问题
I am using embedded Jetty 9, where I want to allow https access, but no http.
I know I can easily configure a redirect in Jetty web.xml, but I don't have that file in the embedded version. I know I can use any file and point to it from the embedded version, but this should be easier.
So I searched and found this here http://blog.anvard.org/articles/2013/10/05/jetty-ssl-server.html where the author states "Of course, we could force the use of HTTP/S by just removing the HTTP connector."
So I did exactly this:
Server server = new Server();
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(keystoreFile.getAbsolutePath());
sslContextFactory.setKeyStorePassword(Keys.DOMAIN_CERTIFICATE_JKS_KEYSTORE_PASSWORD);
sslContextFactory.setKeyManagerPassword(Keys.DOMAIN_CERTIFICATE_KEY_MANAGER_PASSWORD);
HttpConfiguration httpsConfiguration = new HttpConfiguration();
SecureRequestCustomizer secureRequestCustomizer = new SecureRequestCustomizer();
httpsConfiguration.addCustomizer(secureRequestCustomizer);
ServerConnector serverConnector = new ServerConnector(server,
new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString()),
new HttpConnectionFactory(httpsConfiguration));
serverConnector.setHost("192.168.0.5");
serverConnector.setPort(9443);
serverConnector.setIdleTimeout(15000);
server.setConnectors(new Connector[] { serverConnector });
Problem: It doesn't seem to work. https is working fine, but when I access http, I get 200 OK response with junk in the body (instead of the expected json response). So the server seems to process the request, but encrypt wrong, whatever. Or have I overlooked anything and my configuration is bad?
--
回答1:
As far as I can tell, you did everything correctly. Connecting to the SSL port and sending regular HTTP (w/o the SSL handshaking) is returning an SSL Alert message. Your HTTP client (for some reason) is giving you the 200 OK message despite not even receiving an HTTP response.
What you are receiving is an SSL Alert message.
15 03 03 00 02 02 50 // response
15 = ALERT
03 03 = SSL version (TLS 1.x)
00 02 = Message Length
02 50 = Message
来源:https://stackoverflow.com/questions/38862650/using-embedded-jetty-9-with-https-only