org.mortbay.http
Class JsseListener
- HttpListener, LifeCycle, Serializable
public abstract class JsseListener
JSSE Socket Listener.
This specialization of HttpListener is an abstract listener that can be used as the basis for a
specific JSSE listener.
This is heavily based on the work from Court Demas, which in turn is based on the work from Forge
Research.
$Id: JsseListener.java,v 1.19 2005/11/03 18:21:59 gregwilkins Exp $- Greg Wilkins (gregw@mortbay.com)
- Court Demas (court@kiwiconsulting.com)
- Forge Research Pty Ltd ACN 003 491 576
- Jan Hlavatý
createConnection , customizeRequest , customizeRequest , getBufferReserve , getBufferSize , getConfidentialPort , getConfidentialScheme , getDefaultScheme , getHttpHandler , getHttpServer , getIdentifyListener , getIntegralPort , getIntegralScheme , getLowResourcePersistTimeMs , getLowResources , handleConnection , isConfidential , isIntegral , isLowOnResources , isOutOfResources , persistConnection , setBufferReserve , setBufferSize , setConfidentialPort , setConfidentialScheme , setDefaultScheme , setHttpHandler , setHttpServer , setIdentifyListener , setIntegralPort , setIntegralScheme , setLowResourcePersistTimeMs , setLowResources , start , stop |
acceptSocket , acceptSocket , getAcceptQueueSize , getAcceptorThreads , getHost , getInetAddrPort , getInetAddress , getLingerTimeSecs , getMaxReadTimeMs , getPort , getServerSocket , getTcpNoDelay , handle , handleConnection , handleConnection , newServerSocket , open , setAcceptQueueSize , setAcceptorThreads , setHost , setInetAddrPort , setInetAddress , setLingerTimeSecs , setMaxReadTimeMs , setPort , setTcpNoDelay , start , stop , stopJob , toString |
getIdleThreads , getMaxIdleTimeMs , getMaxThreads , getMinThreads , getName , getPoolName , getThreads , getThreadsPriority , handle , isDaemon , isStarted , join , run , setDaemon , setMaxIdleTimeMs , setMaxStopTimeMs , setMaxThreads , setMinThreads , setName , setPoolName , setThreadsPriority , shrink , start , stop , stopJob |
DEFAULT_KEYSTORE
public static final String DEFAULT_KEYSTORE
Default value for the keystore location path.
DEFAULT_KEYSTORE_PROVIDER_CLASS
public static final String DEFAULT_KEYSTORE_PROVIDER_CLASS
Default value for keystore provider class. null = use default
DEFAULT_KEYSTORE_PROVIDER_NAME
public static final String DEFAULT_KEYSTORE_PROVIDER_NAME
Default value for keystore provider name. null = use default
DEFAULT_KEYSTORE_TYPE
public static final String DEFAULT_KEYSTORE_TYPE
Default keystore type
KEYPASSWORD_PROPERTY
public static final String KEYPASSWORD_PROPERTY
String name of key password property.
KEYSTORE_PROPERTY
public static final String KEYSTORE_PROPERTY
String name of keystore location path property.
KEYSTORE_PROVIDER_CLASS_PROPERTY
public static final String KEYSTORE_PROVIDER_CLASS_PROPERTY
String name of keystore provider class property
KEYSTORE_PROVIDER_NAME_PROPERTY
public static final String KEYSTORE_PROVIDER_NAME_PROPERTY
String name of keystore provider name property
KEYSTORE_TYPE_PROPERTY
public static final String KEYSTORE_TYPE_PROPERTY
String name of keystore type property
PASSWORD_PROPERTY
public static final String PASSWORD_PROPERTY
String name of keystore password property.
JsseListener
public JsseListener()
Constructor.
JsseListener
public JsseListener(InetAddrPort p_address)
Constructor.
accept
protected Socket accept(ServerSocket p_serverSocket)
throws IOException
createFactory
protected abstract SSLServerSocketFactory createFactory()
throws Exception
customizeRequest
protected void customizeRequest(Socket socket,
HttpRequest request)
Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:
- an attribute named "javax.servlet.request.cipher_suite" of type String.
- an attribute named "javax.servlet.request.key_size" of type Integer.
- an attribute named "javax.servlet.request.X509Certificate" of type
java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate,
the order of this array is defined as being in ascending order of trust. The first
certificate in the chain is the one set by the client, the next is the one used to
authenticate the first, and so on.
- customizeRequest in interface SocketListener
socket
- The Socket the request arrived on. This should be a javax.net.ssl.SSLSocket.request
- HttpRequest to be customised.
getNeedClientAuth
public boolean getNeedClientAuth()
isConfidential
public boolean isConfidential(HttpConnection connection)
By default, we're confidential, given we speak SSL. But, if we've been told about an
confidential port, and said port is not our port, then we're not. This allows separation of
listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener
configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not
requiring client certs providing mere INTEGRAL constraints.
- isConfidential in interface HttpListener
- isConfidential in interface SocketListener
isIntegral
public boolean isIntegral(HttpConnection connection)
By default, we're integral, given we speak SSL. But, if we've been told about an integral
port, and said port is not our port, then we're not. This allows separation of listeners
providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to
require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring
client certs providing mere INTEGRAL constraints.
- isIntegral in interface HttpListener
- isIntegral in interface SocketListener
setNeedClientAuth
public void setNeedClientAuth(boolean needClientAuth)
Set the value of the needClientAuth property
needClientAuth
- true iff we require client certificate authentication.
Copyright © 2004 Mortbay Consulting Pty. Ltd. All Rights Reserved.