org.eclipse.jetty.server.ssl
类 SslSocketConnector

java.lang.Object
  org.eclipse.jetty.util.component.AbstractLifeCycle
      org.eclipse.jetty.util.component.AggregateLifeCycle
          org.eclipse.jetty.server.AbstractConnector
              org.eclipse.jetty.server.bio.SocketConnector
                  org.eclipse.jetty.server.ssl.SslSocketConnector

所有已实现的接口：

HttpBuffers, Connector, SslConnector, Destroyable, Dumpable, LifeCycle

public class SslSocketConnector
extends SocketConnector
implements SslConnector

SSL Socket Connector. This specialization of SocketConnector is an abstract listener that can be used as the basis for a specific JSSE listener. The original of this class was heavily based on the work from Court Demas, which in turn is based on the work from Forge Research. Since JSSE, this class has evolved significantly from that early work.

嵌套类摘要

class

SslSocketConnector.SslConnectorEndPoint

从类 org.eclipse.jetty.server.bio.SocketConnector 继承的嵌套类/接口

SocketConnector.ConnectorEndPoint

从类 org.eclipse.jetty.util.component.AbstractLifeCycle 继承的嵌套类/接口

AbstractLifeCycle.AbstractLifeCycleListener

从接口 org.eclipse.jetty.util.component.LifeCycle 继承的嵌套类/接口

LifeCycle.Listener

字段摘要

从类 org.eclipse.jetty.server.bio.SocketConnector 继承的字段

_connections, _localPort, _serverSocket

从类 org.eclipse.jetty.server.AbstractConnector 继承的字段

_buffers, _lowResourceMaxIdleTime, _maxIdleTime, _soLingerTime

从类 org.eclipse.jetty.util.component.AbstractLifeCycle 继承的字段

_listeners, FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING

从接口 org.eclipse.jetty.server.ssl.SslConnector 继承的字段

DEFAULT_KEYSTORE, DEFAULT_KEYSTORE_ALGORITHM, DEFAULT_TRUSTSTORE_ALGORITHM, KEYPASSWORD_PROPERTY, PASSWORD_PROPERTY

构造方法摘要

SslSocketConnector()
Constructor.

SslSocketConnector(SslContextFactory sslContextFactory)

方法摘要

void	accept(int acceptorID)
protected void	configure(Socket socket)
void	customize(EndPoint endpoint, Request request) Allow the Listener a chance to customise the request. before the server does its stuff.
protected void	doStart() Start the managed lifecycle beans in the order they were added.
protected void	doStop() Stop the joined lifecycle beans in the reverse order they were added.
String	getAlgorithm() 已过时。
String[]	getExcludeCipherSuites() 已过时。
int	getHandshakeTimeout()
String[]	getIncludeCipherSuites() 已过时。
String	getKeystore() 已过时。
String	getKeystoreType() 已过时。
boolean	getNeedClientAuth() 已过时。
String	getProtocol() 已过时。
String	getProvider() 已过时。
String	getSecureRandomAlgorithm() 已过时。
SSLContext	getSslContext() 已过时。
SslContextFactory	getSslContextFactory()
String	getSslKeyManagerFactoryAlgorithm() 已过时。
String	getSslTrustManagerFactoryAlgorithm() 已过时。
String	getTruststore() 已过时。
String	getTruststoreType() 已过时。
boolean	getWantClientAuth() 已过时。
boolean	isAllowRenegotiate()
boolean	isConfidential(Request request) By default, we're confidential, given we speak SSL.
boolean	isIntegral(Request request) By default, we're integral, given we speak SSL.
protected ServerSocket	newServerSocket(String host, int port, int backlog)
void	open() Opens the connector
void	setAlgorithm(String algorithm) 已过时。
void	setAllowRenegotiate(boolean allowRenegotiate) Set if SSL re-negotiation is allowed.
void	setExcludeCipherSuites(String[] cipherSuites) 已过时。
void	setHandshakeTimeout(int msec) Set the time in milliseconds for so_timeout during ssl handshaking
void	setIncludeCipherSuites(String[] cipherSuites) 已过时。
void	setKeyPassword(String password) 已过时。
void	setKeystore(String keystore) 已过时。
void	setKeystoreType(String keystoreType) 已过时。
void	setNeedClientAuth(boolean needClientAuth) 已过时。
void	setPassword(String password) 已过时。
void	setProtocol(String protocol) 已过时。
void	setProvider(String provider) 已过时。
void	setSecureRandomAlgorithm(String algorithm) 已过时。
void	setSslContext(SSLContext sslContext) 已过时。
void	setSslKeyManagerFactoryAlgorithm(String algorithm) 已过时。
void	setSslTrustManagerFactoryAlgorithm(String algorithm) 已过时。
void	setTrustPassword(String password) 已过时。
void	setTruststore(String truststore) 已过时。
void	setTruststoreType(String truststoreType) 已过时。
void	setWantClientAuth(boolean wantClientAuth) 已过时。

从类 org.eclipse.jetty.server.bio.SocketConnector 继承的方法

close, dump, getConnection, getLocalPort, newConnection

从类 org.eclipse.jetty.server.AbstractConnector 继承的方法

checkForwardedHeaders, connectionClosed, connectionOpened, connectionUpgraded, getAcceptorPriorityOffset, getAcceptors, getAcceptQueueSize, getConfidentialPort, getConfidentialScheme, getConnections, getConnectionsDurationMax, getConnectionsDurationMean, getConnectionsDurationStdDev, getConnectionsDurationTotal, getConnectionsOpen, getConnectionsOpenMax, getConnectionsRequestsMax, getConnectionsRequestsMean, getConnectionsRequestsStdDev, getForwardedCipherSuiteHeader, getForwardedForHeader, getForwardedHostHeader, getForwardedProtoHeader, getForwardedServerHeader, getForwardedSslSessionIdHeader, getHost, getHostHeader, getIntegralPort, getIntegralScheme, getLeftMostFieldValue, getLowResourceMaxIdleTime, getLowResourcesMaxIdleTime, getMaxBuffers, getMaxIdleTime, getName, getPort, getRequestBuffers, getRequestBufferSize, getRequestBufferType, getRequestHeaderSize, getRequestHeaderType, getRequests, getResolveNames, getResponseBuffers, getResponseBufferSize, getResponseBufferType, getResponseHeaderSize, getResponseHeaderType, getReuseAddress, getServer, getSoLingerTime, getStatsOn, getStatsOnMs, getThreadPool, isForwarded, isLowResources, join, persist, setAcceptorPriorityOffset, setAcceptors, setAcceptQueueSize, setConfidentialPort, setConfidentialScheme, setForwarded, setForwardedCipherSuiteHeader, setForwardedForHeader, setForwardedHostHeader, setForwardedProtoHeader, setForwardedServerHeader, setForwardedSslSessionIdHeader, setHost, setHostHeader, setIntegralPort, setIntegralScheme, setLowResourceMaxIdleTime, setLowResourcesMaxIdleTime, setMaxBuffers, setMaxIdleTime, setName, setPort, setRequestBuffers, setRequestBufferSize, setRequestHeaderSize, setResolveNames, setResponseBuffers, setResponseBufferSize, setResponseHeaderSize, setReuseAddress, setServer, setSoLingerTime, setStatsOn, setThreadPool, statsReset, stopAccept, toString

从类 org.eclipse.jetty.util.component.AggregateLifeCycle 继承的方法

addBean, addBean, contains, destroy, dump, dump, dump, dump, dumpObject, dumpStdErr, dumpThis, getBean, getBeans, getBeans, isManaged, manage, removeBean, removeBeans, unmanage

从类 org.eclipse.jetty.util.component.AbstractLifeCycle 继承的方法

addLifeCycleListener, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

从类 java.lang.Object 继承的方法

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

从接口 org.eclipse.jetty.server.Connector 继承的方法

close, getConfidentialPort, getConfidentialScheme, getConnection, getConnections, getConnectionsDurationMax, getConnectionsDurationMean, getConnectionsDurationStdDev, getConnectionsDurationTotal, getConnectionsOpen, getConnectionsOpenMax, getConnectionsRequestsMax, getConnectionsRequestsMean, getConnectionsRequestsStdDev, getHost, getIntegralPort, getIntegralScheme, getLocalPort, getLowResourceMaxIdleTime, getMaxIdleTime, getName, getPort, getRequestBuffers, getRequestBufferSize, getRequestHeaderSize, getRequests, getResolveNames, getResponseBuffers, getResponseBufferSize, getResponseHeaderSize, getServer, getStatsOn, getStatsOnMs, isLowResources, persist, setHost, setLowResourceMaxIdleTime, setMaxIdleTime, setPort, setRequestBufferSize, setRequestHeaderSize, setResponseBufferSize, setResponseHeaderSize, setServer, setStatsOn, statsReset

从接口 org.eclipse.jetty.util.component.LifeCycle 继承的方法

addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

从接口 org.eclipse.jetty.util.component.Dumpable 继承的方法

dump

构造方法详细信息

SslSocketConnector

public SslSocketConnector()

Constructor.

SslSocketConnector

public SslSocketConnector(SslContextFactory sslContextFactory)

方法详细信息

isAllowRenegotiate

public boolean isAllowRenegotiate()

指定者：

接口 SslConnector 中的 isAllowRenegotiate

返回：

True if SSL re-negotiation is allowed (default false)

setAllowRenegotiate

public void setAllowRenegotiate(boolean allowRenegotiate)

Set if SSL re-negotiation is allowed. CVE-2009-3555 discovered a vulnerability in SSL/TLS with re-negotiation. If your JVM does not have CVE-2009-3555 fixed, then re-negotiation should not be allowed.

指定者：

接口 SslConnector 中的 setAllowRenegotiate

参数：

allowRenegotiate - true if re-negotiation is allowed (default false)

accept

public void accept(int acceptorID)
            throws IOException,
                   InterruptedException

覆盖：

类 SocketConnector 中的 accept

抛出：

IOException

InterruptedException

configure

protected void configure(Socket socket)
                  throws IOException

覆盖：

类 AbstractConnector 中的 configure

抛出：

IOException

customize

public void customize(EndPoint endpoint,
                      Request request)
               throws IOException

Allow the Listener a chance to customise the request. before the server does its stuff.
This allows the required attributes to be set for SSL requests.
The requirements of the Servlet specs are:

• an attribute named "javax.servlet.request.ssl_id" of type String (since Spec 3.0).
• an attribute named "javax.servlet.request.cipher_suite" of type String.
• an attribute named "javax.servlet.request.key_size" of type Integer.
• an attribute named "javax.servlet.request.X509Certificate" of type java.security.cert.X509Certificate[]. This is an array of objects of type X509Certificate, the order of this array is defined as being in ascending order of trust. The first certificate in the chain is the one set by the client, the next is the one used to authenticate the first, and so on.

指定者：

接口 Connector 中的 customize

覆盖：

类 SocketConnector 中的 customize

参数：

endpoint - The Socket the request arrived on. This should be a SocketEndPoint wrapping a SSLSocket.

request - HttpRequest to be customised.

抛出：

IOException

getExcludeCipherSuites

@Deprecated
public String[] getExcludeCipherSuites()

已过时。

指定者：

接口 SslConnector 中的 getExcludeCipherSuites

返回：

The array of Ciphersuite names to exclude from SSLEngine.setEnabledCipherSuites(String[])

另请参见：

SslConnector.getExcludeCipherSuites()

getIncludeCipherSuites

@Deprecated
public String[] getIncludeCipherSuites()

已过时。

指定者：

接口 SslConnector 中的 getIncludeCipherSuites

返回：

The array of Ciphersuite names to include in SSLEngine.setEnabledCipherSuites(String[])

另请参见：

SslConnector.getIncludeCipherSuites()

getKeystore

@Deprecated
public String getKeystore()

已过时。

指定者：

接口 SslConnector 中的 getKeystore

返回：

The file or URL of the SSL Key store.

另请参见：

SslConnector.getKeystore()

getKeystoreType

@Deprecated
public String getKeystoreType()

已过时。

指定者：

接口 SslConnector 中的 getKeystoreType

返回：

The type of the key store (default "JKS")

另请参见：

SslConnector.getKeystoreType()

getNeedClientAuth

@Deprecated
public boolean getNeedClientAuth()

已过时。

指定者：

接口 SslConnector 中的 getNeedClientAuth

返回：

True if SSL needs client authentication.

另请参见：

SslConnector.getNeedClientAuth()

getProtocol

@Deprecated
public String getProtocol()

已过时。

指定者：

接口 SslConnector 中的 getProtocol

返回：

The SSL protocol (default "TLS") passed to SSLContext.getInstance(String, String)

另请参见：

SslConnector.getProtocol()

getProvider

@Deprecated
public String getProvider()

已过时。

指定者：

接口 SslConnector 中的 getProvider

返回：

The SSL provider name, which if set is passed to SSLContext.getInstance(String, String)

另请参见：

SslConnector.getProvider()

getSecureRandomAlgorithm

@Deprecated
public String getSecureRandomAlgorithm()

已过时。

指定者：

接口 SslConnector 中的 getSecureRandomAlgorithm

返回：

The algorithm name, which if set is passed to SecureRandom.getInstance(String) to obtain the SecureRandom instance passed to SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)

另请参见：

SslConnector.getSecureRandomAlgorithm()

getSslKeyManagerFactoryAlgorithm

@Deprecated
public String getSslKeyManagerFactoryAlgorithm()

已过时。

指定者：

接口 SslConnector 中的 getSslKeyManagerFactoryAlgorithm

返回：

The algorithm name (default "SunX509") used by the KeyManagerFactory

另请参见：

SslConnector.getSslKeyManagerFactoryAlgorithm()

getSslTrustManagerFactoryAlgorithm

@Deprecated
public String getSslTrustManagerFactoryAlgorithm()

已过时。

指定者：

接口 SslConnector 中的 getSslTrustManagerFactoryAlgorithm

返回：

The algorithm name (default "SunX509") used by the TrustManagerFactory

另请参见：

SslConnector.getSslTrustManagerFactoryAlgorithm()

getTruststore

@Deprecated
public String getTruststore()

已过时。

指定者：

接口 SslConnector 中的 getTruststore

返回：

The file name or URL of the trust store location

另请参见：

SslConnector.getTruststore()

getSslContextFactory

public SslContextFactory getSslContextFactory()

指定者：

接口 SslConnector 中的 getSslContextFactory

返回：

the instance of SslContextFactory associated with the connector

另请参见：

SslConnector.getSslContextFactory()

getTruststoreType

@Deprecated
public String getTruststoreType()

已过时。

指定者：

接口 SslConnector 中的 getTruststoreType

返回：

The type of the trust store (default "JKS")

另请参见：

SslConnector.getTruststoreType()

getWantClientAuth

@Deprecated
public boolean getWantClientAuth()

已过时。

指定者：

接口 SslConnector 中的 getWantClientAuth

返回：

True if SSL wants client authentication.

另请参见：

SslConnector.getWantClientAuth()

isConfidential

public boolean isConfidential(Request request)

By default, we're confidential, given we speak SSL. But, if we've been told about an confidential port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

指定者：

接口 Connector 中的 isConfidential

覆盖：

类 AbstractConnector 中的 isConfidential

参数：

request - A request

返回：

true if the request is confidential. This normally means the https schema has been used.

isIntegral

public boolean isIntegral(Request request)

By default, we're integral, given we speak SSL. But, if we've been told about an integral port, and said port is not our port, then we're not. This allows separation of listeners providing INTEGRAL versus CONFIDENTIAL constraints, such as one SSL listener configured to require client certs providing CONFIDENTIAL, whereas another SSL listener not requiring client certs providing mere INTEGRAL constraints.

指定者：

接口 Connector 中的 isIntegral

覆盖：

类 AbstractConnector 中的 isIntegral

参数：

request - A request

返回：

true if the request is integral. This normally means the https schema has been used.

open

public void open()
          throws IOException

从接口 Connector 复制的描述

Opens the connector

指定者：

接口 Connector 中的 open

覆盖：

类 SocketConnector 中的 open

抛出：

IOException

doStart

protected void doStart()
                throws Exception

Start the managed lifecycle beans in the order they were added.

覆盖：

类 SocketConnector 中的 doStart

抛出：

Exception

另请参见：

AbstractLifeCycle.doStart()

doStop

protected void doStop()
               throws Exception

从类 AggregateLifeCycle 复制的描述

Stop the joined lifecycle beans in the reverse order they were added.

覆盖：

类 SocketConnector 中的 doStop

抛出：

Exception

另请参见：

SocketConnector.doStop()

newServerSocket

protected ServerSocket newServerSocket(String host,
                                       int port,
                                       int backlog)
                                throws IOException

覆盖：

类 SocketConnector 中的 newServerSocket

参数：

host - The host name that this server should listen on

port - the port that this server should listen on

backlog - See ServerSocket.bind(java.net.SocketAddress, int)

返回：

A new socket object bound to the supplied address with all other settings as per the current configuration of this connector.

抛出：

IOException

另请参见：

setWantClientAuth(boolean), setNeedClientAuth(boolean)

setExcludeCipherSuites

@Deprecated
public void setExcludeCipherSuites(String[] cipherSuites)

已过时。

指定者：

接口 SslConnector 中的 setExcludeCipherSuites

参数：

cipherSuites - The array of Ciphersuite names to exclude from SSLEngine.setEnabledCipherSuites(String[])

另请参见：

SslConnector.setExcludeCipherSuites(java.lang.String[])

setIncludeCipherSuites

@Deprecated
public void setIncludeCipherSuites(String[] cipherSuites)

已过时。

指定者：

接口 SslConnector 中的 setIncludeCipherSuites

参数：

cipherSuites - The array of Ciphersuite names to include in SSLEngine.setEnabledCipherSuites(String[])

另请参见：

SslConnector.setIncludeCipherSuites(java.lang.String[])

setKeyPassword

@Deprecated
public void setKeyPassword(String password)

已过时。

指定者：

接口 SslConnector 中的 setKeyPassword

参数：

password - The password (if any) for the specific key within the key store

另请参见：

SslConnector.setKeyPassword(java.lang.String)

setKeystore

@Deprecated
public void setKeystore(String keystore)

已过时。

指定者：

接口 SslConnector 中的 setKeystore

参数：

keystore - The resource path to the keystore, or null for built in keystores.

setKeystoreType

@Deprecated
public void setKeystoreType(String keystoreType)

已过时。

指定者：

接口 SslConnector 中的 setKeystoreType

参数：

keystoreType - The type of the key store (default "JKS")

另请参见：

SslConnector.setKeystoreType(java.lang.String)

setNeedClientAuth

@Deprecated
public void setNeedClientAuth(boolean needClientAuth)

已过时。

Set the value of the needClientAuth property

指定者：

接口 SslConnector 中的 setNeedClientAuth

参数：

needClientAuth - true iff we require client certificate authentication.

另请参见：

SSLEngine.getNeedClientAuth()

setPassword

@Deprecated
public void setPassword(String password)

已过时。

指定者：

接口 SslConnector 中的 setPassword

参数：

password - The password for the key store

另请参见：

SslConnector.setPassword(java.lang.String)

setTrustPassword

@Deprecated
public void setTrustPassword(String password)

已过时。

指定者：

接口 SslConnector 中的 setTrustPassword

参数：

password - The password for the trust store

另请参见：

SslConnector.setTrustPassword(java.lang.String)

setProtocol

@Deprecated
public void setProtocol(String protocol)

已过时。

指定者：

接口 SslConnector 中的 setProtocol

参数：

protocol - The SSL protocol (default "TLS") passed to SSLContext.getInstance(String, String)

另请参见：

SslConnector.setProtocol(java.lang.String)

setProvider

@Deprecated
public void setProvider(String provider)

已过时。

指定者：

接口 SslConnector 中的 setProvider

参数：

provider - The SSL provider name, which if set is passed to SSLContext.getInstance(String, String)

另请参见：

SslConnector.setProvider(java.lang.String)

setSecureRandomAlgorithm

@Deprecated
public void setSecureRandomAlgorithm(String algorithm)

已过时。

指定者：

接口 SslConnector 中的 setSecureRandomAlgorithm

参数：

algorithm - The algorithm name, which if set is passed to SecureRandom.getInstance(String) to obtain the SecureRandom instance passed to SSLContext.init(javax.net.ssl.KeyManager[], javax.net.ssl.TrustManager[], SecureRandom)

另请参见：

SslConnector.setSecureRandomAlgorithm(java.lang.String)

setSslKeyManagerFactoryAlgorithm

@Deprecated
public void setSslKeyManagerFactoryAlgorithm(String algorithm)

已过时。

指定者：

接口 SslConnector 中的 setSslKeyManagerFactoryAlgorithm

参数：

algorithm - The algorithm name (default "SunX509") used by the KeyManagerFactory

另请参见：

SslConnector.setSslKeyManagerFactoryAlgorithm(java.lang.String)

setSslTrustManagerFactoryAlgorithm

@Deprecated
public void setSslTrustManagerFactoryAlgorithm(String algorithm)

已过时。

指定者：

接口 SslConnector 中的 setSslTrustManagerFactoryAlgorithm

参数：

algorithm - The algorithm name (default "SunX509") used by the TrustManagerFactory

另请参见：

SslConnector.setSslTrustManagerFactoryAlgorithm(java.lang.String)

setTruststore

@Deprecated
public void setTruststore(String truststore)

已过时。

指定者：

接口 SslConnector 中的 setTruststore

参数：

truststore - The file name or URL of the trust store location

另请参见：

SslConnector.setTruststore(java.lang.String)

setTruststoreType

@Deprecated
public void setTruststoreType(String truststoreType)

已过时。

指定者：

接口 SslConnector 中的 setTruststoreType

参数：

truststoreType - The type of the trust store (default "JKS")

另请参见：

SslConnector.setTruststoreType(java.lang.String)

setSslContext

@Deprecated
public void setSslContext(SSLContext sslContext)

已过时。

指定者：

接口 SslConnector 中的 setSslContext

参数：

sslContext - Set a preconfigured SSLContext

另请参见：

SslConnector.setSslContext(javax.net.ssl.SSLContext)

getSslContext

@Deprecated
public SSLContext getSslContext()

已过时。

指定者：

接口 SslConnector 中的 getSslContext

返回：

The SSLContext

另请参见：

SslConnector.setSslContext(javax.net.ssl.SSLContext)

setWantClientAuth

@Deprecated
public void setWantClientAuth(boolean wantClientAuth)

已过时。

Set the value of the _wantClientAuth property. This property is used internally when opening server sockets.

指定者：

接口 SslConnector 中的 setWantClientAuth

参数：

wantClientAuth - true if we want client certificate authentication.

另请参见：

SSLServerSocket.setWantClientAuth(boolean)

setHandshakeTimeout

public void setHandshakeTimeout(int msec)

Set the time in milliseconds for so_timeout during ssl handshaking

参数：

msec - a non-zero value will be used to set so_timeout during ssl handshakes. A zero value means the maxIdleTime is used instead.

getHandshakeTimeout

public int getHandshakeTimeout()

getAlgorithm

@Deprecated
public String getAlgorithm()

已过时。

Unsupported. TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)

setAlgorithm

@Deprecated
public void setAlgorithm(String algorithm)

已过时。

Unsupported. TODO: we should remove this as it is no longer an overridden method from SslConnector (like it was in the past)