仅将嵌入式Jetty 9与HTTPS一起使用 [英] Using embedded Jetty 9 with HTTPS only

问题描述

我正在使用嵌入式Jetty 9，我想在其中允许https访问，但没有http。

I am using embedded Jetty 9, where I want to allow https access, but no http.

我知道我可以轻松地在Jetty web.xml中配置重定向，但嵌入式版本中没有该文件。我知道我可以使用任何文件并从嵌入式版本指向它，但这应该更容易。

I know I can easily configure a redirect in Jetty web.xml, but I don't have that file in the embedded version. I know I can use any file and point to it from the embedded version, but this should be easier.

所以我在这里搜索并找到了这个文件：//blog.anvard.org/articles/2013/10/05/jetty-ssl-server.html rel = nofollow noreferrer> http://blog.anvard.org/articles/2013/10/05/ jetty-ssl-server.html 其中作者说：当然，我们可以通过删除HTTP连接器来强制使用HTTP / S。

So I searched and found this here http://blog.anvard.org/articles/2013/10/05/jetty-ssl-server.html where the author states "Of course, we could force the use of HTTP/S by just removing the HTTP connector."

所以我正是这样做的：

    Server server = new Server();

    SslContextFactory sslContextFactory = new SslContextFactory();
    sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
    sslContextFactory.setKeyStorePassword(Keys.DOMAIN_CERTIFICATE_JKS_KEYSTORE_PASSWORD);
    sslContextFactory.setKeyManagerPassword(Keys.DOMAIN_CERTIFICATE_KEY_MANAGER_PASSWORD);

    HttpConfiguration httpsConfiguration = new HttpConfiguration();
    SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
    httpsConfiguration.addCustomizer(secureRequestCustomizer);

    ServerConnector serverConnector = new ServerConnector(server,
            new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
            new HttpConnectionFactory(httpsConfiguration));
    serverConnector.setHost("192.168.0.5");
    serverConnector.setPort(9443);
    serverConnector.setIdleTimeout(15000);

    server.setConnectors(new Connector[] { serverConnector });

问题：似乎没有用。 https可以正常工作，但是当我访问http时，我得到 200 OK 响应，其中正文为垃圾（而不是预期的json响应）。因此，服务器似乎可以处理请求，但是无论如何都会加密错误。还是我忽略了任何东西而我的配置不好？

Problem: It doesn't seem to work. https is working fine, but when I access http, I get 200 OK response with junk in the body (instead of the expected json response). So the server seems to process the request, but encrypt wrong, whatever. Or have I overlooked anything and my configuration is bad?

-

推荐答案

据我所知，您正确完成了所有操作。连接到SSL端口并发送常规HTTP（不进行SSL握手）将返回SSL警报消息。即使没有收到HTTP响应，您的HTTP客户端（由于某种原因）仍会给您 200 OK 消息。

As far as I can tell, you did everything correctly. Connecting to the SSL port and sending regular HTTP (w/o the SSL handshaking) is returning an SSL Alert message. Your HTTP client (for some reason) is giving you the 200 OK message despite not even receiving an HTTP response.

您收到的是一条SSL警报消息。

What you are receiving is an SSL Alert message.

15 03 03 00 02 02 50 // response

15 = ALERT
03 03 = SSL version (TLS 1.x)
00 02 = Message Length
02 50 = Message

这篇关于仅将嵌入式Jetty 9与HTTPS一起使用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！