diff options
| author | Robert Gemmell <robbie@apache.org> | 2012-07-13 14:37:23 +0000 |
|---|---|---|
| committer | Robert Gemmell <robbie@apache.org> | 2012-07-13 14:37:23 +0000 |
| commit | 4dafd3cc40c262c13a53fc4ae853413a64aaa1cb (patch) | |
| tree | 380e889f2d1516ce1a2f7484de2a2bce0db37047 /qpid/java/broker-plugins/management-http/src | |
| parent | bfeb478032164121c8403c1a5fc375123d7ce66f (diff) | |
| download | qpid-python-4dafd3cc40c262c13a53fc4ae853413a64aaa1cb.tar.gz | |
QPID-3998: Add HTTPS support for the REST management interface
Applied patch from Oleksandr Rudyy <orudyy@gmail.com>
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1361239 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/java/broker-plugins/management-http/src')
9 files changed, 158 insertions, 76 deletions
diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java index 589f46749d..c2f9b73b54 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/Management.java @@ -20,22 +20,46 @@ */ package org.apache.qpid.server.management.plugin; -import java.net.InetSocketAddress; -import java.net.SocketAddress; +import java.io.File; +import java.io.FileNotFoundException; +import java.io.IOException; import java.util.ArrayList; import java.util.Collection; + +import org.apache.commons.configuration.ConfigurationException; import org.apache.log4j.Logger; import org.apache.qpid.server.management.plugin.servlet.DefinedFileServlet; import org.apache.qpid.server.management.plugin.servlet.FileServlet; import org.apache.qpid.server.management.plugin.servlet.api.ExchangesServlet; import org.apache.qpid.server.management.plugin.servlet.api.VhostsServlet; -import org.apache.qpid.server.management.plugin.servlet.rest.*; -import org.apache.qpid.server.model.*; +import org.apache.qpid.server.management.plugin.servlet.rest.LogRecordsServlet; +import org.apache.qpid.server.management.plugin.servlet.rest.MessageContentServlet; +import org.apache.qpid.server.management.plugin.servlet.rest.MessageServlet; +import org.apache.qpid.server.management.plugin.servlet.rest.RestServlet; +import org.apache.qpid.server.management.plugin.servlet.rest.SaslServlet; +import org.apache.qpid.server.management.plugin.servlet.rest.StructureServlet; +import org.apache.qpid.server.model.AuthenticationProvider; +import org.apache.qpid.server.model.Binding; +import org.apache.qpid.server.model.Broker; +import org.apache.qpid.server.model.ConfiguredObject; +import org.apache.qpid.server.model.Connection; +import org.apache.qpid.server.model.Exchange; +import org.apache.qpid.server.model.Port; +import org.apache.qpid.server.model.Protocol; +import org.apache.qpid.server.model.Queue; +import org.apache.qpid.server.model.Session; +import org.apache.qpid.server.model.Transport; +import org.apache.qpid.server.model.User; +import org.apache.qpid.server.model.VirtualHost; import org.apache.qpid.server.registry.ApplicationRegistry; +import org.apache.qpid.server.registry.IApplicationRegistry; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.SessionManager; +import org.eclipse.jetty.server.nio.SelectChannelConnector; +import org.eclipse.jetty.server.ssl.SslSocketConnector; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; +import org.eclipse.jetty.util.ssl.SslContextFactory; public class Management { @@ -46,72 +70,110 @@ public class Management private Collection<Server> _servers = new ArrayList<Server>(); - - public Management() + public Management() throws ConfigurationException, IOException { _broker = ApplicationRegistry.getInstance().getBroker(); Collection<Port> ports = _broker.getPorts(); - for(Port port : ports) + int httpPort = -1, httpsPort = -1; + for (Port port : ports) { - // TODO - cover cases where more than just HTTP supported, and SSL as a transport - if(port.getProtocols().contains(Protocol.HTTP)) + if (port.getProtocols().contains(Protocol.HTTP)) + { + if (port.getTransports().contains(Transport.TCP)) + { + httpPort = port.getPort(); + } + } + if (port.getProtocols().contains(Protocol.HTTPS)) { - if(port.getTransports().contains(Transport.TCP)) + if (port.getTransports().contains(Transport.SSL)) { - int portNumber = port.getPort(); - if (_logger.isInfoEnabled()) - { - _logger.info("Creating web server on port " + portNumber); - } - _servers.add(createServer(portNumber)); + httpsPort = port.getPort(); } } } - if (_logger.isDebugEnabled()) + if (httpPort != -1 || httpsPort != -1) { - _logger.info(_servers.size() + " server(s) defined"); + _servers.add(createServer(httpPort, httpsPort)); + if (_logger.isDebugEnabled()) + { + _logger.debug(_servers.size() + " server(s) defined"); + } + } + else + { + if (_logger.isInfoEnabled()) + { + _logger.info("Cannot create web server as neither HTTP nor HTTPS port specified"); + } } - } - private Server createServer(int port) + @SuppressWarnings("unchecked") + private Server createServer(int port, int sslPort) throws IOException, ConfigurationException { - _logger.info("Starting up web server on port " + port); + if (_logger.isInfoEnabled()) + { + _logger.info("Starting up web server on" + (port == -1 ? "" : " HTTP port " + port) + + (sslPort == -1 ? "" : " HTTPS port " + sslPort)); + } + + Server server = new Server(); - Server server = new Server(port); - SocketAddress socketAddress = new InetSocketAddress(port); + if (port != -1) + { + SelectChannelConnector connector = new SelectChannelConnector(); + connector.setPort(port); + if (sslPort != -1) + { + connector.setConfidentialPort(sslPort); + } + server.addConnector(connector); + } + + if (sslPort != -1) + { + IApplicationRegistry appRegistry = ApplicationRegistry.getInstance(); + String keyStorePath = getKeyStorePath(appRegistry); + + SslContextFactory factory = new SslContextFactory(); + factory.setKeyStorePath(keyStorePath); + factory.setKeyStorePassword(appRegistry.getConfiguration().getManagementKeyStorePassword()); + + SslSocketConnector connector = new SslSocketConnector(factory); + connector.setPort(sslPort); + server.addConnector(connector); + } ServletContextHandler root = new ServletContextHandler(ServletContextHandler.SESSIONS); - root.setContextPath("/"); - server.setHandler(root); + root.setContextPath("/"); + server.setHandler(root); root.addServlet(new ServletHolder(new VhostsServlet(_broker)), "/api/vhosts/*"); root.addServlet(new ServletHolder(new ExchangesServlet(_broker)), "/api/exchanges/*"); - addRestServlet(root, "broker", socketAddress); - addRestServlet(root, "virtualhost", socketAddress, VirtualHost.class); - addRestServlet(root, "authenticationprovider", socketAddress, AuthenticationProvider.class); - addRestServlet(root, "user", socketAddress, AuthenticationProvider.class, User.class); - addRestServlet(root, "exchange", socketAddress, VirtualHost.class, Exchange.class); - addRestServlet(root, "queue", socketAddress, VirtualHost.class, Queue.class); - addRestServlet(root, "connection", socketAddress, VirtualHost.class, Connection.class); - addRestServlet(root, "binding", socketAddress, VirtualHost.class, Exchange.class, Queue.class, Binding.class); - addRestServlet(root, "port", socketAddress, Port.class); - addRestServlet(root, "session", socketAddress, VirtualHost.class, Connection.class, Session.class); + addRestServlet(root, "broker"); + addRestServlet(root, "virtualhost", VirtualHost.class); + addRestServlet(root, "authenticationprovider", AuthenticationProvider.class); + addRestServlet(root, "user", AuthenticationProvider.class, User.class); + addRestServlet(root, "exchange", VirtualHost.class, Exchange.class); + addRestServlet(root, "queue", VirtualHost.class, Queue.class); + addRestServlet(root, "connection", VirtualHost.class, Connection.class); + addRestServlet(root, "binding", VirtualHost.class, Exchange.class, Queue.class, Binding.class); + addRestServlet(root, "port", Port.class); + addRestServlet(root, "session", VirtualHost.class, Connection.class, Session.class); - root.addServlet(new ServletHolder(new StructureServlet(_broker, socketAddress)), "/rest/structure"); - root.addServlet(new ServletHolder(new MessageServlet(_broker, socketAddress)), "/rest/message/*"); - root.addServlet(new ServletHolder(new MessageContentServlet(_broker, socketAddress)), "/rest/message-content/*"); + root.addServlet(new ServletHolder(new StructureServlet(_broker)), "/rest/structure"); + root.addServlet(new ServletHolder(new MessageServlet(_broker)), "/rest/message/*"); + root.addServlet(new ServletHolder(new MessageContentServlet(_broker)), "/rest/message-content/*"); - root.addServlet(new ServletHolder(new LogRecordsServlet(_broker, socketAddress)), "/rest/logrecords"); + root.addServlet(new ServletHolder(new LogRecordsServlet(_broker)), "/rest/logrecords"); + root.addServlet(new ServletHolder(new SaslServlet(_broker)), "/rest/sasl"); - root.addServlet(new ServletHolder(new SaslServlet(_broker, socketAddress)), "/rest/sasl"); - - root.addServlet(new ServletHolder(new DefinedFileServlet("management.html")),"/management"); - + root.addServlet(new ServletHolder(new DefinedFileServlet("management.html")), "/management"); root.addServlet(new ServletHolder(FileServlet.INSTANCE), "*.js"); root.addServlet(new ServletHolder(FileServlet.INSTANCE), "*.css"); @@ -131,14 +193,14 @@ public class Management return server; } - private void addRestServlet(ServletContextHandler root, String name, SocketAddress socketAddress, Class<? extends ConfiguredObject>... hierarchy) + private void addRestServlet(ServletContextHandler root, String name, Class<? extends ConfiguredObject>... hierarchy) { - root.addServlet(new ServletHolder(new RestServlet(_broker, socketAddress, hierarchy)), "/rest/"+name+"/*"); + root.addServlet(new ServletHolder(new RestServlet(_broker, hierarchy)), "/rest/" + name + "/*"); } public void start() throws Exception { - for(Server server : _servers) + for (Server server : _servers) { server.start(); } @@ -146,10 +208,41 @@ public class Management public void stop() throws Exception { - for(Server server : _servers) + for (Server server : _servers) { server.stop(); } } + private String getKeyStorePath(IApplicationRegistry appRegistry) throws ConfigurationException, FileNotFoundException + { + String keyStorePath = null; + if (System.getProperty("javax.net.ssl.keyStore") != null) + { + keyStorePath = System.getProperty("javax.net.ssl.keyStore"); + } + else + { + keyStorePath = appRegistry.getConfiguration().getManagementKeyStorePath(); + } + + if (keyStorePath == null) + { + throw new ConfigurationException("Management SSL keystore path not defined, unable to start SSL protected HTTP connector"); + } + else + { + File ksf = new File(keyStorePath); + if (!ksf.exists()) + { + throw new FileNotFoundException("Cannot find management SSL keystore file: " + ksf); + } + if (!ksf.canRead()) + { + throw new FileNotFoundException("Cannot read management SSL keystore file: " + ksf + ". Check permissions."); + } + } + return keyStorePath; + } + } diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/ManagementActivator.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/ManagementActivator.java index 2600d8a7bf..09b7e08bfb 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/ManagementActivator.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/ManagementActivator.java @@ -39,9 +39,10 @@ public class ManagementActivator implements BundleActivator public void start(final BundleContext ctx) throws Exception { _ctx = ctx; - if (!ApplicationRegistry.getInstance().getConfiguration().getHTTPManagementEnabled()) + if (!ApplicationRegistry.getInstance().getConfiguration().getHTTPManagementEnabled() + && !ApplicationRegistry.getInstance().getConfiguration().getHTTPSManagementEnabled()) { - _logger.info("Management plugin is diabled!"); + _logger.info("Management plugin is disabled!"); ctx.getBundle().uninstall(); return; } diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java index 123f352ec1..a76bd98179 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/AbstractServlet.java @@ -42,19 +42,16 @@ import org.apache.qpid.server.security.auth.manager.AuthenticationManager; public abstract class AbstractServlet extends HttpServlet { private final Broker _broker; - private SocketAddress _socketAddress; protected AbstractServlet() { super(); _broker = ApplicationRegistry.getInstance().getBroker(); - _socketAddress = null; } - protected AbstractServlet(Broker broker, SocketAddress socketAddress) + protected AbstractServlet(Broker broker) { _broker = broker; - _socketAddress = socketAddress; } @Override @@ -206,10 +203,6 @@ public abstract class AbstractServlet extends HttpServlet protected SocketAddress getSocketAddress(HttpServletRequest request) { - if (_socketAddress == null) - { - return InetSocketAddress.createUnresolved(request.getServerName(), request.getServerPort()); - } - return _socketAddress; + return InetSocketAddress.createUnresolved(request.getServerName(), request.getServerPort()); } } diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/LogRecordsServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/LogRecordsServlet.java index 7a4b92f907..404793b592 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/LogRecordsServlet.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/LogRecordsServlet.java @@ -18,7 +18,6 @@ package org.apache.qpid.server.management.plugin.servlet.rest; import java.io.IOException; import java.io.PrintWriter; -import java.net.SocketAddress; import java.util.ArrayList; import java.util.LinkedHashMap; import java.util.List; @@ -36,12 +35,12 @@ public class LogRecordsServlet extends AbstractServlet { public LogRecordsServlet() { - super(ApplicationRegistry.getInstance().getBroker(), null); + super(ApplicationRegistry.getInstance().getBroker()); } - public LogRecordsServlet(Broker broker, SocketAddress socketaddress) + public LogRecordsServlet(Broker broker) { - super(broker, socketaddress); + super(broker); } @Override diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/MessageContentServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/MessageContentServlet.java index 4d58a9f3b0..bc87f0bcc5 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/MessageContentServlet.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/MessageContentServlet.java @@ -18,7 +18,6 @@ package org.apache.qpid.server.management.plugin.servlet.rest; import java.io.IOException; -import java.net.SocketAddress; import java.nio.ByteBuffer; import java.util.ArrayList; import java.util.Arrays; @@ -43,9 +42,9 @@ public class MessageContentServlet extends AbstractServlet super(); } - public MessageContentServlet(Broker broker, SocketAddress socketaddress) + public MessageContentServlet(Broker broker) { - super(broker, socketaddress); + super(broker); } @Override diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/MessageServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/MessageServlet.java index b47dc8b28e..6e7bc1d935 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/MessageServlet.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/MessageServlet.java @@ -19,7 +19,6 @@ package org.apache.qpid.server.management.plugin.servlet.rest; import java.io.IOException; import java.io.PrintWriter; -import java.net.SocketAddress; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; @@ -57,9 +56,9 @@ public class MessageServlet extends AbstractServlet super(); } - public MessageServlet(Broker broker, SocketAddress socketaddress) + public MessageServlet(Broker broker) { - super(broker, socketaddress); + super(broker); } @Override diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java index b2f4147366..5c7421fdaa 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/RestServlet.java @@ -55,9 +55,9 @@ public class RestServlet extends AbstractServlet initializationRequired = true; } - public RestServlet(Broker broker, SocketAddress socketaddress, Class<? extends ConfiguredObject>... hierarchy) + public RestServlet(Broker broker, Class<? extends ConfiguredObject>... hierarchy) { - super(broker, socketaddress); + super(broker); _hierarchy = hierarchy; } diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java index 03ee2e92ee..1b78611a50 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/SaslServlet.java @@ -39,7 +39,6 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; import java.io.PrintWriter; -import java.net.SocketAddress; import java.security.Principal; import java.security.SecureRandom; import java.util.LinkedHashMap; @@ -63,9 +62,9 @@ public class SaslServlet extends AbstractServlet super(); } - public SaslServlet(Broker broker, SocketAddress socketaddress) + public SaslServlet(Broker broker) { - super(broker, socketaddress); + super(broker); } protected void onGet(HttpServletRequest request, HttpServletResponse response) throws diff --git a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/StructureServlet.java b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/StructureServlet.java index 6295d74b42..e4ba374f89 100644 --- a/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/StructureServlet.java +++ b/qpid/java/broker-plugins/management-http/src/main/java/org/apache/qpid/server/management/plugin/servlet/rest/StructureServlet.java @@ -18,7 +18,6 @@ package org.apache.qpid.server.management.plugin.servlet.rest; import java.io.IOException; import java.io.PrintWriter; -import java.net.SocketAddress; import java.util.ArrayList; import java.util.Collection; import java.util.LinkedHashMap; @@ -42,9 +41,9 @@ public class StructureServlet extends AbstractServlet super(); } - public StructureServlet(Broker broker, SocketAddress socketaddress) + public StructureServlet(Broker broker) { - super(broker, socketaddress); + super(broker); } @Override |