SSL with grizzly and jersey

Question

SSL with grizzly and jersey

I'm trying to get grizzlies to use SSL encryption and still work fine with Jersey. I have looked all over the internet and I find all kinds of SSL attempts with Grizzly and Jersey. It seems that there are different ways to do this depending on which version you are using and how you decided to implement it. I have not yet been able to get any examples to work with my code.

This is how I start my server:

static HttpServer startSecureServer() throws IOException{ ResourceConfig rc=new PackagesResourceConfig("server.grizzlyresources"); SSLContextConfigurator sslCon=new SSLContextConfigurator(); sslCon.setKeyStoreFile(ConfigLoader.getKeystoreLocation()); // contains server keypair sslCon.setKeyStorePass(ConfigLoader.getKeystorePassword()); System.out.println("Starting server on port "+ConfigLoader.getHttpsServerPort()); HttpServer secure=GrizzlyServerFactory.createHttpServer(BASE_URI_SECURED, rc); secure.stop(); HashSet<NetworkListener> lists=new HashSet<NetworkListener>(secure.getListeners()); for (NetworkListener listener : lists){ listener.setSecure(true); SSLEngineConfigurator ssle=new SSLEngineConfigurator(sslCon); listener.setSSLEngineConfig(ssle); secure.addListener(listener); System.out.println(listener); } secure.start(); return secure; } private static URI getBaseURISecured(){ return UriBuilder.fromUri("https://0.0.0.0/").port(ConfigLoader.getHttpsServerPort()).build(); } private static final URI BASE_URI_SECURED = getBaseURISecured();

ConfigLoader loads information from the configuration file. When I run this code, it starts the server, it finds the resources in the server.grizzlyresources package, and it works great! Except for one. The server is not secure. I can connect telnet to it and send an HTTP request in text form for one of my resources, and it will return it. Thus, the code works to start the server, but all of its SSL is simply bypassed. Any ideas how to fix this or why this could be done?

Here's the console output on startup:

 Starting server on port 9999 Jan 13, 2014 9:51:08 AM com.sun.jersey.api.core.PackagesResourceConfig init INFO: Scanning for root resource and provider classes in the packages: server.grizzlyresources Jan 13, 2014 9:51:08 AM com.sun.jersey.api.core.ScanningResourceConfig logClasses INFO: Root resource classes found: class server.grizzlyresources.SessionResource class server.grizzlyresources.LoginResource Jan 13, 2014 9:51:08 AM com.sun.jersey.api.core.ScanningResourceConfig init INFO: No provider classes found. Jan 13, 2014 9:51:08 AM com.sun.jersey.server.impl.application.WebApplicationImpl _initiate INFO: Initiating Jersey application, version 'Jersey: 1.12 02/15/2012 04:51 PM' Jan 13, 2014 9:51:09 AM org.glassfish.grizzly.http.server.NetworkListener start INFO: Started listener bound to [0.0.0.0:9999] Jan 13, 2014 9:51:09 AM org.glassfish.grizzly.http.server.HttpServer start INFO: [HttpServer] Started. Jan 13, 2014 9:51:09 AM org.glassfish.grizzly.http.server.NetworkListener stop INFO: Stopped listener bound to [0.0.0.0:9999] NetworkListener{name='grizzly', host='0.0.0.0', port=9999, secure=true} Jan 13, 2014 9:51:09 AM org.glassfish.grizzly.http.server.NetworkListener start INFO: Started listener bound to [0.0.0.0:9999] Jan 13, 2014 9:51:09 AM org.glassfish.grizzly.http.server.HttpServer start INFO: [HttpServer] Started.

I am using Grizzly 2.2.1 and Jersey 1.12.

Thanks a bunch!

+7

java rest ssl jersey grizzly

user1389906 Jan 13 '14 at 17:56

source share

4 answers

Sorry to post here so long. Alexey’s answer led me to a working solution, which in many ways resembles Wolfgang Fall’s code. Here is what I ended up with:

 static HttpServer startSecureServer() throws IOException { System.out.println("Starting server on port " + ConfigLoader.getHttpsServerPort()); ResourceConfig rc = new PackagesResourceConfig("com.kinpoint.server.grizzlyresources"); SSLContextConfigurator sslCon = new SSLContextConfigurator(); sslCon.setKeyStoreFile(ConfigLoader.getKeystoreLocation()); // contains server keypair sslCon.setKeyStorePass(ConfigLoader.getKeystorePassword()); HttpHandler hand = ContainerFactory.createContainer(HttpHandler.class, rc); HttpServer secure = GrizzlyServerFactory.createHttpServer(BASE_URI_SECURED, hand, true, new SSLEngineConfigurator(sslCon, false, false, false)); return secure; }

The second parameter in SSLEngineConfigurator indicates that it is not using client mode. This is what confused me. Thanks for the help.

+8

user1389906 Sep 22 '14 at 20:25

source share

I have a good and tested example using Grizzly 2.3.3 in: https://github.com/danielnuriyev/scriptedstuff/tree/master/src/com/scriptedstuff/server

+2

Daniel Nuriyev Mar 12 '14 at 21:04

source share

The following code works with Grizzly 2.3.7, and I use Jersey 1.18 - this includes code for authenticating SSL clients - if you don't have keys, this function will simply be ignored.

 /** * create a Server based on an url and possibly a ResourceConfig * * @param url * @param rc * @param secure * - true if SSL should be used * @param contextPath * @return * @throws Exception */ public HttpServer createHttpServer(String url, ResourceConfig rc, boolean secure, String contextPath) throws Exception { // HttpServer result = GrizzlyServerFactory.createHttpServer(url, rc); // http://grepcode.com/file/repo1.maven.org/maven2/com.sun.jersey/jersey-grizzly2/1.6/com/sun/jersey/api/container/grizzly2/GrizzlyServerFactory.java#GrizzlyServerFactory.createHttpServer%28java.net.URI%2Ccom.sun.jersey.api.container.grizzly2.ResourceConfig%29 HttpServer result = new HttpServer(); final NetworkListener listener = new NetworkListener("grizzly", settings.getHost(), settings.getPort()); result.addListener(listener); // do we need SSL? if (secure) { listener.setSecure(secure); SSLEngineConfigurator sslEngineConfigurator = createSSLConfig(true); listener.setSSLEngineConfig(sslEngineConfigurator); } // Map the path to the processor. final ServerConfiguration config = result.getServerConfiguration(); final HttpHandler handler = ContainerFactory.createContainer( HttpHandler.class, rc); config.addHttpHandler(handler, contextPath); return result; } /** * create SSL Configuration * * @param isServer * true if this is for the server * @return * @throws Exception */ private SSLEngineConfigurator createSSLConfig(boolean isServer) throws Exception { final SSLContextConfigurator sslContextConfigurator = new SSLContextConfigurator(); // override system properties final File cacerts = getStoreFile("server truststore", "truststore_server.jks"); if (cacerts != null) { sslContextConfigurator.setTrustStoreFile(cacerts.getAbsolutePath()); sslContextConfigurator.setTrustStorePass(TRUSTSTORE_PASSWORD); } // override system properties final File keystore = getStoreFile("server keystore", "keystore_server.jks"); if (keystore != null) { sslContextConfigurator.setKeyStoreFile(keystore.getAbsolutePath()); sslContextConfigurator.setKeyStorePass(TRUSTSTORE_PASSWORD); } // boolean clientMode = false; // force client Authentication ... boolean needClientAuth = settings.isNeedClientAuth(); boolean wantClientAuth = settings.isWantClientAuth(); SSLEngineConfigurator result = new SSLEngineConfigurator( sslContextConfigurator.createSSLContext(), clientMode, needClientAuth, wantClientAuth); return result; }

+1

Wolfgang fahl May 10 '14 at 7:19

source share

alexey · Accepted Answer · 2014-01-13T20:32:53+0000

IMO, you can use another Factory method to initialize the protected Grizzly HttpServer:

 HttpServer secure = GrizzlyServerFactory.createHttpServer(BASE_URI_SECURED, ContainerFactory.createContainer(HttpHandler.class, rc), true, new SSLEngineConfigurator(sslCon));

If you initialize the server this way, you do not need to stop and reconfigure it again.

Hope this helps.

SSL with grizzly and jersey

More articles: