You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@felix.apache.org by fm...@apache.org on 2014/01/08 20:56:45 UTC
svn commit: r1556619 - in /felix/trunk/http/jetty/src/main:
java/org/apache/felix/http/jetty/internal/ resources/OSGI-INF/metatype/
Author: fmeschbe
Date: Wed Jan 8 19:56:45 2014
New Revision: 1556619
URL: http://svn.apache.org/r1556619
Log:
FELIX-4376 Allow configuring included and excluded SSL Cipher Suites
for the Jetty server.
Applying slightly modified patch by Dominique Pfister (thanks)
Modified:
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
felix/trunk/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.properties
felix/trunk/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.xml
Modified: felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java?rev=1556619&r1=1556618&r2=1556619&view=diff
==============================================================================
--- felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java (original)
+++ felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyConfig.java Wed Jan 8 19:56:45 2014
@@ -108,6 +108,13 @@ public final class JettyConfig
/** Felix specific property to set the list of path exclusions for Web Application Bundles */
public static final String FELIX_HTTP_PATH_EXCLUSIONS = "org.apache.felix.http.path_exclusions";
+ /** Felix specific property to configure the excluded cipher suites */
+ public static final String FELIX_JETTY_EXCLUDED_SUITES = "org.apache.felix.https.jetty.cipersuites.excluded";
+
+ /** Felix specific property to configure the included cipher suites */
+ public static final String FELIX_JETTY_INCLUDED_SUITES = "org.apache.felix.https.jetty.cipersuites.included";
+
+
private static String validateContextPath(String ctxPath)
{
// undefined, empty, or root context path
@@ -173,6 +180,11 @@ public final class JettyConfig
return validateContextPath(getProperty(FELIX_HTTP_CONTEXT_PATH, null));
}
+ public String[] getExcludedCipherSuites()
+ {
+ return getStringArrayProperty(FELIX_JETTY_EXCLUDED_SUITES, null);
+ }
+
public String getHost()
{
return getProperty(FELIX_HOST, null);
@@ -193,6 +205,11 @@ public final class JettyConfig
return getIntProperty(HTTP_TIMEOUT, 60000);
}
+ public String[] getIncludedCipherSuites()
+ {
+ return getStringArrayProperty(FELIX_JETTY_INCLUDED_SUITES, null);
+ }
+
/**
* Returns the named generic configuration property from the
* configuration or the bundle context. If neither property is defined
@@ -330,7 +347,7 @@ public final class JettyConfig
/**
* Updates this configuration with the given dictionary.
- *
+ *
* @param props the dictionary with the new configuration values, can be <code>null</code> to reset this configuration to its defaults.
* @return <code>true</code> if the configuration was updated due to a changed value, or <code>false</code> if no change was found.
*/
@@ -341,7 +358,7 @@ public final class JettyConfig
props = new Properties();
}
- // FELIX-4312 Check whether there's something changed in our configuration...
+ // FELIX-4312 Check whether there's something changed in our configuration...
Dictionary currentConfig = this.config;
if (currentConfig == null || !props.equals(currentConfig))
{
@@ -381,7 +398,7 @@ public final class JettyConfig
* <dd>[,9000) | 1 < port < 9000</dd>
* <dd>[8000,) | 8000 <= port < 65534</dd>
* </dl>
- *
+ *
* @param portProp
* The port property value to parse.
* @return The port determined to be usable. -1 if failed to find a port.
Modified: felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java
URL: http://svn.apache.org/viewvc/felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java?rev=1556619&r1=1556618&r2=1556619&view=diff
==============================================================================
--- felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java (original)
+++ felix/trunk/http/jetty/src/main/java/org/apache/felix/http/jetty/internal/JettyService.java Wed Jan 8 19:56:45 2014
@@ -369,6 +369,16 @@ public final class JettyService extends
{
connector.setNeedClientAuth(true);
}
+
+ if (this.config.getExcludedCipherSuites() != null)
+ {
+ connector.setExcludeCipherSuites(this.config.getExcludedCipherSuites());
+ }
+
+ if (this.config.getIncludedCipherSuites() != null)
+ {
+ connector.setIncludeCipherSuites(this.config.getIncludedCipherSuites());
+ }
}
private void configureConnector(final Connector connector, int port)
Modified: felix/trunk/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.properties
URL: http://svn.apache.org/viewvc/felix/trunk/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.properties?rev=1556619&r1=1556618&r2=1556619&view=diff
==============================================================================
--- felix/trunk/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.properties (original)
+++ felix/trunk/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.properties Wed Jan 8 19:56:45 2014
@@ -128,4 +128,12 @@ org.apache.felix.http.path_exclusions.na
org.apache.felix.http.path_exclusions.description = Contains a list of \
context path prefixes. If a Web Application Bundle is started with a \
context path matching any of these prefixes, it will not be deployed \
- in the servlet container.
\ No newline at end of file
+ in the servlet container.
+
+org.apache.felix.https.jetty.cipersuites.excluded.name = Excluded cipher suites
+org.apache.felix.https.jetty.cipersuites.excluded.description = List of cipher \
+ suites that should be excluded. Default is none.
+
+org.apache.felix.https.jetty.cipersuites.included.name = Included cipher suites
+org.apache.felix.https.jetty.cipersuites.included.description = List of cipher \
+ suites that should be included. Default is none.
Modified: felix/trunk/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.xml
URL: http://svn.apache.org/viewvc/felix/trunk/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.xml?rev=1556619&r1=1556618&r2=1556619&view=diff
==============================================================================
--- felix/trunk/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.xml (original)
+++ felix/trunk/http/jetty/src/main/resources/OSGI-INF/metatype/metatype.xml Wed Jan 8 19:56:45 2014
@@ -45,6 +45,8 @@
<AD id="org.apache.felix.http.jetty.responseBufferSize" type="Integer" default="24576" name="%org.apache.felix.http.jetty.responseBufferSize.name" description="%org.apache.felix.http.jetty.responseBufferSize.description"/>
<AD id="org.apache.felix.http.debug" type="Boolean" default="false" name="%org.apache.felix.http.debug.name" description="%org.apache.felix.http.debug.description"/>
<AD id="org.apache.felix.http.path_exclusions" type="String" default="/system" cardinality="2147483647" name="%org.apache.felix.http.path_exclusions.name" description="%org.apache.felix.http.path_exclusions.description"/>
+ <AD id="org.apache.felix.https.jetty.cipersuites.excluded" type="String" cardinality="2147483647" name="%org.apache.felix.https.jetty.cipersuites.excluded.name" description="%org.apache.felix.https.jetty.cipersuites.excluded.description"/>
+ <AD id="org.apache.felix.https.jetty.cipersuites.included" type="String" cardinality="2147483647" name="%org.apache.felix.https.jetty.cipersuites.included.name" description="%org.apache.felix.https.jetty.cipersuites.included.description"/>
</OCD>
<Designate pid="org.apache.felix.http">
<Object ocdref="org.apache.felix.http"/>