1 Reply Latest reply on Nov 2, 2009 6:13 AM by Torsten Mielke

    Is there a way to enable/disable ssl on a port in jetty from a config file

    Marcel Casado Novice

      Hi,

       

      I need to be able to enable and disable ssl jetty configuration in a same port for a CXF service. Is there a way to do that using a property in a configuration file ?

       

      What I'm doing now is able to specify which port will be configured for ssl and select the same port on the endpoint if I want to use ssl or use a different port if I don't want to have ssl. But I don't like the idea of having jett listening in a port that in not being used. I would prefer a more elegant solution if possible.

       

          <jaxws:endpoint id="decisionService" implementor="#decisionImpl"

                address="${fds.decision_endpoint}" >

       

        <httpj:engine-factory bus="cxf">

         <httpj:engine port="${fds.https_port}">

          <httpj:tlsServerParameters>

            <sec:keyManagers keyPassword="nnewserver">

                 <sec:keyStore type="JKS" password="nnewserver"

                      resource="keystore/server.jks"/>

            </sec:keyManagers>

            <sec:trustManagers>

                <sec:keyStore type="JKS" password="nnewtrust"

                     resource="keystore/server.ts"/>

            </sec:trustManagers>

            <sec:cipherSuitesFilter>

              <!-- these filters ensure that a ciphersuite with

                export-suitable or null encryption is used,

                but exclude anonymous Diffie-Hellman key change as

                this is vulnerable to man-in-the-middle attacks -->

              <sec:include>.*_EXPORT_.*</sec:include>

              <sec:include>.*_EXPORT1024_.*</sec:include>

              <sec:include>.*_WITH_DES_.*</sec:include>

              <sec:include>.*_WITH_NULL_.*</sec:include>

              <sec:exclude>.*_DH_anon_.*</sec:exclude>

            </sec:cipherSuitesFilter>

            <!-- element to specify mutual (client) authentication -->

            <sec:clientAuthentication want="true" required="true"/>

          </httpj:tlsServerParameters>

         </httpj:engine>

        </httpj:engine-factory>          

       

      Thanks,

       

      -Marcel