Setting up secure WebSocket server with Jetty and JavaScript client

问题:

I am trying to setup a secure WebSocket server with Jetty like the following:

import java.util.ArrayList; import java.util.List;  import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.server.Handler; import org.eclipse.jetty.server.HttpConfiguration; import org.eclipse.jetty.server.HttpConnectionFactory; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.server.handler.ContextHandler; import org.eclipse.jetty.server.handler.HandlerCollection; import org.eclipse.jetty.util.ssl.SslContextFactory; import org.eclipse.jetty.websocket.server.WebSocketHandler; import org.eclipse.jetty.websocket.servlet.WebSocketServletFactory;   public class WebSocketServer {     private Server server;     private String host="localhost";     private int port=8080;     private String keyStorePath = "C:\\keystore";     private String keyStorePassword="password";     private String keyManagerPassword="password";     private List<Handler> webSocketHandlerList = new ArrayList();     MessageHandler messagehandler;      public WebSocketServer()     {         System.out.println("WebSocketServer");          server = new Server();          // connector configuration         SslContextFactory sslContextFactory = new SslContextFactory();         sslContextFactory.setKeyStorePath(keyStorePath);         sslContextFactory.setKeyStorePassword(keyStorePassword);         sslContextFactory.setKeyManagerPassword(keyManagerPassword);         SslConnectionFactory sslConnectionFactory = new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.asString());         HttpConnectionFactory httpConnectionFactory = new HttpConnectionFactory(new HttpConfiguration());         ServerConnector sslConnector = new ServerConnector(server, sslConnectionFactory, httpConnectionFactory);         sslConnector.setHost(host);         sslConnector.setPort(port);         server.addConnector(sslConnector);          // handler configuration         HandlerCollection handlerCollection = new HandlerCollection();         handlerCollection.setHandlers(webSocketHandlerList.toArray(new Handler[0]));         server.setHandler(handlerCollection);          WebSocketHandler wsHandler = new WebSocketHandler() {             @Override             public void configure(WebSocketServletFactory webSocketServletFactory) {                 webSocketServletFactory.register(MyWebSocketHandler.class);             }         };         ContextHandler wsContextHandler = new ContextHandler();         wsContextHandler.setHandler(wsHandler);         wsContextHandler.setContextPath("/");  // this context path doesn't work ftm         webSocketHandlerList.add(wsHandler);          messagehandler = new MessageHandler();         new Thread(messagehandler).start();          try {             server.start();         } catch (Exception e) {             e.printStackTrace();         }     } } 

The keystore file is created with the following command found here in the jdk/bin folder:

keytool.exe -keystore keystore -alias jetty -genkey -keyalg RSA 

After that I moved the file into the C directory for easy path usage.

With this configuration my server seems to start without any problems. So I am trying to connect to it with my website like this:

ws = new WebSocket("wss://localhost:8080/"); 

This doesn't work at all. Like written here, I think I have to configure the SSL certificate. Furthermore, to create the server I used this tutorial and for the java client side they implement a truststore. Do I have to do something similar for JavaScript?

回答1:

It might be a little late for an answer, but I've made it work after many attempts.

---

A few general considerations first:

• As a general rule to follow (valid for node.js, too), you have to first make HTTPS work for WSS to work. WebSocket works over HTTP, so if your server has correctly configured HTTPS (or HTTP), then adding WebSocket to it will make WSS (or WS) work. Actually both HTTPS/WSS and HTTP/WS can work at the same time

• Certificates are very important, as not all kinds of certificates work with Jetty (the same is true for node.js). So you have to generate the certificates that Jetty will accept.

• Making HTTPS work is also important for self-signed certificates, as you might have to first access the server via HTTPS and add the exception before WSS can work (This might depend on the browser.)

• Another thing to consider is that the context paths need to be correctly setup, too. I've made it work by having separate paths for HTTP and WS, like /hello for HTTP(S) and /ws for WS(S). It might be possible to do it with the same context path for both, but I didn't investigate that yet

---

Below are the steps I followed. I've put a working example on GitHub.

1) Generate the correct self-signed certificates by using the commands from here

The above link has an example on how to generate correct self-signed certificates. (If you have CA-signed certificates, the procedure is somewhat different, I think.)

I'm pasting the commands here for ease of access. Please pay attention to always give the same password whenever asked (including one of the final steps, when the password you type will appear in clear text on the screen).

openssl genrsa -aes256 -out jetty.key openssl req -new -x509 -key jetty.key -out jetty.crt keytool -keystore keystore -import -alias jetty -file jetty.crt -trustcacerts openssl req -new -key jetty.key -out jetty.csr openssl pkcs12 -inkey jetty.key -in jetty.crt -export -out jetty.pkcs12 keytool -importkeystore -srckeystore jetty.pkcs12 -srcstoretype PKCS12 -destkeystore keystore 

2) Have the correct code for HTTPS in Jetty.

There are some resources on the web that show how to do HTTPS with Jetty, but for me only one worked, and it is here.

3) Have the correct code for handling contexts.

This one was tough - the example code from the Jetty documentation page did not work for me. What worked was this. This tutorial also enlightened me on the fact that I might have conflicts if I try to use the same path for HTTP and WS.

4) Finally, have the correct code for WebSocket

I've found correct WebSocket code here. The one that has what we need is native-jetty-websocket-example.

文章来源: Setting up secure WebSocket server with Jetty and JavaScript client