org.mortbay.http

Class JsseListener

Implemented Interfaces:
HttpListener, LifeCycle, Serializable
Known Direct Subclasses:
IbmJsseListener, SunJsseListener

public abstract class JsseListener
extends SocketListener

JSSE Socket Listener. This specialization of HttpListener is an abstract listener that can be used as the basis for a specific JSSE listener. This is heavily based on the work from Court Demas, which in turn is based on the work from Forge Research.
Version:
$Id: JsseListener.java,v 1.19 2005/11/03 18:21:59 gregwilkins Exp $
Authors:
Greg Wilkins (gregw@mortbay.com)
Court Demas (court@kiwiconsulting.com)
Forge Research Pty Ltd ACN 003 491 576
Jan Hlavatý

Nested Class Summary

Nested classes/interfaces inherited from class org.mortbay.util.ThreadPool

ThreadPool.PoolThread

Field Summary

static String
DEFAULT_KEYSTORE
Default value for the keystore location path.
static String
DEFAULT_KEYSTORE_PROVIDER_CLASS
Default value for keystore provider class.
static String
DEFAULT_KEYSTORE_PROVIDER_NAME
Default value for keystore provider name.
static String
DEFAULT_KEYSTORE_TYPE
Default keystore type
static String
KEYPASSWORD_PROPERTY
String name of key password property.
static String
KEYSTORE_PROPERTY
String name of keystore location path property.
static String
KEYSTORE_PROVIDER_CLASS_PROPERTY
String name of keystore provider class property
static String
KEYSTORE_PROVIDER_NAME_PROPERTY
String name of keystore provider name property
static String
KEYSTORE_TYPE_PROPERTY
String name of keystore type property
static String
PASSWORD_PROPERTY
String name of keystore password property.

Fields inherited from class org.mortbay.util.ThreadPool

__DAEMON, __PRIORITY

Fields inherited from interface org.mortbay.http.HttpListener

ATTRIBUTE

Constructor Summary

JsseListener()
Constructor.
JsseListener(InetAddrPort p_address)
Constructor.

Method Summary

protected Socket
accept(ServerSocket p_serverSocket)
protected abstract SSLServerSocketFactory
createFactory()
protected void
customizeRequest(Socket socket, HttpRequest request)
Allow the Listener a chance to customise the request.
boolean
getNeedClientAuth()
boolean
isConfidential(HttpConnection connection)
By default, we're confidential, given we speak SSL.
boolean
isIntegral(HttpConnection connection)
By default, we're integral, given we speak SSL.
protected ServerSocket
newServerSocket(InetAddrPort p_address, int p_acceptQueueSize)
void
setNeedClientAuth(boolean needClientAuth)
Set the value of the needClientAuth property

Methods inherited from class org.mortbay.http.SocketListener

createConnection, customizeRequest, customizeRequest, getBufferReserve, getBufferSize, getConfidentialPort, getConfidentialScheme, getDefaultScheme, getHttpHandler, getHttpServer, getIdentifyListener, getIntegralPort, getIntegralScheme, getLowResourcePersistTimeMs, getLowResources, handleConnection, isConfidential, isIntegral, isLowOnResources, isOutOfResources, persistConnection, setBufferReserve, setBufferSize, setConfidentialPort, setConfidentialScheme, setDefaultScheme, setHttpHandler, setHttpServer, setIdentifyListener, setIntegralPort, setIntegralScheme, setLowResourcePersistTimeMs, setLowResources, start, stop

Methods inherited from class org.mortbay.util.ThreadedServer

acceptSocket, acceptSocket, getAcceptQueueSize, getAcceptorThreads, getHost, getInetAddrPort, getInetAddress, getLingerTimeSecs, getMaxReadTimeMs, getPort, getServerSocket, getTcpNoDelay, handle, handleConnection, handleConnection, newServerSocket, open, setAcceptQueueSize, setAcceptorThreads, setHost, setInetAddrPort, setInetAddress, setLingerTimeSecs, setMaxReadTimeMs, setPort, setTcpNoDelay, start, stop, stopJob, toString

Methods inherited from class org.mortbay.util.ThreadPool

getIdleThreads, getMaxIdleTimeMs, getMaxThreads, getMinThreads, getName, getPoolName, getThreads, getThreadsPriority, handle, isDaemon, isStarted, join, run, setDaemon, setMaxIdleTimeMs, setMaxStopTimeMs, setMaxThreads, setMinThreads, setName, setPoolName, setThreadsPriority, shrink, start, stop, stopJob

Field Details

DEFAULT_KEYSTORE

public static final String DEFAULT_KEYSTORE
Default value for the keystore location path.

DEFAULT_KEYSTORE_PROVIDER_CLASS

public static final String DEFAULT_KEYSTORE_PROVIDER_CLASS
Default value for keystore provider class. null = use default

DEFAULT_KEYSTORE_PROVIDER_NAME

public static final String DEFAULT_KEYSTORE_PROVIDER_NAME
Default value for keystore provider name. null = use default

DEFAULT_KEYSTORE_TYPE

public static final String DEFAULT_KEYSTORE_TYPE
Default keystore type

KEYPASSWORD_PROPERTY

public static final String KEYPASSWORD_PROPERTY
String name of key password property.

KEYSTORE_PROPERTY

public static final String KEYSTORE_PROPERTY
String name of keystore location path property.

KEYSTORE_PROVIDER_CLASS_PROPERTY

public static final String KEYSTORE_PROVIDER_CLASS_PROPERTY
String name of keystore provider class property

KEYSTORE_PROVIDER_NAME_PROPERTY

public static final String KEYSTORE_PROVIDER_NAME_PROPERTY
String name of keystore provider name property

KEYSTORE_TYPE_PROPERTY

public static final String KEYSTORE_TYPE_PROPERTY
String name of keystore type property

PASSWORD_PROPERTY

public static final String PASSWORD_PROPERTY
String name of keystore password property.

Constructor Details

JsseListener

public JsseListener()
Constructor.

JsseListener

public JsseListener(InetAddrPort p_address)
Constructor.
Parameters:
p_address -

Method Details

accept

protected Socket accept(ServerSocket p_serverSocket)
            throws IOException
Parameters:
p_serverSocket -
Returns:

createFactory

protected abstract SSLServerSocketFactory createFactory()
            throws Exception

customizeRequest

protected void customizeRequest(Socket socket,
                                HttpRequest request)
Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:
  • an attribute named "javax.servlet.request.cipher_suite" of type String.
  • an attribute named "javax.servlet.request.key_size" of type Integer.
  • an attribute named "javax.servlet.request.X509Certificate" of type java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate, the order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on.
Overrides:
customizeRequest in interface SocketListener
Parameters:
socket - The Socket the request arrived on. This should be a javax.net.ssl.SSLSocket.
request - HttpRequest to be customised.

getNeedClientAuth

public boolean getNeedClientAuth()

isConfidential

public boolean isConfidential(HttpConnection connection)
By default, we're confidential, given we speak SSL. But, if we've been told about an confidential port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.
Specified by:
isConfidential in interface HttpListener
Overrides:
isConfidential in interface SocketListener

isIntegral

public boolean isIntegral(HttpConnection connection)
By default, we're integral, given we speak SSL. But, if we've been told about an integral port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.
Specified by:
isIntegral in interface HttpListener
Overrides:
isIntegral in interface SocketListener

newServerSocket

protected ServerSocket newServerSocket(InetAddrPort p_address,
                                       int p_acceptQueueSize)
            throws IOException
Overrides:
newServerSocket in interface ThreadedServer
Parameters:
p_address -
p_acceptQueueSize -
Returns:

setNeedClientAuth

public void setNeedClientAuth(boolean needClientAuth)
Set the value of the needClientAuth property
Parameters:
needClientAuth - true iff we require client certificate authentication.

Copyright © 2004 Mortbay Consulting Pty. Ltd. All Rights Reserved.