public class HttpsConnectorFactory extends HttpConnectorFactory
Name | Default | Description |
keyStorePath |
REQUIRED | The path to the Java key store which contains the host certificate and private key. |
keyStorePassword |
REQUIRED | The password used to access the key store. |
keyStoreType |
JKS |
The type of key store (usually JKS , PKCS12 , JCEKS ,
Windows-MY , or Windows-ROOT ).
|
keyStoreProvider |
(none) | The JCE provider to use to access the key store. |
trustStorePath |
(none) | The path to the Java key store which contains the CA certificates used to establish trust. |
trustStorePassword |
(none) | The password used to access the trust store. |
trustStoreType |
JKS |
The type of trust store (usually JKS , PKCS12 , JCEKS ,
Windows-MY , or Windows-ROOT ).
|
trustStoreProvider |
(none) | The JCE provider to use to access the trust store. |
keyManagerPassword |
(none) | The password, if any, for the key manager. |
needClientAuth |
(none) | Whether or not client authentication is required. |
wantClientAuth |
(none) | Whether or not client authentication is requested. |
certAlias |
(none) | The alias of the certificate to use. |
crlPath |
(none) | The path to the file which contains the Certificate Revocation List. |
enableCRLDP |
false | Whether or not CRL Distribution Points (CRLDP) support is enabled. |
enableOCSP |
false | Whether or not On-Line Certificate Status Protocol (OCSP) support is enabled. |
maxCertPathLength |
(unlimited) | The maximum certification path length. |
ocspResponderUrl |
(none) | The location of the OCSP responder. |
jceProvider |
(none) | The name of the JCE provider to use for cryptographic support. |
validateCerts |
false | Whether or not to validate TLS certificates before starting. If enabled, Dropwizard will refuse to start with expired or otherwise invalid certificates. This option will cause unconditional failure in Dropwizard 1.x until a new validation mechanism can be implemented. |
validatePeers |
false | Whether or not to validate TLS peer certificates. This option will cause unconditional failure in Dropwizard 1.x until a new validation mechanism can be implemented. |
supportedProtocols |
JVM default |
A list of protocols (e.g., SSLv3 , TLSv1 ) which are supported. All
other protocols will be refused.
|
excludedProtocols |
["SSL.*", "TLSv1", "TLSv1\.1"] |
A list of protocols (e.g., SSLv3 , TLSv1 ) which are excluded. These
protocols will be refused.
|
supportedCipherSuites |
JVM default |
A list of cipher suites (e.g., TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ) which
are supported. All other cipher suites will be refused
|
excludedCipherSuites |
Jetty's default |
A list of cipher suites (e.g., TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 ) which
are excluded. These cipher suites will be refused.
|
allowRenegotiation |
true | Whether or not TLS renegotiation is allowed. |
endpointIdentificationAlgorithm |
(none) | Which endpoint identification algorithm, if any, to use during the TLS handshake. |
HttpConnectorFactory
.HttpConnectorFactory
Constructor and Description |
---|
HttpsConnectorFactory() |
Modifier and Type | Method and Description |
---|---|
org.eclipse.jetty.server.Connector |
build(org.eclipse.jetty.server.Server server,
com.codahale.metrics.MetricRegistry metrics,
String name,
org.eclipse.jetty.util.thread.ThreadPool threadPool)
Create a new connector.
|
protected org.eclipse.jetty.server.HttpConfiguration |
buildHttpConfiguration() |
protected org.eclipse.jetty.util.ssl.SslContextFactory |
configureSslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory factory) |
boolean |
getAllowRenegotiation() |
String |
getCertAlias() |
File |
getCrlPath() |
Boolean |
getEnableCRLDP() |
Boolean |
getEnableOCSP() |
String |
getEndpointIdentificationAlgorithm() |
List<String> |
getExcludedCipherSuites() |
List<String> |
getExcludedProtocols() |
String |
getJceProvider() |
String |
getKeyManagerPassword() |
String |
getKeyStorePassword() |
String |
getKeyStorePath() |
String |
getKeyStoreProvider() |
String |
getKeyStoreType() |
Integer |
getMaxCertPathLength() |
Boolean |
getNeedClientAuth() |
URI |
getOcspResponderUrl() |
List<String> |
getSupportedCipherSuites() |
List<String> |
getSupportedProtocols() |
String |
getTrustStorePassword() |
String |
getTrustStorePath() |
String |
getTrustStoreProvider() |
String |
getTrustStoreType() |
boolean |
getValidatePeers() |
Boolean |
getWantClientAuth() |
boolean |
isValidateCerts() |
boolean |
isValidKeyStorePassword() |
boolean |
isValidKeyStorePath() |
protected org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener |
logSslInfoOnStart(org.eclipse.jetty.util.ssl.SslContextFactory sslContextFactory)
Register a listener that waits until the ssl context factory has started.
|
void |
setAllowRenegotiation(boolean allowRenegotiation) |
void |
setCertAlias(String certAlias) |
void |
setCrlPath(File crlPath) |
void |
setEnableCRLDP(Boolean enableCRLDP) |
void |
setEnableOCSP(Boolean enableOCSP) |
void |
setEndpointIdentificationAlgorithm(String endpointIdentificationAlgorithm) |
void |
setExcludedCipherSuites(List<String> excludedCipherSuites) |
void |
setExcludedProtocols(List<String> excludedProtocols) |
void |
setJceProvider(String jceProvider) |
void |
setKeyManagerPassword(String keyManagerPassword) |
void |
setKeyStorePassword(String keyStorePassword) |
void |
setKeyStorePath(String keyStorePath) |
void |
setKeyStoreProvider(String keyStoreProvider) |
void |
setKeyStoreType(String keyStoreType) |
void |
setMaxCertPathLength(Integer maxCertPathLength) |
void |
setNeedClientAuth(Boolean needClientAuth) |
void |
setOcspResponderUrl(URI ocspResponderUrl) |
void |
setSupportedCipherSuites(List<String> supportedCipherSuites) |
void |
setSupportedProtocols(List<String> supportedProtocols) |
void |
setTrustStorePassword(String trustStorePassword) |
void |
setTrustStorePath(String trustStorePath) |
void |
setTrustStoreProvider(String trustStoreProvider) |
void |
setTrustStoreType(String trustStoreType) |
void |
setValidateCerts(boolean validateCerts) |
void |
setValidatePeers(boolean validatePeers) |
void |
setWantClientAuth(Boolean wantClientAuth) |
admin, application, buildBufferPool, buildConnector, buildHttpConnectionFactory, getAcceptorThreads, getAcceptQueueSize, getBindHost, getBufferPoolIncrement, getHeaderCacheSize, getHttpCompliance, getIdleTimeout, getInputBufferSize, getMaxBufferPoolSize, getMaxRequestHeaderSize, getMaxResponseHeaderSize, getMinBufferPoolSize, getMinRequestDataPerSecond, getMinResponseDataPerSecond, getOutputBufferSize, getPort, getRequestCookieCompliance, getResponseCookieCompliance, getSelectorThreads, httpConnections, isInheritChannel, isReuseAddress, isUseDateHeader, isUseForwardedHeaders, isUseProxyProtocol, isUseServerHeader, setAcceptorThreads, setAcceptQueueSize, setBindHost, setBufferPoolIncrement, setHeaderCacheSize, setHttpCompliance, setIdleTimeout, setInheritChannel, setInputBufferSize, setMaxBufferPoolSize, setMaxRequestHeaderSize, setMaxResponseHeaderSize, setMinBufferPoolSize, setMinRequestDataPerSecond, setMinResponseDataPerSecond, setOutputBufferSize, setPort, setRequestCookieCompliance, setResponseCookieCompliance, setReuseAddress, setSelectorThreads, setUseDateHeader, setUseForwardedHeaders, setUseProxyProtocol, setUseServerHeader
public boolean getAllowRenegotiation()
public void setAllowRenegotiation(boolean allowRenegotiation)
public void setEndpointIdentificationAlgorithm(String endpointIdentificationAlgorithm)
public void setKeyStorePath(String keyStorePath)
public void setKeyStorePassword(String keyStorePassword)
public String getKeyStoreType()
public void setKeyStoreType(String keyStoreType)
public void setKeyStoreProvider(String keyStoreProvider)
public String getTrustStoreType()
public void setTrustStoreType(String trustStoreType)
public void setTrustStoreProvider(String trustStoreProvider)
public void setKeyManagerPassword(String keyManagerPassword)
public void setTrustStorePath(String trustStorePath)
public void setNeedClientAuth(Boolean needClientAuth)
public void setWantClientAuth(Boolean wantClientAuth)
public void setCertAlias(String certAlias)
public void setCrlPath(File crlPath)
public void setEnableCRLDP(Boolean enableCRLDP)
public void setEnableOCSP(Boolean enableOCSP)
public void setMaxCertPathLength(Integer maxCertPathLength)
public void setOcspResponderUrl(URI ocspResponderUrl)
public void setJceProvider(String jceProvider)
public boolean getValidatePeers()
public void setValidatePeers(boolean validatePeers)
public boolean isValidateCerts()
public void setValidateCerts(boolean validateCerts)
@ValidationMethod(message="keyStorePath should not be null") public boolean isValidKeyStorePath()
@ValidationMethod(message="keyStorePassword should not be null or empty") public boolean isValidKeyStorePassword()
public org.eclipse.jetty.server.Connector build(org.eclipse.jetty.server.Server server, com.codahale.metrics.MetricRegistry metrics, String name, @Nullable org.eclipse.jetty.util.thread.ThreadPool threadPool)
ConnectorFactory
build
in interface ConnectorFactory
build
in class HttpConnectorFactory
server
- the application's Server
instancemetrics
- the application's metricsname
- the application's namethreadPool
- the application's thread poolConnector
protected org.eclipse.jetty.server.HttpConfiguration buildHttpConfiguration()
buildHttpConfiguration
in class HttpConnectorFactory
protected org.eclipse.jetty.util.component.AbstractLifeCycle.AbstractLifeCycleListener logSslInfoOnStart(org.eclipse.jetty.util.ssl.SslContextFactory sslContextFactory)
protected org.eclipse.jetty.util.ssl.SslContextFactory configureSslContextFactory(org.eclipse.jetty.util.ssl.SslContextFactory factory)
Copyright © 2019. All rights reserved.