geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s..@geronimo.apache.org
Subject [Apache Geronimo Wiki] Updated: JettySSL
Date Sat, 13 Nov 2004 19:19:23 GMT
   Date: 2004-11-13T11:19:23
   Editor: JeremyBoynes <jboynes@apache.org>
   Wiki: Apache Geronimo Wiki
   Page: JettySSL
   URL: http://wiki.apache.org/geronimo/JettySSL

   no comment

Change Log:

------------------------------------------------------------------------------
@@ -2,15 +2,20 @@
 
 By default (as of 2004-10-08) Geronimo runs http protocol but not https.  I haven't entirely
figured out how to get it to run https yet, but here are some notes that might help you.
 
-The first step is to set up a "keystore" that contains a digital certificate.  The server
uses this to authenticate itself to the clients.  There are some links in the Jetty SSL FAQ
below that talk about how to do this.  Geronimo expects the keystore to be in `~/.keystore`
by default (at least on unix systems).
-
-To enable SSL add this to your web app's `geronimo-jetty.xml` deployment descriptor (for
more info on `geronimo-jetty.xml` see ["Deployment"]):
+The first step is to set up a "keystore" that contains a digital certificate.  The server
uses this to authenticate itself to the clients.  There are some links in the Jetty SSL FAQ
below that talk about how to do this.
+  
+To enable SSL add this to your web app's `geronimo-jetty.xml` deployment plan (for more info
on `geronimo-jetty.xml` see ["Deployment"]):
  {{{
-<gbean name="geronimo.server:type=WebConnector,container=Jetty,port=8443" 
-       class="org.apache.geronimo.jetty.connector.HTTPSConnector">
-    <attribute name="port" type="int">8443</attribute>
-    <reference name="JettyContainer">geronimo.server:type=WebContainer,container=Jetty</reference>
-</gbean>
+<gbean name="geronimo.server:type=WebConnector,container=Jetty,port=8443" class="org.apache.geronimo.jetty.connector.HTTPSConnector">
+        <reference name="JettyContainer">geronimo.server:type=WebContainer,container=Jetty</reference>
+        <reference name="ServerInfo">geronimo.system:role=ServerInfo</reference>
+        <attribute name="port" type="int">8443</attribute>
+        <attribute name="keystore" type="java.lang.String">var/security/ssl-keystore</attribute>
+        <attribute name="password" type="java.lang.String">changeit</attribute>
+        <attribute name="keystoreType" type="java.lang.String">JKS</attribute>
+        <attribute name="useDefaultTrustStore" type="boolean">false</attribute>
+        <attribute name="needClientAuth" type="boolean">false</attribute>
+    </gbean>
 }}}
 
 This is a cut-n-paste from `geronimo/modules/assembly/src/plan/j2ee-server-plan.xml` as suggested
by Jeremy in the link below.
@@ -40,16 +45,6 @@
 === Status ===
 
 At the moment the server starts, and is listening on port 8443, and it appears to be running
https, but I appear to have botched my certificate generation so I can't establish a connection.
 The browser tells me that the certificate is invalid or corrupt.  If your certificate-fu
is more powerful than mine you'll probably have no problems.
-
-=== Wishlist ===
-
-It would be nice to be able to specify the passwords and the keystore location in the deployment
descriptor.  At the moment it looks as if `org.apache.geronimo.jetty.connector.JettyConnector`
isn't set up to allow this:
- {{{
-        GBeanInfoFactory infoFactory = new GBeanInfoFactory("Jetty HTTP Connector", JettyConnector.class);
-        infoFactory.addAttribute("port", int.class, true);
-        infoFactory.addReference("JettyContainer", JettyContainer.class);
-        GBEAN_INFO = infoFactory.getBeanInfo();
-}}}
 
 == References ==
 

Mime
View raw message