[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] Updating SSL keystore
|
Hi Simone,
I guess you mean details about what I do about the reload?
Well, here it comes but since I embed Jetty this may be of little use to
others. And I took the liberty of taking a hackish shortcut to test if
it would actually work for me...
My Jetty embedding is done in a class called JettyServletContainer that
sets up a Server instance. It exposes some setup methods to add
HTTP-ports, HTTPS-ports, directory-contexsts and servlet-contexts in
order to decorate the server before actually starting it.
The method that adds servlet-contexts adds a reference to the wrapping
JettyServletContainer instance to the ServletContexHandler attributes.
That way Servlet instances can access the wrapper via the ServletContext
of a HttpServletRequest.
I extended the method that adds HTTPS-ports to collect a list with all
the resulting SslContextFactory instances inside the wrapper. Then I
added a method reloadSslCertificates that iterates this list and calls
reload on each SslContextFactory instance. I provide a dummy consumer
that does nothing. Note that I normally only have one HTTPS port in my
application so the list will have a size 1.
Then it is simply a case of using
request.getServletContext.getAttribute("container").asInstanceOf[JettyServletContainer]
or something similar and call the reloadSslCertificates on it somewhere.
I warned you: it is a hack but for now it seems to work. If I am doing
something wrong or even dangerous please let me know. I may just be
tempted to leave it as it is for now...
Cheers,
Silvio
On 02/08/2017 11:47 AM, Simone Bordet wrote:
Hi,
On Wed, Feb 8, 2017 at 11:40 AM, Silvio Bierman
<sbierman@xxxxxxxxxxxxxxxxxx> wrote:
Hello all,
I just want to report back about this: it works like a charm for me. We
implement multi-tenancy with client-specific SSL certificates using Jetty
SNI support. The keystore needs to be updated/extended frequently and until
now we had to restart the server to get the new certificates available.
Being able to do this while running is awesome.
Great !
Would be awesome if you can detail your solution.
We are interested at real world use cases, especially for this one
where Jetty provides the basic mechanism, but applications have to
write a bit of code to actually make use of the feature.
Thanks !