基于Jetty Server的WEB项目SSL证书验证实践
开发环境:jdk1.6、jetty5.1.9(这个版本只需要JDK1.4就可以)、HSQL数据库------
jetty的初始化信息不采用配置文件的方式,全部在程序里完成。
?????????? Server service = new Server();
??? ??? ??? // 端口由启动服务类的参数设置,默认80,443
??? ??? ??? if (arg.length > 0) {
??? ??? ??? ??? for (int i = 0; i < arg.length; i++) {
??? ??? ??? ??? ??? try {
??? ??? ??? ??? ??? ??? httpPort = Integer.parseInt(arg[i]);
??? ??? ??? ??? ??? ??? if(httpPort > 0 && ++i <arg.length){
??? ??? ??? ??? ??? ??? ??? httpsPort = Integer.parseInt(arg[i]);
??? ??? ??? ??? ??? ??? ??? break;
??? ??? ??? ??? ??? ??? }
??? ??? ??? ??? ??? } catch (NumberFormatException nfe) {
??? ??? ??? ??? ??? ??? continue;
??? ??? ??? ??? ??? }
??? ??? ??? ??? }
??? ??? ??? }
??? ??? ??? if(httpPort == 0) httpPort = 80;
??? ??? ??? if(httpsPort == 0) httpsPort = 443;
??? ??? ???
??? ??? ??? System.out.println("The httpPort is :" + httpPort + "\r\nThe httpsPort is:" + httpsPort);
??? ??? ??? java.net.InetAddress addr = java.net.InetAddress.getLocalHost();
//初始化一个HTTP访问监听器
??? ??? ??? SocketListener listenerd = new SocketListener();
??? ??? ??? listenerd.setMaxThreads(200);
??? ??? ??? listenerd.setMinThreads(10);
??? ??? ??? listenerd.setPort(httpPort);??? ??? ???
??? ??? ??? listenerd.setHost(addr.getHostAddress());
??? ??? ??? listenerd.setConfidentialPort(httpsPort);
??? ??? ??? listenerd.setConfidentialScheme("http");???
??? ??? ??? service.addListener(listenerd);
//初始化一个HTTPS访问监听器,对于SSL访问,为什么初始化SocketListener ,文尾有说明
??? ??? ??? SslListener listener = new SslListener();
??? ??? ??? listener.setMinThreads(10);
??? ??? ??? listener.setMaxThreads(200);
??? ??? ??? String strUrl = LoadPath.getRootPath(null);??? ??? ???
??? ??? ??? listener.setKeystore(strUrl+"etc/maxnet.store");
??? ??? ??? listener.setKeyPassword("maxnet");
??? ??? ??? listener.setPassword("maxnet");
??? ??? ??? //listener.setHost(addr.getHostAddress());
??? ??? ??? listener.setPort(httpsPort);
??? ??? ??? listener.setProtocol("SSL");
??? ??? ??? listener.setConfidentialScheme("https");
??? ??? ??? service.addListener(listener);
?
//初始化web前端信息
??? ??? ??? HttpContext ctx = new ServletHttpContext();
??? ??? ??? String strUrl = LoadPath.getRootPath(null);
??? ? ? ??? ctx.setResourceBase(strUrl + "wwwroot");??? ??
??? ?? ? ?? ctx.setContextPath("/");
??? ?? ? ?? ctx.setMaxCacheSize(0);
/**ResetForwardHandler继承了org.mortbay.http.handler.AbstractHttpHandler(hander的一个基础类),
? *?????????????????????????? 实现这个类,是为了取得请求响应的操控handle
? */
??? ?? ? ?? ctx.addHandler(new ResetForwardHandler());
??? ??????? ctx.addHandler(new ResourceHandler());
??? ??? ??? service.addContext(ctx);
??? ??? ??? // 注册servlet
??? ??? ??? ServletHandler handler = new ServletHandler();
??? ??? ??? handler.addServlet("controller", "*.do", "com.*.TestServlet");
??????????? ----------------// 注册servle
??? ??? ???
??? ??? ??? ctx.addHandler(handler);
??? ??? ???
??? ??? ??? service.start();
??? ??? ??? if (service.isStarted()) {
??? ??? ??? ??? SystemLogger.processLogger.info("The server has started!");
??? ??? ??? }
?
-------
?
?????????? /**
???????????? * 获取对请求、响应的操控handle,在程序流程中加入自己的需求
???????????? */
??????????? class ResetForwardHandler extends AbstractHttpHandler {
??? ????????????? private static final long serialVersionUID = -2397322842553983897L;
??? ????????????? public void handle(String pathInContext, String pathParams,
??? ??? ??? ? ? ? ? ? ?? HttpRequest request, HttpResponse response) throws HttpException, IOException {
??? ??? ??? ??? ??? ??? if (!HttpRequest.__GET.equals(request.getMethod())
??? ??? ??? ??? ?? ?? ??? ??? ? ??? && !HttpRequest.__HEAD.equals(request.getMethod())
??? ??? ??? ??? ??? ??? ??? ??? ??? && !HttpRequest.__POST.equals(request.getMethod()))
??? ??? ??? ??? ??? ??? ??? ??? return;
??? ??? ?? ?? ??? ??? ? response.setField(HttpFields.__ContentType, HttpFields.__TextHtml);
//将HTTP的请求切换到HTTPS中
??? ??? ??? ??? ??? ??? String url = request.getRequestURL().toString();
??? ??? ?? ?? ??? ??? ? if(url.startsWith("http://")){???
??? ??? ??? ??? ??? ??? ??? ??? url = "https://" + IP ??? +":"+port + request.getURI();
??? ??? ??? ?? ?? ??? ??? ??? ? response.sendRedirect(url);
??? ??? ?? ?? ??? ??? ? }??? ??? ?
? ? ? ? ? ? ? ? ? ? ? ?? ------------ ? ???
?
?
在走SSL的过程中,发现如果只初始化一个SslListener监听器,对于https能够正确的处理,但如果用户用http访问(不能够通过SSL层的验证)的时候,会出现“不友善”的响应为了解决这个问题,查阅了jetty5.*的文档没有找到解决的方式,所以不得已,同时初始化了一个SocketListener监听器,对于HTTP的访问进行处理。
这是不得已的解决方式,单月6以后的jetty解决了这个问题。