diff options
Diffstat (limited to 'java/sca/modules/host-tomcat/src')
3 files changed, 91 insertions, 19 deletions
diff --git a/java/sca/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java b/java/sca/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java index 9b28729231..5ea1701c05 100644 --- a/java/sca/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java +++ b/java/sca/modules/host-tomcat/src/main/java/org/apache/tuscany/sca/http/tomcat/TomcatServer.java @@ -25,6 +25,7 @@ import java.net.URI; import java.net.URL; import java.net.UnknownHostException; import java.security.AccessController; +import java.security.KeyStore; import java.security.PrivilegedAction; import java.security.PrivilegedActionException; import java.security.PrivilegedExceptionAction; @@ -217,7 +218,7 @@ public class TomcatServer implements ServletHost { if (scheme == null) { scheme = "http"; } - final int portNumber = (uri.getPort() == -1 ? defaultPortNumber : uri.getPort() ); + final int portNumber = (uri.getPort() == -1 ? defaultPortNumber : uri.getPort()); // Get the port object associated with the given port number Port port = ports.get(portNumber); @@ -226,13 +227,12 @@ public class TomcatServer implements ServletHost { // Create an engine // Allow privileged access to read properties. Requires PropertiesPermission read in // security policy. - final StandardEngine engine = - AccessController.doPrivileged(new PrivilegedAction<StandardEngine>() { + final StandardEngine engine = AccessController.doPrivileged(new PrivilegedAction<StandardEngine>() { public StandardEngine run() { return new StandardEngine(); } }); - + engine.setBaseDir(""); engine.setDefaultHost("localhost"); engine.setName("engine/" + portNumber); @@ -265,7 +265,7 @@ public class TomcatServer implements ServletHost { // Allow privileged access to read properties. Requires PropertiesPermission read in // security policy. try { - AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { + AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { public Object run() throws LifecycleException { engine.start(); return null; @@ -274,20 +274,52 @@ public class TomcatServer implements ServletHost { } catch (PrivilegedActionException e) { // throw (LifecycleException)e.getException(); throw new ServletMappingException(e); - } + } Connector connector; // Allow privileged access to read properties. Requires PropertiesPermission read in // security policy. try { + final String protocol = scheme; connector = AccessController.doPrivileged(new PrivilegedExceptionAction<CustomConnector>() { public CustomConnector run() throws Exception { - CustomConnector customConnector = new CustomConnector(); - customConnector.setPort(portNumber); - customConnector.setContainer(engine); - customConnector.initialize(); - customConnector.start(); - return customConnector; - } + CustomConnector customConnector = new CustomConnector(); + customConnector.setPort(portNumber); + customConnector.setContainer(engine); + + if ("https".equalsIgnoreCase(protocol)) { + configureSSL(customConnector); + ((Http11Protocol) customConnector.getProtocolHandler()).setSSLEnabled(true); + } + customConnector.initialize(); + customConnector.start(); + return customConnector; + } + + private void configureSSL(CustomConnector customConnector) { + String trustStore = System.getProperty("javax.net.ssl.trustStore"); + String trustStorePass = System.getProperty("javax.net.ssl.trustStorePassword"); + String keyStore = System.getProperty("javax.net.ssl.keyStore"); + String keyStorePass = System.getProperty("javax.net.ssl.keyStorePassword"); + + customConnector.setProperty("protocol", "TLS"); + + customConnector.setProperty("keystore", keyStore); + customConnector.setProperty("keypass", keyStorePass); + String keyStoreType = + System.getProperty("javax.net.ssl.keyStoreType", KeyStore.getDefaultType()); + String trustStoreType = + System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType()); + customConnector.setProperty("keytype", keyStoreType); + customConnector.setProperty("trusttype", trustStoreType); + customConnector.setProperty("truststore", trustStore); + customConnector.setProperty("trustpass", trustStorePass); + + customConnector.setProperty("clientauth", "false"); + customConnector.setProtocol("HTTP/1.1"); + customConnector.setScheme(protocol); + customConnector.setProperty("backlog", "10"); + customConnector.setSecure(true); + } }); } catch (Exception e) { throw new ServletMappingException(e); @@ -512,12 +544,12 @@ public class TomcatServer implements ServletHost { } catch (Exception ex) { // Hack to handle destruction of Servlets without Servlet context } - + logger.info("Removed Servlet mapping: " + suri); - + // Stop the port if there's no servlets on it anymore String[] contextNames = port.getConnector().getMapper().getContextNames(); - if (contextNames == null || contextNames.length ==0) { + if (contextNames == null || contextNames.length == 0) { try { port.getConnector().stop(); port.getEngine().stop(); @@ -526,7 +558,7 @@ public class TomcatServer implements ServletHost { throw new IllegalStateException(e); } } - + return servletWrapper.getServlet(); } else { logger.warning("Trying to Remove servlet mapping: " + mapping + " where mapping is not registered"); diff --git a/java/sca/modules/host-tomcat/src/test/java/org/apache/tuscany/sca/http/tomcat/TomcatServerTestCase.java b/java/sca/modules/host-tomcat/src/test/java/org/apache/tuscany/sca/http/tomcat/TomcatServerTestCase.java index 7ca5325ccb..afbec52cd9 100644 --- a/java/sca/modules/host-tomcat/src/test/java/org/apache/tuscany/sca/http/tomcat/TomcatServerTestCase.java +++ b/java/sca/modules/host-tomcat/src/test/java/org/apache/tuscany/sca/http/tomcat/TomcatServerTestCase.java @@ -20,10 +20,15 @@ package org.apache.tuscany.sca.http.tomcat; import java.io.BufferedReader; import java.io.IOException; +import java.io.InputStream; import java.io.InputStreamReader; import java.io.OutputStream; import java.net.Socket; +import java.net.URL; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLSession; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; @@ -91,7 +96,38 @@ public class TomcatServerTestCase extends TestCase { service.stop(); assertTrue(servlet.invoked); } + + /** + * Verifies requests are properly routed according to the Servlet mapping + */ + public void testRegisterServletMappingSSL() throws Exception { + System.setProperty("javax.net.ssl.keyStore", "target/test-classes/tuscany.keyStore"); + System.setProperty("javax.net.ssl.keyStorePassword", "apache"); + TomcatServer service = new TomcatServer(workScheduler); + TestServlet servlet = new TestServlet(); + try { + service.addServletMapping("https://127.0.0.1:" + HTTP_PORT + "/foo", servlet); + } finally { + System.clearProperty("javax.net.ssl.keyStore"); + System.clearProperty("javax.net.ssl.keyStorePassword"); + } + System.setProperty("javax.net.ssl.trustStore", "target/test-classes/tuscany.keyStore"); + System.setProperty("javax.net.ssl.trustStorePassword", "apache"); + URL url = new URL("https://127.0.0.1:8085/foo"); + HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); + conn.setHostnameVerifier(new HostnameVerifier() { + public boolean verify(String hostname, SSLSession session) { + return true; + }} + ); + conn.connect(); + read(conn.getInputStream()); + + service.stop(); + assertTrue(servlet.invoked); + + } /** * Verifies that Servlets can be registered with multiple ports */ @@ -244,9 +280,14 @@ public class TomcatServerTestCase extends TestCase { } private static String read(Socket socket) throws IOException { + InputStream is = socket.getInputStream(); + return read(is); + } + + private static String read(InputStream is) throws IOException { BufferedReader reader = null; try { - reader = new BufferedReader(new InputStreamReader(socket.getInputStream())); + reader = new BufferedReader(new InputStreamReader(is)); StringBuffer sb = new StringBuffer(); String str; while ((str = reader.readLine()) != null) { @@ -259,7 +300,6 @@ public class TomcatServerTestCase extends TestCase { } } } - private class TestServlet extends HttpServlet { private static final long serialVersionUID = 1L; boolean invoked; diff --git a/java/sca/modules/host-tomcat/src/test/resources/tuscany.keyStore b/java/sca/modules/host-tomcat/src/test/resources/tuscany.keyStore Binary files differnew file mode 100644 index 0000000000..7ea23f7ff4 --- /dev/null +++ b/java/sca/modules/host-tomcat/src/test/resources/tuscany.keyStore |