From: Jan B. <ja...@mo...> - 2006-07-28 20:59:54
|
Richard, FYI We moved the site over to jetty6 recently and the faq you refer to was available from the jetty5 site. The old jetty5 site is still available if you follow the link from the new home page on the left hand side menu item "Old jetty5.x" site. We are moving over the info that is still relevant from the old site, but it is taking some time, so thanks for bearing with us while we do the re-org. regards Jan Richard Wallace wrote: > Thanks Nik, that worked perfectly. The only problem I still had was I > wasn't sure how to create my keystore and such. I did a google search > for Jetty and SSL but the only thing I found was a reference to a FAQ on > the Jetty site that was no longer valid. Thank goodness for google > cache! Is there an alternative location for the FAQs that I missed. > This is the url that I was trying to get to > http://www.mortbay.org/jetty/faq?s=400-Security&t=ssl. And here's the > cached page for anyone interested: > http://72.14.203.104/search?q=cache:p07HSRYlYdsJ:www.mortbay.org/jetty/faq%3Fs%3D400-Security%26t%3Dssl+jetty+ssl&hl=en&gl=us&ct=clnk&cd=1&client=firefox. > > Thanks again, > Rich > > Nik Gonzalez wrote: > >>Hi Richard, >> >>Try inserting the following into the configuration tag of your >>maven-jetty-plugin inside the pom: >> >> <connectors> >> <connector >>implementation="org.mortbay.jetty.nio.SelectChannelConnector"> >> <port>8080</port> >> <maxIdleTime>60000</maxIdleTime> >> </connector> >> <connector >>implementation="org.mortbay.jetty.security.SslSocketConnector"> >> <port>8443</port> >> <maxIdleTime>30000</maxIdleTime> >> <keystore>C:\jeprox\jetty6\etc\keystore</keystore> >> <password>OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</password> >> <keyPassword>OBF:1u2u1wml1z7s1z7a1wnl1u2g</keyPassword> >> <truststore>C:\jeprox\jetty6\etc\keystore\</truststore> >> >><trustPassword>OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</trustPassword> >> <excludeCipherSuites> >> >><excludeCipherSuite>SSL_RSA_WITH_3DES_EDE_CBC_SHA</excludeCipherSuite> >> >><excludeCipherSuite>SSL_DHE_RSA_WITH_DES_CBC_SHA</excludeCipherSuite> >> >><excludeCipherSuite>SSL_DHE_DSS_WITH_DES_CBC_SHA</excludeCipherSuite> >> </excludeCipherSuites> >> </connector> >> </connectors> >> >>http://docs.codehaus.org/display/JETTY/SSL+Cipher+Suites has been >>updated. Kindly check it out again. Instead of the former implementation >>that lets you specify a list of enabled cipher suites, the new one lets >>you disable a list of cipher suites. There's also an update on the >>config example. >> >>Thanks! >>Nik >> >>Richard Wallace wrote: >> >> >>>Hello, >>> >>>I'm trying to get the maven plugin working so that I can get rid of >>>having to do a "mvn tomcat:undeploy clean && mvn tomcat:deploy" >>>whenever I change something in a configuration file or class and I >>>don't have to copy over the jsps and whatnot when I change those. The >>>app I'm working on now requires SSL for some of the more secure areas >>>of the app. >>> >>>I tried creating a jetty.xml file with the following configuration >>>(gleaned from http://docs.codehaus.org/display/JETTY/SSL+Cipher+Suites): >>> >>><?xml version="1.0" encoding="ISO-8859-1"?> >>><!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure//EN" >>>"http://jetty.mortbay.org/configure.dtd"> >>> >>><Configure class="org.mortbay.jetty.Server"> >>> <Item> >>> <New class="org.mortbay.jetty.security.SslSocketConnector"> >>> <Set name="Port">8443</Set> >>> <Set name="maxIdleTime">30000</Set> >>> <Set name="Keystore"> >>> <SystemProperty name="jetty.home" default="." /> >>> /etc/keystore >>> </Set> >>> <Set name="Password">OBF:1vny1zlo1x8e1vnw1vn61x8g1zlu1vn4</Set> >>> <Set name="KeyPassword">OBF:1u2u1wml1z7s1z7a1wnl1u2g</Set> >>> <!--you can specify the cipher suites with the suitable key >>>lengths in the following section. Only supported cipher suites should >>>be listed in this section. --> >>> <Set name="CipherSuites"> >>> <Array type="java.lang.String"> >>> <Item>SSL_RSA_WITH_RC4_128_MD5</Item> >>> <Item>SSL_RSA_WITH_RC4_128_SHA</Item> >>> <Item>SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA</Item> >>> </Array> >>> </Set> >>> </New> >>> </Item> >>></Configure> >>> >>>For some reason it doesn't seem to like the Configure->Item->New >>>hierarchy, tho it seems valid in the dtd from what I read. I tried >>>removing the surrounding <Item> element but Jetty just seemed to >>>ignore the <New> element. >>> >>>I noticed that you can also specify the <connectors> in the the >>><configuration> element of the jetty plugin in the pom file itself. I >>>started to try and do that but then wasn't sure what to do about the >>><Set name="CipherSuites"> element and its nested <Array> element. >>> >>>So, how should I be going about configuring jetty so that when I do a >>>"maven jetty:run" it creates a SSL connector in addition to the >>>standard HTTP connector? >>> >>>Thanks, >>>Rich >>> >>> >>>------------------------------------------------------------------------- >>>Take Surveys. Earn Cash. Influence the Future of IT >>>Join SourceForge.net's Techsay panel and you'll get the chance to share your >>>opinions on IT & business topics through brief surveys -- and earn cash >>>http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >>>_______________________________________________ >>>jetty-discuss mailing list >>>jet...@li... >>>https://lists.sourceforge.net/lists/listinfo/jetty-discuss >>> >>> >>> >> >> >>------------------------------------------------------------------------- >>Take Surveys. Earn Cash. Influence the Future of IT >>Join SourceForge.net's Techsay panel and you'll get the chance to share your >>opinions on IT & business topics through brief surveys -- and earn cash >>http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV >>_______________________________________________ >>jetty-discuss mailing list >>jet...@li... >>https://lists.sourceforge.net/lists/listinfo/jetty-discuss >> > > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV |