From 302dd3932741a33ebec7ef4b61579da0b6ab902d Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Fri, 20 May 2016 11:17:37 +0200 Subject: [PATCH 01/24] Bumped version to 0.1.0 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 1252ac5..195a7f2 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.italiangrid jetty-utils - 0.1.0-SNAPSHOT + 0.1.0 jar jetty-utils From 9fea2deb645579f0fda8b112777ef5b22fc800f4 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Fri, 7 Apr 2017 06:42:35 +0200 Subject: [PATCH 02/24] Bumped version to 0.2.0-SNAPSHOT And upgraded jetty to latest 9.2.x release --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 195a7f2..35ac4d0 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.italiangrid jetty-utils - 0.1.0 + 0.2.0-SNAPSHOT jar jetty-utils @@ -52,7 +52,7 @@ UTF-8 UTF-8 - 9.2.13.v20150730 + 9.2.21.v20170120 1.7.2 1.0.9 3.1.0 From 47320cb58ae2e11c794ea3e872504457b384a2f3 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Fri, 26 Jan 2018 18:28:27 +0100 Subject: [PATCH 03/24] pom: move to repo.cloud.cnaf.infn.it --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 35ac4d0..b552e94 100644 --- a/pom.xml +++ b/pom.xml @@ -239,13 +239,13 @@ cnaf-releases CNAF releases - http://radiohead.cnaf.infn.it:8081/nexus/content/repositories/cnaf-releases/ + https://repo.cloud.cnaf.infn.it/repository/cnaf-releases/ cnaf-snapshots CNAF snapshots - http://radiohead.cnaf.infn.it:8081/nexus/content/repositories/cnaf-snapshots/ + https://repo.cloud.cnaf.infn.it/repository/cnaf-snapshots/ From 549abe88c11c47e3c6311e2bf75700ea6c959c89 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Tue, 18 Sep 2018 16:46:51 +0200 Subject: [PATCH 04/24] Bump version to 0.3.0-SNAPSHOT and bump jetty version to the latest 9.2.x --- pom.xml | 6 +++--- .../italiangrid/utils/jetty/TLSServerConnectorBuilder.java | 1 - 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index b552e94..7bc2745 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.italiangrid jetty-utils - 0.2.0-SNAPSHOT + 0.3.0-SNAPSHOT jar jetty-utils @@ -52,10 +52,10 @@ UTF-8 UTF-8 - 9.2.21.v20170120 + 9.2.26.v20180806 1.7.2 1.0.9 - 3.1.0 + 3.3.0 3.1 2.9.1 diff --git a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java index 2d9dc81..a5fc99d 100644 --- a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java +++ b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java @@ -38,7 +38,6 @@ import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.helpers.ssl.SSLTrustManager; import eu.emi.security.authn.x509.impl.PEMCredential; -import eu.emi.security.authn.x509.impl.SocketFactoryCreator; /** * A builder that configures a Jetty server TLS connector integrated with CANL From 4233bcacfec4a89265674169baeac80c28cb85ae Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Tue, 18 Sep 2018 16:51:18 +0200 Subject: [PATCH 05/24] Add Jenkinsfile --- Jenkinsfile | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 Jenkinsfile diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..fb0b3d8 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,51 @@ +#!/usr/bin/env groovy + +pipeline { + agent { label 'maven' } + + options { + timeout(time: 1, unit: 'HOURS') + buildDiscarder(logRotator(numToKeepStr: '5')) + } + + triggers { cron('@daily') } + + parameters { + string(name: 'BRANCH', defaultValue: 'master', description: '' ) + } + + + stages { + stage('prepare'){ + steps { + container('maven-runner'){ + git branch: "${params.BRANCH}", url: 'https://github.com/italiangrid/jetty-utils' + } + } + } + + stage('deploy'){ + steps { + container('maven-runner'){ + sh "mvn clean -U -B deploy" + } + } + } + } + + post { + failure { + slackSend color: 'danger', message: "${env.JOB_NAME} - #${env.BUILD_NUMBER} Failure (<${env.BUILD_URL}|Open>)" + } + unstable { + slackSend color: 'warning', message: "${env.JOB_NAME} - #${env.BUILD_NUMBER} Unstable (<${env.BUILD_URL}|Open>)" + } + changed { + script{ + if('SUCCESS'.equals(currentBuild.currentResult)) { + slackSend color: 'good', message: "${env.JOB_NAME} - #${env.BUILD_NUMBER} Back to normal (<${env.BUILD_URL}|Open>)" + } + } + } + } +} From 1a1a8b36b690b15601258644f5734e49a41d662d Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Tue, 18 Sep 2018 16:58:47 +0200 Subject: [PATCH 06/24] more Jenkinsfile... --- Jenkinsfile | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index fb0b3d8..4787e90 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -10,20 +10,17 @@ pipeline { triggers { cron('@daily') } - parameters { - string(name: 'BRANCH', defaultValue: 'master', description: '' ) - } stages { - stage('prepare'){ + stage('checkout') { steps { container('maven-runner'){ - git branch: "${params.BRANCH}", url: 'https://github.com/italiangrid/jetty-utils' + deleteDir() + checkout scm + stash name: 'code', useDefaultExcludes: false } - } } - stage('deploy'){ steps { container('maven-runner'){ From d6970c19a9e56761c0b0daed365a7644de797996 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Tue, 18 Sep 2018 16:59:53 +0200 Subject: [PATCH 07/24] ... --- Jenkinsfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 4787e90..c41997a 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -10,8 +10,6 @@ pipeline { triggers { cron('@daily') } - - stages { stage('checkout') { steps { @@ -20,6 +18,7 @@ pipeline { checkout scm stash name: 'code', useDefaultExcludes: false } + } } stage('deploy'){ steps { From fe0859ccfc16880ee6201bd26d597d922f963e44 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Tue, 18 Sep 2018 18:48:47 +0200 Subject: [PATCH 08/24] bump jetty version to latest 9.4.x --- pom.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7bc2745..1c52d65 100644 --- a/pom.xml +++ b/pom.xml @@ -52,7 +52,7 @@ UTF-8 UTF-8 - 9.2.26.v20180806 + 9.4.12.v20180830 1.7.2 1.0.9 3.3.0 @@ -173,6 +173,7 @@ org.eclipse.jetty.aggregate jetty-all ${jetty.version} + pom org.slf4j From 0d4bfd9b681064552698a165902b55b269240dbf Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Wed, 19 Sep 2018 13:46:33 +0200 Subject: [PATCH 09/24] added dropwizard metrics --- pom.xml | 17 ++ .../jetty/TLSServerConnectorBuilder.java | 166 +++++++++--------- .../utils/jetty/ThreadPoolBuilder.java | 29 ++- 3 files changed, 123 insertions(+), 89 deletions(-) diff --git a/pom.xml b/pom.xml index 1c52d65..e0f6e12 100644 --- a/pom.xml +++ b/pom.xml @@ -56,6 +56,7 @@ 1.7.2 1.0.9 3.3.0 + 4.0.0 3.1 2.9.1 @@ -196,6 +197,22 @@ voms-api-java ${voms-api-java.version} + + io.dropwizard.metrics + metrics-core + ${metrics.version} + + + io.dropwizard.metrics + metrics-jetty9 + ${metrics.version} + + + org.eclipse.jetty + jetty-server + + + diff --git a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java index a5fc99d..265f72f 100644 --- a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java +++ b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java @@ -27,6 +27,7 @@ import javax.net.ssl.TrustManager; import org.eclipse.jetty.http.HttpVersion; +import org.eclipse.jetty.server.ConnectionFactory; import org.eclipse.jetty.server.HttpConfiguration; import org.eclipse.jetty.server.HttpConnectionFactory; import org.eclipse.jetty.server.SecureRequestCustomizer; @@ -35,6 +36,9 @@ import org.eclipse.jetty.server.SslConnectionFactory; import org.eclipse.jetty.util.ssl.SslContextFactory; +import com.codahale.metrics.MetricRegistry; +import com.codahale.metrics.jetty9.InstrumentedConnectionFactory; + import eu.emi.security.authn.x509.X509CertChainValidatorExt; import eu.emi.security.authn.x509.helpers.ssl.SSLTrustManager; import eu.emi.security.authn.x509.impl.PEMCredential; @@ -126,17 +130,26 @@ public class TLSServerConnectorBuilder { */ private final Server server; + /** + * The metric name to associate to the connector being built. + */ + private String metricName; + + /** + * The metric registry. + */ + private MetricRegistry registry; + + /** * Returns an instance of the {@link TLSServerConnectorBuilder}. * - * @param s - * the {@link Server} for which the connector is being created - * @param certificateValidator - * a {@link X509CertChainValidatorExt} used to validate certificates + * @param s the {@link Server} for which the connector is being created + * @param certificateValidator a {@link X509CertChainValidatorExt} used to validate certificates * @return an instance of the {@link TLSServerConnectorBuilder} */ public static TLSServerConnectorBuilder instance(Server s, - X509CertChainValidatorExt certificateValidator) { + X509CertChainValidatorExt certificateValidator) { return new TLSServerConnectorBuilder(s, certificateValidator); } @@ -144,13 +157,10 @@ public static TLSServerConnectorBuilder instance(Server s, /** * Private ctor. * - * @param s - * the {@link Server} for which the connector is being created - * @param certificateValidator - * a {@link X509CertChainValidatorExt} used to validate certificates + * @param s the {@link Server} for which the connector is being created + * @param certificateValidator a {@link X509CertChainValidatorExt} used to validate certificates */ - private TLSServerConnectorBuilder(Server s, - X509CertChainValidatorExt certificateValidator) { + private TLSServerConnectorBuilder(Server s, X509CertChainValidatorExt certificateValidator) { if (s == null) { throw new IllegalArgumentException("Server cannot be null"); @@ -166,11 +176,10 @@ private TLSServerConnectorBuilder(Server s, private void credentialsSanityChecks() { - checkFileExistsAndIsReadable(new File(certificateFile), - "Error accessing certificate file"); + checkFileExistsAndIsReadable(new File(certificateFile), "Error accessing certificate file"); checkFileExistsAndIsReadable(new File(certificateKeyFile), - "Error accessing certificate key file"); + "Error accessing certificate key file"); } @@ -182,8 +191,8 @@ private void loadCredentials() { try { - serviceCredentials = new PEMCredential(certificateKeyFile, - certificateFile, certicateKeyPassword); + serviceCredentials = + new PEMCredential(certificateKeyFile, certificateFile, certicateKeyPassword); } catch (KeyStoreException | CertificateException | IOException e) { @@ -196,8 +205,7 @@ private void loadCredentials() { /** * Configures SSL session parameters for the jetty {@link SslContextFactory}. * - * @param contextFactory - * the {@link SslContextFactory} being configured + * @param contextFactory the {@link SslContextFactory} being configured */ private void configureContextFactory(SslContextFactory contextFactory) { @@ -223,8 +231,7 @@ private void configureContextFactory(SslContextFactory contextFactory) { } /** - * Builds a default {@link HttpConfiguration} for the TLS-enabled connector - * being created + * Builds a default {@link HttpConfiguration} for the TLS-enabled connector being created * * @return the default {@link HttpConfiguration} */ @@ -250,12 +257,10 @@ private HttpConfiguration defaultHttpConfiguration() { } /** - * Gives access to the {@link HttpConfiguration} used for the TLS-enabled - * connector being created. If the configuration is not set, it creates it - * using {@link #defaultHttpConfiguration()}. + * Gives access to the {@link HttpConfiguration} used for the TLS-enabled connector being created. + * If the configuration is not set, it creates it using {@link #defaultHttpConfiguration()}. * - * @return the {@link HttpConfiguration} being used for the TLS-enabled - * connector. + * @return the {@link HttpConfiguration} being used for the TLS-enabled connector. */ public HttpConfiguration httpConfiguration() { @@ -270,8 +275,7 @@ public HttpConfiguration httpConfiguration() { /** * Sets the port for the connector being created. * - * @param port - * the port for the connector + * @param port the port for the connector * @return this builder */ public TLSServerConnectorBuilder withPort(int port) { @@ -283,8 +287,7 @@ public TLSServerConnectorBuilder withPort(int port) { /** * Sets the certificate file for the connector being created. * - * @param certificateFile - * the certificate file + * @param certificateFile the certificate file * @return this builder */ public TLSServerConnectorBuilder withCertificateFile(String certificateFile) { @@ -296,12 +299,10 @@ public TLSServerConnectorBuilder withCertificateFile(String certificateFile) { /** * Sets the certificate key file for the connector being created. * - * @param certificateKeyFile - * the certificate key file + * @param certificateKeyFile the certificate key file * @return this builder */ - public TLSServerConnectorBuilder withCertificateKeyFile( - String certificateKeyFile) { + public TLSServerConnectorBuilder withCertificateKeyFile(String certificateKeyFile) { this.certificateKeyFile = certificateKeyFile; return this; @@ -310,23 +311,20 @@ public TLSServerConnectorBuilder withCertificateKeyFile( /** * The the certificate key password for the connector being built * - * @param certificateKeyPassword - * the certificate key password + * @param certificateKeyPassword the certificate key password * @return this builder */ - public TLSServerConnectorBuilder withCertificateKeyPassword( - char[] certificateKeyPassword) { + public TLSServerConnectorBuilder withCertificateKeyPassword(char[] certificateKeyPassword) { this.certicateKeyPassword = certificateKeyPassword; return this; } /** - * Sets the {@link SslContextFactory#setNeedClientAuth(boolean)} parameter for - * the connector being created. + * Sets the {@link SslContextFactory#setNeedClientAuth(boolean)} parameter for the connector being + * created. * - * @param needClientAuth - * true if client authentication is required + * @param needClientAuth true if client authentication is required * @return this builder */ public TLSServerConnectorBuilder withNeedClientAuth(boolean needClientAuth) { @@ -336,11 +334,10 @@ public TLSServerConnectorBuilder withNeedClientAuth(boolean needClientAuth) { } /** - * Sets the {@link SslContextFactory#setWantClientAuth(boolean)} parameter for - * the connector being created. + * Sets the {@link SslContextFactory#setWantClientAuth(boolean)} parameter for the connector being + * created. * - * @param wantClientAuth - * true if client authentication is wanted + * @param wantClientAuth true if client authentication is wanted * @return this builder */ public TLSServerConnectorBuilder withWantClientAuth(boolean wantClientAuth) { @@ -350,30 +347,24 @@ public TLSServerConnectorBuilder withWantClientAuth(boolean wantClientAuth) { } /** - * Sets SSL included protocols. See - * {@link SslContextFactory#setIncludeProtocols(String...)}. + * Sets SSL included protocols. See {@link SslContextFactory#setIncludeProtocols(String...)}. * - * @param includeProtocols - * the array of included protocol names + * @param includeProtocols the array of included protocol names * @return this builder */ - public TLSServerConnectorBuilder withIncludeProtocols( - String... includeProtocols) { + public TLSServerConnectorBuilder withIncludeProtocols(String... includeProtocols) { this.includeProtocols = includeProtocols; return this; } /** - * Sets SSL excluded protocols. See - * {@link SslContextFactory#setExcludeProtocols(String...)}. + * Sets SSL excluded protocols. See {@link SslContextFactory#setExcludeProtocols(String...)}. * - * @param excludeProtocols - * the array of excluded protocol names + * @param excludeProtocols the array of excluded protocol names * @return this builder */ - public TLSServerConnectorBuilder withExcludeProtocols( - String... excludeProtocols) { + public TLSServerConnectorBuilder withExcludeProtocols(String... excludeProtocols) { this.excludeProtocols = excludeProtocols; return this; @@ -382,12 +373,10 @@ public TLSServerConnectorBuilder withExcludeProtocols( /** * Sets the SSL included cipher suites. * - * @param includeCipherSuites - * the array of included cipher suites. + * @param includeCipherSuites the array of included cipher suites. * @return this builder */ - public TLSServerConnectorBuilder withIncludeCipherSuites( - String... includeCipherSuites) { + public TLSServerConnectorBuilder withIncludeCipherSuites(String... includeCipherSuites) { this.includeCipherSuites = includeCipherSuites; return this; @@ -396,12 +385,10 @@ public TLSServerConnectorBuilder withIncludeCipherSuites( /** * Sets the SSL ecluded cipher suites. * - * @param excludeCipherSuites - * the array of excluded cipher suites. + * @param excludeCipherSuites the array of excluded cipher suites. * @return this builder */ - public TLSServerConnectorBuilder withExcludeCipherSuites( - String... excludeCipherSuites) { + public TLSServerConnectorBuilder withExcludeCipherSuites(String... excludeCipherSuites) { this.excludeCipherSuites = excludeCipherSuites; return this; @@ -410,8 +397,7 @@ public TLSServerConnectorBuilder withExcludeCipherSuites( /** * Sets the {@link HttpConfiguration} for the connector being built. * - * @param conf - * the {@link HttpConfiguration} to use + * @param conf the {@link HttpConfiguration} to use * @return this builder */ public TLSServerConnectorBuilder withHttpConfiguration(HttpConfiguration conf) { @@ -423,8 +409,7 @@ public TLSServerConnectorBuilder withHttpConfiguration(HttpConfiguration conf) { /** * Sets the {@link KeyManager} for the connector being built. * - * @param km - * the {@link KeyManager} to use + * @param km the {@link KeyManager} to use * @return this builder */ public TLSServerConnectorBuilder withKeyManager(KeyManager km) { @@ -433,17 +418,27 @@ public TLSServerConnectorBuilder withKeyManager(KeyManager km) { return this; } + public TLSServerConnectorBuilder metricRegistry(MetricRegistry registry) { + this.registry = registry; + return this; + } + + public TLSServerConnectorBuilder metricName(String metricName) { + this.metricName = metricName; + return this; + } + private SSLContext buildSSLContext() { SSLContext sslCtx; try { - KeyManager[] kms = new KeyManager[] { keyManager }; + KeyManager[] kms = new KeyManager[] {keyManager}; SSLTrustManager tm = new SSLTrustManager(certificateValidator); sslCtx = SSLContext.getInstance("TLS"); - sslCtx.init(kms, new TrustManager[] { tm }, null); + sslCtx.init(kms, new TrustManager[] {tm}, null); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("TLS protocol not supported.", e); @@ -455,8 +450,7 @@ private SSLContext buildSSLContext() { } /** - * Builds a {@link ServerConnector} based on the - * {@link TLSServerConnectorBuilder} parameters + * Builds a {@link ServerConnector} based on the {@link TLSServerConnectorBuilder} parameters * * @return a {@link ServerConnector} */ @@ -476,9 +470,17 @@ public ServerConnector build() { httpConfiguration = defaultHttpConfiguration(); } + ConnectionFactory connFactory = null; + + if (registry != null) { + connFactory = new InstrumentedConnectionFactory(new HttpConnectionFactory(httpConfiguration), + registry.timer(metricName)); + } else { + connFactory = new HttpConnectionFactory(httpConfiguration); + } + ServerConnector connector = new ServerConnector(server, - new SslConnectionFactory(cf, HttpVersion.HTTP_1_1.asString()), - new HttpConnectionFactory(httpConfiguration)); + new SslConnectionFactory(cf, HttpVersion.HTTP_1_1.asString()), connFactory); connector.setPort(port); return connector; @@ -487,13 +489,10 @@ public ServerConnector build() { /** * Checks that file exists and is readable. * - * @param f - * the {@link File} to be checked - * @param prefix - * A prefix string for the error message, in case the file does not - * exist and is not readable - * @throws RuntimeException - * if the file does not exist or is not readable + * @param f the {@link File} to be checked + * @param prefix A prefix string for the error message, in case the file does not exist and is not + * readable + * @throws RuntimeException if the file does not exist or is not readable */ private void checkFileExistsAndIsReadable(File f, String prefix) { @@ -508,8 +507,7 @@ private void checkFileExistsAndIsReadable(File f, String prefix) { } if (errorMessage != null) { - String msg = String.format("%s: %s [%s]", prefix, errorMessage, - f.getAbsolutePath()); + String msg = String.format("%s: %s [%s]", prefix, errorMessage, f.getAbsolutePath()); throw new RuntimeException(msg); } diff --git a/src/main/java/org/italiangrid/utils/jetty/ThreadPoolBuilder.java b/src/main/java/org/italiangrid/utils/jetty/ThreadPoolBuilder.java index 0d21d69..57c438e 100644 --- a/src/main/java/org/italiangrid/utils/jetty/ThreadPoolBuilder.java +++ b/src/main/java/org/italiangrid/utils/jetty/ThreadPoolBuilder.java @@ -22,6 +22,9 @@ import org.eclipse.jetty.util.thread.QueuedThreadPool; import org.eclipse.jetty.util.thread.ThreadPool; +import com.codahale.metrics.MetricRegistry; +import com.codahale.metrics.jetty9.InstrumentedQueuedThreadPool; + /** * * A builder to support thread pool configuration for a Jetty server. @@ -42,6 +45,8 @@ public class ThreadPoolBuilder { private int idleTimeout = IDLE_TIMEOUT; private int maxRequestQueueSize; + private MetricRegistry registry; + /** * Returns a new {@link ThreadPoolBuilder} instance. * @@ -55,7 +60,7 @@ public static ThreadPoolBuilder instance() { /** * Sets the max number of threads for the thread pool. * - * @param maxNumberOfThreads the max number of threads + * @param maxNumberOfThreads the max number of threads * * @return this builder * @@ -91,6 +96,16 @@ public ThreadPoolBuilder withMaxRequestQueueSize(int queueSize) { return this; } + /** + * Sets the registry for this thread pool + * @param registry the metric registry + * @return this builder + */ + public ThreadPoolBuilder registry(MetricRegistry registry) { + this.registry = registry; + return this; + } + /** * ctor. * @@ -118,11 +133,15 @@ public ThreadPool build() { minThreads = MIN_THREADS; } - BlockingQueue queue = new ArrayBlockingQueue( - MAX_REQUEST_QUEUE_SIZE); + BlockingQueue queue = new ArrayBlockingQueue(MAX_REQUEST_QUEUE_SIZE); - QueuedThreadPool tp = new QueuedThreadPool(maxThreads, minThreads, - idleTimeout, queue); + QueuedThreadPool tp = null; + + if (registry == null) { + tp = new QueuedThreadPool(maxThreads, minThreads, idleTimeout, queue); + } else { + tp = new InstrumentedQueuedThreadPool(registry, maxThreads, minThreads, idleTimeout, queue); + } return tp; From 0eebc9579886014edff705f5e13d9d71093fbec9 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Thu, 9 May 2019 16:06:48 +0200 Subject: [PATCH 10/24] Integrate support for Conscrypt JSSE provider --- pom.xml | 22 ++++++++---- .../jetty/TLSServerConnectorBuilder.java | 36 +++++++++++++++++-- 2 files changed, 50 insertions(+), 8 deletions(-) diff --git a/pom.xml b/pom.xml index e0f6e12..029272b 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.italiangrid jetty-utils - 0.3.0-SNAPSHOT + 0.4.0-SNAPSHOT jar jetty-utils @@ -52,11 +52,11 @@ UTF-8 UTF-8 - 9.4.12.v20180830 + 9.4.15.v20190215 1.7.2 1.0.9 3.3.0 - 4.0.0 + 4.0.5 3.1 2.9.1 @@ -105,8 +105,8 @@ maven-compiler-plugin ${plugin.compiler.version} - 1.7 - 1.7 + 1.8 + 1.8 @@ -176,6 +176,16 @@ ${jetty.version} pom + + org.eclipse.jetty.http2 + http2-server + ${jetty.version} + + + org.eclipse.jetty + jetty-alpn-conscrypt-server + ${jetty.version} + org.slf4j slf4j-api @@ -302,4 +312,4 @@ - + \ No newline at end of file diff --git a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java index 265f72f..d6bae46 100644 --- a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java +++ b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java @@ -20,12 +20,15 @@ import java.security.KeyManagementException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.Security; import java.security.cert.CertificateException; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; +import org.conscrypt.OpenSSLProvider; import org.eclipse.jetty.http.HttpVersion; import org.eclipse.jetty.server.ConnectionFactory; import org.eclipse.jetty.server.HttpConfiguration; @@ -50,6 +53,11 @@ */ public class TLSServerConnectorBuilder { + /** + * Conscrypt provider name. + */ + public static final String CONSCRYPT_PROVIDER = "Conscrypt"; + /** * Default service certificate file. */ @@ -140,6 +148,11 @@ public class TLSServerConnectorBuilder { */ private MetricRegistry registry; + /** + * Whether the Conscrypt provider should be used instead of the default JSSE implementation + */ + private boolean useConscrypt = false; + /** * Returns an instance of the {@link TLSServerConnectorBuilder}. @@ -228,6 +241,11 @@ private void configureContextFactory(SslContextFactory contextFactory) { contextFactory.setWantClientAuth(tlsWantClientAuth); contextFactory.setNeedClientAuth(tlsNeedClientAuth); + if (useConscrypt) { + contextFactory.setProvider(CONSCRYPT_PROVIDER); + } + + contextFactory.setEndpointIdentificationAlgorithm(null); } /** @@ -418,6 +436,11 @@ public TLSServerConnectorBuilder withKeyManager(KeyManager km) { return this; } + public TLSServerConnectorBuilder withConscrypt(boolean conscryptEnabled) { + this.useConscrypt = conscryptEnabled; + return this; + } + public TLSServerConnectorBuilder metricRegistry(MetricRegistry registry) { this.registry = registry; return this; @@ -437,13 +460,21 @@ private SSLContext buildSSLContext() { KeyManager[] kms = new KeyManager[] {keyManager}; SSLTrustManager tm = new SSLTrustManager(certificateValidator); - sslCtx = SSLContext.getInstance("TLS"); + if (useConscrypt) { + Security.addProvider(new OpenSSLProvider()); + sslCtx = SSLContext.getInstance("TLS", CONSCRYPT_PROVIDER); + } else { + sslCtx = SSLContext.getInstance("TLS"); + } + sslCtx.init(kms, new TrustManager[] {tm}, null); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("TLS protocol not supported.", e); } catch (KeyManagementException e) { throw new RuntimeException(e); + } catch (NoSuchProviderException e) { + throw new RuntimeException("Conscrypt provider not supported.", e); } return sslCtx; @@ -462,6 +493,7 @@ public ServerConnector build() { SSLContext sslContext = buildSSLContext(); SslContextFactory cf = new SslContextFactory(); + cf.setSslContext(sslContext); configureContextFactory(cf); @@ -471,7 +503,7 @@ public ServerConnector build() { } ConnectionFactory connFactory = null; - + if (registry != null) { connFactory = new InstrumentedConnectionFactory(new HttpConnectionFactory(httpConfiguration), registry.timer(metricName)); From 30ba1a26c19dbfaa61f8ccb6c5b2cc930f04ddbc Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Thu, 9 May 2019 16:41:11 +0200 Subject: [PATCH 11/24] More provider initialization logic --- .../utils/jetty/TLSServerConnectorBuilder.java | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java index d6bae46..9a7b80c 100644 --- a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java +++ b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java @@ -15,6 +15,8 @@ */ package org.italiangrid.utils.jetty; +import static java.util.Objects.isNull; + import java.io.File; import java.io.IOException; import java.security.KeyManagementException; @@ -244,7 +246,7 @@ private void configureContextFactory(SslContextFactory contextFactory) { if (useConscrypt) { contextFactory.setProvider(CONSCRYPT_PROVIDER); } - + contextFactory.setEndpointIdentificationAlgorithm(null); } @@ -461,12 +463,16 @@ private SSLContext buildSSLContext() { SSLTrustManager tm = new SSLTrustManager(certificateValidator); if (useConscrypt) { - Security.addProvider(new OpenSSLProvider()); + + if (isNull(Security.getProvider(CONSCRYPT_PROVIDER))) { + Security.addProvider(new OpenSSLProvider()); + } + sslCtx = SSLContext.getInstance("TLS", CONSCRYPT_PROVIDER); } else { sslCtx = SSLContext.getInstance("TLS"); } - + sslCtx.init(kms, new TrustManager[] {tm}, null); } catch (NoSuchAlgorithmException e) { @@ -493,7 +499,7 @@ public ServerConnector build() { SSLContext sslContext = buildSSLContext(); SslContextFactory cf = new SslContextFactory(); - + cf.setSslContext(sslContext); configureContextFactory(cf); From 470defd5a3da6025044b7d60aa5298c83c9a5a1c Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Thu, 9 May 2019 19:58:29 +0200 Subject: [PATCH 12/24] Initial HTTP/2 support --- .../jetty/TLSServerConnectorBuilder.java | 61 ++++++++++++++++--- 1 file changed, 53 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java index 9a7b80c..59524a9 100644 --- a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java +++ b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java @@ -31,7 +31,10 @@ import javax.net.ssl.TrustManager; import org.conscrypt.OpenSSLProvider; +import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory; import org.eclipse.jetty.http.HttpVersion; +import org.eclipse.jetty.http2.HTTP2Cipher; +import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory; import org.eclipse.jetty.server.ConnectionFactory; import org.eclipse.jetty.server.HttpConfiguration; import org.eclipse.jetty.server.HttpConnectionFactory; @@ -156,6 +159,12 @@ public class TLSServerConnectorBuilder { private boolean useConscrypt = false; + /** + * Whether HTTP/2 should be configured + */ + private boolean enableHttp2 = false; + + /** * Returns an instance of the {@link TLSServerConnectorBuilder}. * @@ -246,8 +255,6 @@ private void configureContextFactory(SslContextFactory contextFactory) { if (useConscrypt) { contextFactory.setProvider(CONSCRYPT_PROVIDER); } - - contextFactory.setEndpointIdentificationAlgorithm(null); } /** @@ -443,6 +450,11 @@ public TLSServerConnectorBuilder withConscrypt(boolean conscryptEnabled) { return this; } + public TLSServerConnectorBuilder withHttp2(boolean http2Enabled) { + this.enableHttp2 = http2Enabled; + return this; + } + public TLSServerConnectorBuilder metricRegistry(MetricRegistry registry) { this.registry = registry; return this; @@ -467,7 +479,7 @@ private SSLContext buildSSLContext() { if (isNull(Security.getProvider(CONSCRYPT_PROVIDER))) { Security.addProvider(new OpenSSLProvider()); } - + sslCtx = SSLContext.getInstance("TLS", CONSCRYPT_PROVIDER); } else { sslCtx = SSLContext.getInstance("TLS"); @@ -508,22 +520,55 @@ public ServerConnector build() { httpConfiguration = defaultHttpConfiguration(); } + + HttpConnectionFactory httpConnFactory = new HttpConnectionFactory(httpConfiguration); ConnectionFactory connFactory = null; if (registry != null) { - connFactory = new InstrumentedConnectionFactory(new HttpConnectionFactory(httpConfiguration), - registry.timer(metricName)); + connFactory = new InstrumentedConnectionFactory(httpConnFactory, registry.timer(metricName)); } else { - connFactory = new HttpConnectionFactory(httpConfiguration); + connFactory = httpConnFactory; } - ServerConnector connector = new ServerConnector(server, - new SslConnectionFactory(cf, HttpVersion.HTTP_1_1.asString()), connFactory); + + ConnectionFactory h2ConnFactory = null; + ServerConnector connector = null; + + if (enableHttp2) { + + HTTP2ServerConnectionFactory h2cf = new HTTP2ServerConnectionFactory(httpConfiguration); + + if (registry != null) { + h2ConnFactory = new InstrumentedConnectionFactory(h2cf, registry.timer(metricName)); + } else { + h2ConnFactory = h2cf; + } + ALPNServerConnectionFactory alpn = createAlpnProtocolFactory(httpConnFactory); + cf.setCipherComparator(HTTP2Cipher.COMPARATOR); + cf.setUseCipherSuitesOrder(true); + + SslConnectionFactory sslCf = new SslConnectionFactory(cf, alpn.getProtocol()); + + connector = new ServerConnector(server, sslCf, alpn, h2ConnFactory, httpConnFactory); + + } else { + + connector = new ServerConnector(server, + new SslConnectionFactory(cf, HttpVersion.HTTP_1_1.asString()), connFactory); + } connector.setPort(port); return connector; } + private ALPNServerConnectionFactory createAlpnProtocolFactory( + HttpConnectionFactory httpConnectionFactory) { + ALPNServerConnectionFactory alpn = new ALPNServerConnectionFactory(); + alpn.setDefaultProtocol(httpConnectionFactory.getProtocol()); + return alpn; + } + + /** * Checks that file exists and is readable. * From c90c918a574ce0147f3b0f40f6baefbbbe32b6b6 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Fri, 10 May 2019 10:04:53 +0200 Subject: [PATCH 13/24] Javadoc fix to build correctly on JDK11 --- pom.xml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 029272b..f3a91f8 100644 --- a/pom.xml +++ b/pom.xml @@ -115,6 +115,7 @@ maven-javadoc-plugin ${plugin.javadoc.version} + 8 ${project.build.directory}/javadoc ${project.reporting.outputDirectory}/javadoc @@ -312,4 +313,4 @@ - \ No newline at end of file + From 04d1d4fd5c45e60d4456b5ef240c9de1563730d4 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Mon, 24 Jun 2019 18:39:32 +0200 Subject: [PATCH 14/24] Updated to new CI config --- Jenkinsfile | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index c41997a..9217137 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,7 +1,16 @@ #!/usr/bin/env groovy +@Library('sd')_ +def kubeLabel = getKubeLabel() pipeline { - agent { label 'maven' } + agent { + kubernetes { + label "${kubeLabel}" + cloud 'Kube mwdevel' + defaultContainer 'runner' + inheritFrom 'ci-template' + } + } options { timeout(time: 1, unit: 'HOURS') @@ -13,18 +22,14 @@ pipeline { stages { stage('checkout') { steps { - container('maven-runner'){ deleteDir() checkout scm stash name: 'code', useDefaultExcludes: false - } } } stage('deploy'){ steps { - container('maven-runner'){ sh "mvn clean -U -B deploy" - } } } } From f1a05491481be916d88b60071cfa9887879da7fa Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Tue, 27 Aug 2019 12:17:08 +0200 Subject: [PATCH 15/24] Disable useless hostname verification checks on client certs For some reason, starting with Jetty v. 9.4.15.v20190215, which is the Jetty release included in Spring boot 2.1.4, the SSLContextFactory sets configures the TLS socket in a way that results in an hostname check on the client certificate. Hostname checks are good on the client side to verify the TLS server certificates, it does not really make a lot of sense for our use case of user client certificate (which are not bound to any specific SAN or IP address). So it is fine to disable the endpointIdentificationAlgorithm on our server TLS sockets, as this was also the default in previous Jetty versions. The TLSServerConnectorBuilder has been enhanced to define what endpointIdentificationAlgorithm should be used, with the default being 'no algorithm'. This whole problem is irrelevant when the conscrypt provider is used instead of the JSSE implementation. --- .../utils/jetty/TLSConnectorBuilderError.java | 19 ++++++ .../jetty/TLSServerConnectorBuilder.java | 58 ++++++++++++++++--- 2 files changed, 70 insertions(+), 7 deletions(-) create mode 100644 src/main/java/org/italiangrid/utils/jetty/TLSConnectorBuilderError.java diff --git a/src/main/java/org/italiangrid/utils/jetty/TLSConnectorBuilderError.java b/src/main/java/org/italiangrid/utils/jetty/TLSConnectorBuilderError.java new file mode 100644 index 0000000..9223d46 --- /dev/null +++ b/src/main/java/org/italiangrid/utils/jetty/TLSConnectorBuilderError.java @@ -0,0 +1,19 @@ +package org.italiangrid.utils.jetty; + +public class TLSConnectorBuilderError extends RuntimeException { + + private static final long serialVersionUID = 1L; + + public TLSConnectorBuilderError(Throwable cause) { + super(cause); + } + + public TLSConnectorBuilderError(String message, Throwable cause) { + super(message, cause); + } + + public TLSConnectorBuilderError(String message) { + super(message); + } + +} diff --git a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java index 59524a9..c64d49a 100644 --- a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java +++ b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java @@ -26,10 +26,12 @@ import java.security.Security; import java.security.cert.CertificateException; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.conscrypt.OpenSSLProvider; import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory; import org.eclipse.jetty.http.HttpVersion; @@ -164,6 +166,20 @@ public class TLSServerConnectorBuilder { */ private boolean enableHttp2 = false; + /** + * Which TLS protocol string should be used + */ + private String tlsProtocol = "TLSv1.2"; + + /** + * Custom TLS hostname verifier + */ + private HostnameVerifier hostnameVerifier = null; + + /** + * Disable JSSE hostname verification + */ + private boolean disableJsseHostnameVerification = false; /** * Returns an instance of the {@link TLSServerConnectorBuilder}. @@ -220,7 +236,7 @@ private void loadCredentials() { } catch (KeyStoreException | CertificateException | IOException e) { - throw new RuntimeException("Error setting up service credentials", e); + throw new TLSConnectorBuilderError("Error setting up service credentials", e); } keyManager = serviceCredentials.getKeyManager(); @@ -254,7 +270,18 @@ private void configureContextFactory(SslContextFactory contextFactory) { if (useConscrypt) { contextFactory.setProvider(CONSCRYPT_PROVIDER); + } else { + contextFactory.setProvider(BouncyCastleProvider.PROVIDER_NAME); + } + + if (hostnameVerifier != null) { + contextFactory.setHostnameVerifier(hostnameVerifier); + } + + if (disableJsseHostnameVerification) { + contextFactory.setEndpointIdentificationAlgorithm(null); } + } /** @@ -465,6 +492,21 @@ public TLSServerConnectorBuilder metricName(String metricName) { return this; } + public TLSServerConnectorBuilder withTlsProtocol(String tlsProtocol) { + this.tlsProtocol = tlsProtocol; + return this; + } + + public TLSServerConnectorBuilder withHostnameVerifier(HostnameVerifier verifier) { + this.hostnameVerifier = verifier; + return this; + } + + public TLSServerConnectorBuilder withDisableJsseHostnameVerification(boolean disableJsseHostnameVerification) { + this.disableJsseHostnameVerification = disableJsseHostnameVerification; + return this; + } + private SSLContext buildSSLContext() { SSLContext sslCtx; @@ -480,19 +522,20 @@ private SSLContext buildSSLContext() { Security.addProvider(new OpenSSLProvider()); } - sslCtx = SSLContext.getInstance("TLS", CONSCRYPT_PROVIDER); + sslCtx = SSLContext.getInstance(tlsProtocol, CONSCRYPT_PROVIDER); } else { - sslCtx = SSLContext.getInstance("TLS"); + sslCtx = SSLContext.getInstance(tlsProtocol); } sslCtx.init(kms, new TrustManager[] {tm}, null); } catch (NoSuchAlgorithmException e) { - throw new RuntimeException("TLS protocol not supported.", e); + + throw new TLSConnectorBuilderError("TLS protocol not supported: " + e.getMessage(), e); } catch (KeyManagementException e) { - throw new RuntimeException(e); + throw new TLSConnectorBuilderError(e); } catch (NoSuchProviderException e) { - throw new RuntimeException("Conscrypt provider not supported.", e); + throw new TLSConnectorBuilderError("TLS provider error: " + e.getMessage(), e); } return sslCtx; @@ -514,6 +557,7 @@ public ServerConnector build() { cf.setSslContext(sslContext); + configureContextFactory(cf); if (httpConfiguration == null) { @@ -591,7 +635,7 @@ private void checkFileExistsAndIsReadable(File f, String prefix) { if (errorMessage != null) { String msg = String.format("%s: %s [%s]", prefix, errorMessage, f.getAbsolutePath()); - throw new RuntimeException(msg); + throw new TLSConnectorBuilderError(msg); } } From 4fa2b1bcad6fc9a79db20b63b95fd87d3eb264fb Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Tue, 27 Aug 2019 12:26:51 +0200 Subject: [PATCH 16/24] Bumped POM version to 0.4.0.v20190827 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f3a91f8..8f74dd7 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.italiangrid jetty-utils - 0.4.0-SNAPSHOT + 0.4.0.v20190827 jar jetty-utils From cf6afc5bba970ad31a3b6e5914dc4cc013f79b14 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Tue, 27 Aug 2019 13:46:24 +0200 Subject: [PATCH 17/24] Updated license headers --- src/license/license.txt | 2 +- .../utils/jetty/TLSConnectorBuilderError.java | 15 +++++++++++++++ .../utils/jetty/TLSServerConnectorBuilder.java | 2 +- .../utils/jetty/ThreadPoolBuilder.java | 2 +- .../org/italiangrid/utils/jetty/package-info.java | 2 +- 5 files changed, 19 insertions(+), 4 deletions(-) diff --git a/src/license/license.txt b/src/license/license.txt index 974e647..c0000f4 100644 --- a/src/license/license.txt +++ b/src/license/license.txt @@ -1,4 +1,4 @@ -Copyright (c) Istituto Nazionale di Fisica Nucleare, 2012-2015. +Copyright (c) Istituto Nazionale di Fisica Nucleare, 2012-2019. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/main/java/org/italiangrid/utils/jetty/TLSConnectorBuilderError.java b/src/main/java/org/italiangrid/utils/jetty/TLSConnectorBuilderError.java index 9223d46..c4cd979 100644 --- a/src/main/java/org/italiangrid/utils/jetty/TLSConnectorBuilderError.java +++ b/src/main/java/org/italiangrid/utils/jetty/TLSConnectorBuilderError.java @@ -1,3 +1,18 @@ +/** + * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2012-2019. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.italiangrid.utils.jetty; public class TLSConnectorBuilderError extends RuntimeException { diff --git a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java index c64d49a..638e9a5 100644 --- a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java +++ b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java @@ -1,5 +1,5 @@ /** - * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2012-2015. + * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2012-2019. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/org/italiangrid/utils/jetty/ThreadPoolBuilder.java b/src/main/java/org/italiangrid/utils/jetty/ThreadPoolBuilder.java index 57c438e..7528c1b 100644 --- a/src/main/java/org/italiangrid/utils/jetty/ThreadPoolBuilder.java +++ b/src/main/java/org/italiangrid/utils/jetty/ThreadPoolBuilder.java @@ -1,5 +1,5 @@ /** - * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2012-2015. + * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2012-2019. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/src/main/java/org/italiangrid/utils/jetty/package-info.java b/src/main/java/org/italiangrid/utils/jetty/package-info.java index 4a8eaf7..9059b9c 100644 --- a/src/main/java/org/italiangrid/utils/jetty/package-info.java +++ b/src/main/java/org/italiangrid/utils/jetty/package-info.java @@ -1,5 +1,5 @@ /** - * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2012-2015. + * Copyright (c) Istituto Nazionale di Fisica Nucleare, 2012-2019. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. From b107bfc5ba7712396ce52c6ab608dbb5ce32fd4f Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Fri, 24 Jan 2020 11:13:56 +0100 Subject: [PATCH 18/24] Update to latest jetty version from latest spring-boot --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 8f74dd7..d0b2294 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.italiangrid jetty-utils - 0.4.0.v20190827 + 0.4.1.v20200124 jar jetty-utils @@ -52,7 +52,7 @@ UTF-8 UTF-8 - 9.4.15.v20190215 + 9.4.25.v20191220 1.7.2 1.0.9 3.3.0 From 25c3d60b15dff4a721e5ed18f194000cc73b3954 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Sat, 16 May 2020 09:43:58 +0200 Subject: [PATCH 19/24] Bumped jetty version to 9.4.28.v20200408 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index d0b2294..9d4bbe7 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.italiangrid jetty-utils - 0.4.1.v20200124 + 0.4.2.v20200516 jar jetty-utils @@ -52,7 +52,7 @@ UTF-8 UTF-8 - 9.4.25.v20191220 + 9.4.28.v20200408 1.7.2 1.0.9 3.3.0 From 979e1112f08b4069deefe2afc56dec412340894b Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Tue, 25 Aug 2020 16:45:08 +0200 Subject: [PATCH 20/24] Bumped jetty version to 9.4.30.v20200611 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 9d4bbe7..4714db8 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.italiangrid jetty-utils - 0.4.2.v20200516 + 0.4.3.v20200825 jar jetty-utils @@ -52,7 +52,7 @@ UTF-8 UTF-8 - 9.4.28.v20200408 + 9.4.30.v20200611 1.7.2 1.0.9 3.3.0 From 02794d38bb9477c5d3ff5ec0db36fcb7abc99e25 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Fri, 11 Dec 2020 15:34:30 +0100 Subject: [PATCH 21/24] Remove hardcoded default for threadpool request queue size --- pom.xml | 2 +- .../utils/jetty/ThreadPoolBuilder.java | 40 +++++++++++++------ 2 files changed, 29 insertions(+), 13 deletions(-) diff --git a/pom.xml b/pom.xml index 4714db8..64716b7 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.italiangrid jetty-utils - 0.4.3.v20200825 + 0.4.4.v20201211 jar jetty-utils diff --git a/src/main/java/org/italiangrid/utils/jetty/ThreadPoolBuilder.java b/src/main/java/org/italiangrid/utils/jetty/ThreadPoolBuilder.java index 7528c1b..4eac4e2 100644 --- a/src/main/java/org/italiangrid/utils/jetty/ThreadPoolBuilder.java +++ b/src/main/java/org/italiangrid/utils/jetty/ThreadPoolBuilder.java @@ -32,18 +32,18 @@ */ public class ThreadPoolBuilder { - public static final int MAX_REQUEST_QUEUE_SIZE = 200; + public static final int DEFAULT_MAX_REQUEST_QUEUE_SIZE = 200; - public static final int MAX_THREADS = 50; - public static final int MIN_THREADS = 1; + public static final int DEFAULT_MAX_THREADS = 50; + public static final int DEFAULT_MIN_THREADS = 1; - public static final int IDLE_TIMEOUT = (int) TimeUnit.MINUTES.toMillis(60); + public static final int DEFAULT_IDLE_TIMEOUT = (int) TimeUnit.MINUTES.toMillis(60); - private int maxThreads = MAX_THREADS; - private int minThreads = MIN_THREADS; + private int maxThreads = DEFAULT_MAX_THREADS; + private int minThreads = DEFAULT_MIN_THREADS; - private int idleTimeout = IDLE_TIMEOUT; - private int maxRequestQueueSize; + private int idleTimeout = DEFAULT_IDLE_TIMEOUT; + private int maxRequestQueueSize = DEFAULT_MAX_REQUEST_QUEUE_SIZE; private MetricRegistry registry; @@ -98,6 +98,7 @@ public ThreadPoolBuilder withMaxRequestQueueSize(int queueSize) { /** * Sets the registry for this thread pool + * * @param registry the metric registry * @return this builder */ @@ -106,6 +107,17 @@ public ThreadPoolBuilder registry(MetricRegistry registry) { return this; } + /** + * Sets the idle timeout in msec for this thread pool + * + * @param idleTimeout the timeout in milliseconds + * @return this builder + */ + public ThreadPoolBuilder withIdleTimeoutMsec(int idleTimeout) { + this.idleTimeout = idleTimeout; + return this; + } + /** * ctor. * @@ -122,18 +134,22 @@ private ThreadPoolBuilder() { public ThreadPool build() { if (maxRequestQueueSize <= 0) { - maxRequestQueueSize = MAX_REQUEST_QUEUE_SIZE; + maxRequestQueueSize = DEFAULT_MAX_REQUEST_QUEUE_SIZE; } if (maxThreads <= 0) { - maxThreads = MAX_THREADS; + maxThreads = DEFAULT_MAX_THREADS; } if (minThreads <= 0) { - minThreads = MIN_THREADS; + minThreads = DEFAULT_MIN_THREADS; + } + + if (idleTimeout <= 0) { + idleTimeout = DEFAULT_IDLE_TIMEOUT; } - BlockingQueue queue = new ArrayBlockingQueue(MAX_REQUEST_QUEUE_SIZE); + BlockingQueue queue = new ArrayBlockingQueue<>(maxRequestQueueSize); QueuedThreadPool tp = null; From 35548160ebd908bba66669fa93633845a2eafbf1 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Fri, 11 Dec 2020 20:45:33 +0100 Subject: [PATCH 22/24] Add support for acceptors/selectors configuration --- .../jetty/TLSServerConnectorBuilder.java | 42 ++++++++++++++----- 1 file changed, 32 insertions(+), 10 deletions(-) diff --git a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java index 638e9a5..890b989 100644 --- a/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java +++ b/src/main/java/org/italiangrid/utils/jetty/TLSServerConnectorBuilder.java @@ -175,12 +175,22 @@ public class TLSServerConnectorBuilder { * Custom TLS hostname verifier */ private HostnameVerifier hostnameVerifier = null; - + /** * Disable JSSE hostname verification */ private boolean disableJsseHostnameVerification = false; + /** + * Number of acceptors threads for the connector + */ + private int acceptors = -1; + + /** + * Number of selector threads for the connector + */ + private int selectors = -1; + /** * Returns an instance of the {@link TLSServerConnectorBuilder}. * @@ -247,7 +257,7 @@ private void loadCredentials() { * * @param contextFactory the {@link SslContextFactory} being configured */ - private void configureContextFactory(SslContextFactory contextFactory) { + private void configureContextFactory(SslContextFactory.Server contextFactory) { if (excludeProtocols != null) { contextFactory.setExcludeProtocols(excludeProtocols); @@ -273,15 +283,15 @@ private void configureContextFactory(SslContextFactory contextFactory) { } else { contextFactory.setProvider(BouncyCastleProvider.PROVIDER_NAME); } - + if (hostnameVerifier != null) { contextFactory.setHostnameVerifier(hostnameVerifier); } - + if (disableJsseHostnameVerification) { contextFactory.setEndpointIdentificationAlgorithm(null); } - + } /** @@ -501,12 +511,23 @@ public TLSServerConnectorBuilder withHostnameVerifier(HostnameVerifier verifier) this.hostnameVerifier = verifier; return this; } - - public TLSServerConnectorBuilder withDisableJsseHostnameVerification(boolean disableJsseHostnameVerification) { + + public TLSServerConnectorBuilder withDisableJsseHostnameVerification( + boolean disableJsseHostnameVerification) { this.disableJsseHostnameVerification = disableJsseHostnameVerification; return this; } + public TLSServerConnectorBuilder withAcceptors(int acceptors) { + this.acceptors = acceptors; + return this; + } + + public TLSServerConnectorBuilder withSelectors(int selectors) { + this.selectors = selectors; + return this; + } + private SSLContext buildSSLContext() { SSLContext sslCtx; @@ -553,7 +574,7 @@ public ServerConnector build() { } SSLContext sslContext = buildSSLContext(); - SslContextFactory cf = new SslContextFactory(); + SslContextFactory.Server cf = new SslContextFactory.Server(); cf.setSslContext(sslContext); @@ -593,11 +614,12 @@ public ServerConnector build() { SslConnectionFactory sslCf = new SslConnectionFactory(cf, alpn.getProtocol()); - connector = new ServerConnector(server, sslCf, alpn, h2ConnFactory, httpConnFactory); + connector = new ServerConnector(server, acceptors, selectors, sslCf, alpn, h2ConnFactory, + httpConnFactory); } else { - connector = new ServerConnector(server, + connector = new ServerConnector(server, acceptors, selectors, new SslConnectionFactory(cf, HttpVersion.HTTP_1_1.asString()), connFactory); } From 80c39d85e65f3cd3dac6e0de723310db67f5e4b7 Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Thu, 25 Nov 2021 16:57:23 +0100 Subject: [PATCH 23/24] Upgrade to VOMS API Java 3.3.2 Which brings CANL 2.6.0 --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 64716b7..da6402f 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.italiangrid jetty-utils - 0.4.4.v20201211 + 0.4.5.20211125 jar jetty-utils @@ -55,7 +55,7 @@ 9.4.30.v20200611 1.7.2 1.0.9 - 3.3.0 + 3.3.2 4.0.5 3.1 @@ -200,7 +200,7 @@ junit junit - 4.10 + 4.13.1 test From 67db71890abada11dcce8d9dd18abef4731dc71b Mon Sep 17 00:00:00 2001 From: Andrea Ceccanti Date: Thu, 25 Nov 2021 17:37:05 +0100 Subject: [PATCH 24/24] Fix version number --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index da6402f..de6aa78 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.italiangrid jetty-utils - 0.4.5.20211125 + 0.4.5.v20211125 jar jetty-utils