geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ammul...@apache.org
Subject svn commit: r224689 - in /geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo: SecureConnector.java WebConnector.java WebContainer.java
Date Mon, 25 Jul 2005 04:58:53 GMT
Author: ammulder
Date: Sun Jul 24 21:58:50 2005
New Revision: 224689

URL: http://svn.apache.org/viewcvs?rev=224689&view=rev
Log:
First stab at interfaces used to managed web containers and connectors.

Added:
    geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/SecureConnector.java
  (with props)
    geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/WebConnector.java
  (with props)
    geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/WebContainer.java
  (with props)

Added: geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/SecureConnector.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/SecureConnector.java?rev=224689&view=auto
==============================================================================
--- geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/SecureConnector.java
(added)
+++ geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/SecureConnector.java
Sun Jul 24 21:58:50 2005
@@ -0,0 +1,124 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.j2ee.management.geronimo;
+
+/**
+ * Common configuration settings for connectors that use SSL/TLS to conduct
+ * secure communications with clients.
+ *
+ * http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html
+ * http://mortbay.org/javadoc/org/mortbay/http/SslListener.html
+ * 
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public interface SecureConnector extends WebConnector {
+    public final static String KEYSTORE_TYPE_JKS = "JKS";
+    public final static String KEYSTORE_TYPE_PKCS12 = "PKCS12";
+    public final static String ALGORITHM_TYPE_SUN = "SunX509";
+    public final static String ALGORITHM_TYPE_IBM = "IbmX509";
+    public final static String PROTOCOL_TYPE_TLS = "TLS";
+    public final static String PROTOCOL_TYPE_SSL = "SSL";
+
+    /**
+     * Gets the name of the keystore file that holds the server certificate
+     * (and by default, the trusted CA certificates used for client certificate
+     * authentication).  This is relative to the Geronimo home directory.
+     */
+    public String getKeystoreFileName();
+    /**
+     * Sets the name of the keystore file that holds the server certificate
+     * (and by default, the trusted CA certificates used for client certificate
+     * authentication).  This is relative to the Geronimo home directory.
+     */
+    public void setKeystoreFileName(String name);
+    /**
+     * Gets the password used to access the keystore, and by default, used to
+     * access the server private key inside the keystore.
+     */
+    public String getKeystorePassword();
+    /**
+     * Sets the password used to access the keystore, and by default, used to
+     * access the server private key inside the keystore.  Not all connectors
+     * support configuring different passwords for those two features; if so,
+     * a separate PrivateKeyPassword should be defined in an
+     * implementation-specific connector interface.
+     */
+    public void setKeystorePassword(String password);
+    /**
+     * Gets the format of the entries in the keystore.  The default format for
+     * Java keystores is JKS, though some connector implementations support
+     * PCKS12 (and possibly other formats).
+     */
+    public String getKeystoreType();
+    /**
+     * Sets the format of the entries in the keystore.  The default format for
+     * Java keystores is JKS, though some connector implementations support
+     * PCKS12 (and possibly other formats).
+     */
+    public void setKeystoreType(String type);
+    /**
+     * Gets the certificate algorithm used to access the keystore.  This may
+     * be different for different JVM vendors, but should not usually be
+     * changed otherwise.
+     */
+    public String getAlgorithm();
+    /**
+     * Sets the certificate algorithm used to access the keystore.  This may
+     * be different for different JVM vendors, but should not usually be
+     * changed otherwise.
+     */
+    public void setAlgorithm(String algorithm);
+    /**
+     * Gets the protocol used for secure communication.  This should usually
+     * be TLS, though some JVM implementations (particularly some of IBM's)
+     * may not be compatible with popular browsers unless this is changed to
+     * SSL.
+     */
+    public String getProtocol();
+    /**
+     * Gets the protocol used for secure communication.  This should usually
+     * be TLS, though some JVM implementations (particularly some of IBM's)
+     * may not be compatible with popular browsers unless this is changed to
+     * SSL.  Don't change it if you're not having problems.
+     */
+    public void setProtocol(String protocol);
+    /**
+     * Checks whether clients are required to authenticate using client
+     * certificates in order to connect using this connector.  If enabled,
+     * client certificates are validated using the trust store, which defaults
+     * to the same keystore file, keystore type, and keystore password as the
+     * regular keystore.  Some connector implementations may allow you to
+     * configure those 3 values separately to use a different trust store.
+     *
+     * todo: confirm that Jetty defaults to keystore not JVM default trust store
+     */
+    public boolean isClientAuthRequired();
+    /**
+     * Checks whether clients are required to authenticate using client
+     * certificates in order to connect using this connector.  If enabled,
+     * client certificates are validated using the trust store, which defaults
+     * to the same keystore file, keystore type, and keystore password as the
+     * regular keystore.  Some connector implementations may allow you to
+     * configure those 3 values separately to use a different trust store.
+     *
+     * todo: confirm that Jetty defaults to keystore not JVM default trust store
+     */
+    public void setClientAuthRequired(boolean clientCert);
+
+    // Jetty: key password, integral/confidential separation
+    // Tomcat: trust keystore, trust password, trust keystore type, ciphers
+}

Propchange: geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/SecureConnector.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/WebConnector.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/WebConnector.java?rev=224689&view=auto
==============================================================================
--- geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/WebConnector.java
(added)
+++ geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/WebConnector.java
Sun Jul 24 21:58:50 2005
@@ -0,0 +1,129 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.j2ee.management.geronimo;
+
+import java.net.InetSocketAddress;
+
+/**
+ * The common configuration settings for a web container network connector --
+ * that is, the protocol and network settings used to connect to the web
+ * container (with a variety of tuning arguments as well).
+ *
+ * http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html
+ * http://mortbay.org/javadoc/org/mortbay/http/SocketListener.html
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public interface WebConnector {
+    /**
+     * Gets the network port that this connector listens on.
+     */
+    public int getPort();
+    /**
+     * Sets the network port that this connector listens on.
+     */
+    public void setPort(int port);
+    /**
+     * Gets the hostname/IP that this connector listens on.
+     */
+    public String getHost();
+    /**
+     * Sets the hostname/IP that this connector listens on.  This is typically
+     * most useful for machines with multiple network cards, but can be used
+     * to limit a connector to only listen for connections from the local
+     * machine (127.0.0.1).  To listen on all available network interfaces,
+     * specify an address of 0.0.0.0.
+     */
+    public void setHost(String host);
+    /**
+     * Every connector must specify a property of type InetSocketAddress
+     * because we use that to identify the network services to print a list
+     * during startup.  However, this can be read-only since the host and port
+     * are set separately using setHost and setPort.
+     */
+    public InetSocketAddress getListenAddress();
+
+    /**
+     * Gets the size of the buffer used to handle network data for this
+     * connector.
+     */
+    public int getBufferSizeBytes();
+    /**
+     * Gets the size of the buffer used to handle network data for this
+     * connector.
+     */
+    public void setBufferSizeBytes(int bytes);
+    /**
+     * Gets the maximum number of threads used to service connections from
+     * this connector.
+     */
+    public int getMaxThreads();
+    /**
+     * Sets the maximum number of threads used to service connections from
+     * this connector.
+     */
+    public void setMaxThreads(int threads);
+    /**
+     * Gets the maximum number of connections that may be queued while all
+     * threads are busy.  Any requests received while the queue is full will
+     * be rejected.
+     */
+    public int getAcceptQueueSize();
+    /**
+     * Sets the maximum number of connections that may be queued while all
+     * threads are busy.  Any requests received while the queue is full will
+     * be rejected.
+     */
+    public void setAcceptQueueSize(int size);
+    /**
+     * Gets the amount of time the socket used by this connector will linger
+     * after being closed.  -1 indicates that socket linger is disabled.
+     */
+    public int getLingerMillis();
+    /**
+     * Sets the amount of time the socket used by this connector will linger
+     * after being closed.  Use -1 to disable socket linger.
+     */
+    public void setLingerMillis(int millis);
+    /**
+     * Gets whether the TCP_NODELAY flag is set for the sockets used by this
+     * connector.  This usually enhances performance, so it should typically
+     * be set.
+     */
+    public boolean isTcpNoDelay();
+    /**
+     * Sets whether the TCP_NODELAY flag is set for the sockets used by this
+     * connector.  This usually enhances performance, so it should typically
+     * be set.
+     */
+    public void setTcpNoDelay(boolean enable);
+    /**
+     * Gets the network port to which traffic will be redirected if this
+     * connector handles insecure traffic and the request requires a secure
+     * connection.  Needless to say, this should point to another connector
+     * configured for SSL.
+     */
+    public int getRedirectPort();
+    /**
+     * Gets the network port to which traffic will be redirected if this
+     * connector handles insecure traffic and the request requires a secure
+     * connection.  Needless to say, this should point to another connector
+     * configured for SSL.  If no SSL connector is available, any port can
+     * be used as they all fail equally well.  :)
+     */
+    public void setRedirectPort(int port);
+}

Propchange: geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/WebConnector.java
------------------------------------------------------------------------------
    svn:eol-style = native

Added: geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/WebContainer.java
URL: http://svn.apache.org/viewcvs/geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/WebContainer.java?rev=224689&view=auto
==============================================================================
--- geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/WebContainer.java
(added)
+++ geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/WebContainer.java
Sun Jul 24 21:58:50 2005
@@ -0,0 +1,49 @@
+/**
+ *
+ * Copyright 2003-2004 The Apache Software Foundation
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.geronimo.j2ee.management.geronimo;
+
+/**
+ * The common configuration settings for a web container (currently, Tomcat or
+ * Jetty).
+ *
+ * @version $Rev: 46019 $ $Date: 2004-09-14 05:56:06 -0400 (Tue, 14 Sep 2004) $
+ */
+public interface WebContainer {
+    public final static String PROTOCOL_HTTP = "http";
+    public final static String PROTOCOL_HTTPS = "https";
+    public final static String PROTOCOL_AJP = "ajp";
+
+    /**
+     * Gets the protocols which this container can configure connectors for.
+     */
+    public String[] getSupportedProtocols();
+    
+    /**
+     * Creates a new connector, and returns the ObjectName for it.  Note that
+     * the connector may well require further customization before being fully
+     * functional (e.g. SSL settings for an HTTPS connector).
+     */
+    public String addConnector(String uniqueName, String protocol, String host, int port);
+
+    /**
+     * Gets the ObjectNames of any existing connectors for the specified
+     * protocol.
+     *
+     * @param protocol A protocol as returned by getSupportedProtocols
+     */
+    public String[] getConnectors(String protocol);
+}

Propchange: geronimo/trunk/modules/j2ee/src/java/org/apache/geronimo/j2ee/management/geronimo/WebContainer.java
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message