET = Want client authentication is set to {0}.
-KEY_PASSWORD_NOT_SAME_KEYSTORE_PASSWORD = The value specified for the keystore password is
different to the key password. Currently limitations in JSSE requires that they should be
the same. The keystore password value will be used only.
-CIPHERSUITES_SET = The cipher suites have been set to {0}.  
-CIPHERSUITES_NOT_SET = The cipher suites have not been configured, falling back to cipher
suite filters.
-CIPHERSUITE_FILTERS_NOT_SET = The cipher suite filters have not been configured, falling
back to default filters.
-CIPHERSUITE_FILTER = Ciphersuite filter: 
-CIPHERSUITE_INCLUDED = The {0} cipher suite is included by the filter.
-CIPHERSUITE_EXCLUDED = The {0} cipher suite is excluded by the filter.
-CIPHERSUITE_INCLUDE_FILTER = Ciphersuite include filter: {0}
-CIPHERSUITE_EXCLUDE_FILTER = Ciphersuite exclude filter: {0}
-CIPHERSUITES_FILTERED = The enabled cipher suites have been filtered down to {0}.
-CIPHERSUITES_EXCLUDED = The excluded cipher suites have been filtered down to {0}.  
-SUCCESS_INVOKING_SECURITY_CONFIGURER = The custom security configurer {0} configure method
was called successfully.
-ERROR_INVOKING_SECURITY_CONFIGURER = Failure invoking on custom security configurer {0},
exception reported is {1}.
-KEY_STORE_ALGORITHM_NOT_SET = The keystore key manager factory algorithm has not been set
in configuration so the default value {0} will be used.
-KEY_STORE_ALGORITHM_SET = The keystore key manager factory algorithm has been set in configuration
to {0}.
-TRUST_STORE_ALGORITHM_NOT_SET = The truststore key manager factory algorithm has not been
set in configuration so the default value {0} will be used.
-TRUST_STORE_ALGORITHM_SET = The trust store key manager factory algorithm has been set in
configuration to {0}.
-COULD_NOT_CREATE_OUTBOUND_REQUEST_SOCKET = Failed to create a connection to host {0} and
port {1}, error reported is {2}. 
-PROBLEM_CREATING_OUTBOUND_REQUEST_SOCKET = Failed to create a connection to host {0} and
port {1}.
-UNOFFICIAL_SECURITY_CONFIGURER = Use of the security configurer is supported for version
1.0 of Celtix but the API is subject to change in later versions.

http://git-wip-us.apache.org/repos/asf/cxf/blob/c044f726/systests/ws-security/src/test/resources/logging.properties
----------------------------------------------------------------------
diff --git a/systests/ws-security/src/test/resources/logging.properties b/systests/ws-security/src/test/resources/logging.properties
index b2e5a79..f177e00 100644
--- a/systests/ws-security/src/test/resources/logging.properties
+++ b/systests/ws-security/src/test/resources/logging.properties
@@ -38,7 +38,7 @@
 #handlers= java.util.logging.ConsoleHandler
 
 # To also add the FileHandler, use the following line instead.
-#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
+handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
 
 # Default global logging level.
 # This specifies which kinds of events are logged across
@@ -46,7 +46,7 @@
 # can be overriden by a facility specific level
 # Note that the ConsoleHandler also has a separate level
 # setting to limit messages printed to the console.
-.level= INFO
+.level= FINE
 
 ############################################################
 # Handler specific properties.


Mime
View raw message