Using SSL with Embedded Jetty
Setting up SSL in Java can be a bit tricky. Setting up SSL with a JAX-WS Endpoint is even trickier. I have spent the last few days figuring out how to get all of this to work, and I finally got it working, and wanted to post some working sample code here for future reference.
SSL using Embedded Jetty for a JAX-WS Endpoint
Before you code will run, you will need to properly generate or obtain server certificates. For steps to generate your own self-signed server certificates, read this post.
int port = 8443;
String connectInfo = "/yourServiceUrl";
final Server server = new Server(port);
ContextHandlerCollection collection = new ContextHandlerCollection();
server.setHandler(collection);
SslContextFactory sslContextFactory = new SslContextFactory("server_keystore.jks");
sslContextFactory.setKeyStorePassword("yourPass");
SslSocketConnector connector = new SslSocketConnector(sslContextFactory);
connector.setPort(port);
server.setConnectors(new Connector[] { connector });
this.endpoint = Endpoint.create(service);
JettyHttpServer jettyServer = new JettyHttpServer(server, true);
this.endpoint.publish(jettyServer.createContext(connectInfo));
server.start();
Mutual Authentication
If you need mutual authentication (Two-Way SSL) with your embedded Jetty server, you can use the steps in this post to generate all of your keys. You will also need to modify the above code by adding the following three lines of code, directly below the creation of the SslContextFactory.
sslContextFactory.setNeedClientAuth(true);
sslContextFactory.setTrustStore("server_truststore.jks");
sslContextFactory.setTrustStorePassword("yourPass");
Maven Dependencies
You will also need to add the following two dependencies to your Maven POM file for everything to work.
<dependency>
<groupid>org.eclipse.jetty</groupid>
<artifactid>jetty-server</artifactid>
<version>8.1.5.v20120716</version>
</dependency>
<dependency>
<groupid>org.eclipse.jetty</groupid>
<artifactid>jetty-http-spi</artifactid>
<version>8.1.5.v20120716</version>
</dependency>
References
- http://www.noppanit.com/tutorial-embedding-jetty-with-ssl
- http://wiki.eclipse.org/Jetty/Tutorial/Embedding_Jetty
- http://stackoverflow.com/questions/6053642/how-to-set-up-ssl-on-an-embedded-jetty
- http://tech-eureka.blogspot.com/2009/10/jax-ws-inside-jetty.html
- https://github.com/aaronanderson/jetty-jaxws-http-spi
- http://dev.eclipse.org/mhonarc/lists/jetty-users/msg02102.html
- http://www.smartjava.org/content/embedded-jetty-client-certificates
- http://www.noppanit.com/tutorial-embedding-jetty-with-ssl/