For a recent project I had to enable SSL communication for the Maven Jetty plugin. So when we run mvn jetty:run we must be able to use the https protocol. After browsing several mailing list I found the answer. For development we can create our own security certificate and configure the plugin to use it.
To create the development certificate we run the following command:
$ keytool -genkey -alias jetty6 -keyalg RSA -keystore target/jetty-ssl.keystore -storepass jetty6 -keypass jetty6 -dname "CN=your name or domain"
Fill in your name or domain for the -dname "CN=" option. We need the keystore and key password again when we configure the plugin in the Maven POM. The following code fragment shows how the Jetty plugin supports SSL:
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
<configuration>
<contextPath>/context</contextPath>
<scanIntervalSeconds>5</scanIntervalSeconds>
<connectors>
<connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
<port>8080</port>
<maxIdleTime>60000</maxIdleTime>
</connector>
<connector implementation="org.mortbay.jetty.security.SslSocketConnector">
<port>8443</port>
<maxIdleTime>60000</maxIdleTime>
<keystore>${project.build.directory}/jetty-ssl.keystore</keystore>
<password>jetty6</password>
<keyPassword>jetty6</keyPassword>
</connector>
</connectors>
</configuration>
</plugin>
In the connectors element we have defined connectors for http listening on port 8080, and for https listening on port 8443. At line 14 we reference the keystore file we have created with keytool. Lines 15, 16 define the password value.
To test this configuration we can invoke mvn jetty:run and open a web browser with address https://localhost:8443/context. We must not forget to use https for the protocol.
We generated the keystore by using the keytool command from the Java Development Kit. But there is a Maven plugin that does the same thing, but we can define all arguments for keytool in our POM. When we run mvn keytool:genkey the keystore is generated and with mvn keytool:clean we can remove the keystore again. If we want to attach the creation of the keystore to the Maven generate-resources phase we must first make sure we invoke keytool:clean otherwise we get an error from keytool that the specified alias already exists. So we can add the following to our POM:
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>keytool-maven-plugin</artifactId>
<executions>
<execution>
<phase>generate-resources</phase>
<id>clean</id>
<goals>
<goal>clean</goal>
</goals>
</execution>
<execution>
<phase>generate-resources</phase>
<id>genkey</id>
<goals>
<goal>genkey</goal>
</goals>
</execution>
</executions>
<configuration>
<keystore>${project.build.directory}/jetty-ssl.keystore</keystore>
<dname>cn=www.mrhaki.com</dname>
<keypass>jetty6</keypass>
<storepass>jetty6</storepass>
<alias>jetty6</alias>
<keyalg>RSA</keyalg>
</configuration>
</plugin>
Now we can invoke mvn jetty:run and the keystore is automatically generated and used by the Jetty plugin.
12 comments:
Mr Haki,
Thanks for this very useful post. I would add that first and last name response in the keytool command should be the fully qualified domain name of the server (e.g. mrhaki.blogspot.com).
Regards,
Damien.
Thx, I updated the blog post with your suggestion. I also put in the password options on the command-line.
Wonderful article, very well explained. i glad to see this blog, such an informative article, Thanks for share this.
College Research Papers
Your creative writing abilities has inspired me to start my own Blog Engine blog now.
Thank you for your article, It’s well written, in depth posts like these that have aided me in becoming a good forex trader.
Configure Maven Jetty plugin for SSL communication is a good thing to configure because I think that the plugin are really useful thing and to configure about them before using it is really good.
Buy Research Papers
I think in order for communication to be successful, the sender and receiver must have some signs, words or signals in common with each other so the sent message can be understood.
Thank you for taking the time to explain about the plugin.
This is very good information.
This is very good information on the plugin. We will show this to the class.
I love your blog! You will be in our prayers and thoughts!
http://www.boundlesstech.net
Why do I get a "bad_certificate" exception when I visit the site the first time with Firefox?
11:23:40.687:WARN::EXCEPTION
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1694)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:939)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:708)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
Very Informative ideas. I am very happy to read this post. I have no words to appreciate this post ..... I'm really impressed with this post .... the person who created this post was a big thank you man .. for sharing with us.
Post a Comment