Loading...

May 13, 2009

Configure Maven Jetty plugin for SSL communication

For a recent project I had to enable SSL communication for the Maven Jetty plugin. So when we run mvn jetty:run we must be able to use the https protocol. After browsing several mailing list I found the answer. For development we can create our own security certificate and configure the plugin to use it.

To create the development certificate we run the following command:

$ keytool -genkey -alias jetty6 -keyalg RSA -keystore target/jetty-ssl.keystore -storepass jetty6 -keypass jetty6 -dname "CN=your name or domain"

Fill in your name or domain for the -dname "CN=" option. We need the keystore and key password again when we configure the plugin in the Maven POM. The following code fragment shows how the Jetty plugin supports SSL:

<plugin>
    <groupId>org.mortbay.jetty</groupId>
    <artifactId>maven-jetty-plugin</artifactId>
    <configuration>
        <contextPath>/context</contextPath>
        <scanIntervalSeconds>5</scanIntervalSeconds>
        <connectors>
            <connector implementation="org.mortbay.jetty.nio.SelectChannelConnector">
                <port>8080</port>
                <maxIdleTime>60000</maxIdleTime>
            </connector>
            <connector implementation="org.mortbay.jetty.security.SslSocketConnector">
                <port>8443</port>
                <maxIdleTime>60000</maxIdleTime>
                <keystore>${project.build.directory}/jetty-ssl.keystore</keystore>
                <password>jetty6</password>
                <keyPassword>jetty6</keyPassword>
            </connector>
        </connectors>
    </configuration>
</plugin>

In the connectors element we have defined connectors for http listening on port 8080, and for https listening on port 8443. At line 14 we reference the keystore file we have created with keytool. Lines 15, 16 define the password value.

To test this configuration we can invoke mvn jetty:run and open a web browser with address https://localhost:8443/context. We must not forget to use https for the protocol.

We generated the keystore by using the keytool command from the Java Development Kit. But there is a Maven plugin that does the same thing, but we can define all arguments for keytool in our POM. When we run mvn keytool:genkey the keystore is generated and with mvn keytool:clean we can remove the keystore again. If we want to attach the creation of the keystore to the Maven generate-resources phase we must first make sure we invoke keytool:clean otherwise we get an error from keytool that the specified alias already exists. So we can add the following to our POM:

<plugin>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>keytool-maven-plugin</artifactId>
    <executions>
        <execution>
            <phase>generate-resources</phase>
            <id>clean</id>
            <goals>
                <goal>clean</goal>
            </goals>
        </execution>
        <execution>
            <phase>generate-resources</phase>
            <id>genkey</id>
            <goals>
                <goal>genkey</goal>
            </goals>
        </execution>
    </executions>
    <configuration>
        <keystore>${project.build.directory}/jetty-ssl.keystore</keystore>
        <dname>cn=www.mrhaki.com</dname>
        <keypass>jetty6</keypass>
        <storepass>jetty6</storepass>
        <alias>jetty6</alias>
        <keyalg>RSA</keyalg>
    </configuration>
</plugin>

Now we can invoke mvn jetty:run and the keystore is automatically generated and used by the Jetty plugin.