2

I am writing a HTTPS proxy server using servlet 3.0 and Jetty.

How can I process HTTPS Connect in jetty?

Currently I am using jetty-maven-plugin and my plugin configuration looks like this- 

<groupId>org.mortbay.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<configuration>
    <scanIntervalSeconds>10</scanIntervalSeconds>
    <webApp>
        <contextPath>/</contextPath>        
    </webApp>
    <scanIntervalSeconds>1</scanIntervalSeconds>    
    <connectors>
        <connector implementation="org.eclipse.jetty.server.nio.SelectChannelConnector">
            <port>9090</port>
            <maxIdleTime>60000</maxIdleTime>
        </connector>
        <connector implementation="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
            <port>9090</port>
            <keystore>src/keystore.jks</keystore>
            <keyPassword>test</keyPassword>
            <password>test</password> 
        </connector>        
    </connectors>    
</configuration>
/plugin>

Yes- I want to process HTTP and HTTPS over same port. When I start Jetty, it starts just fine- 

2013-04-21 15:15:03.750:INFO:oejs.AbstractConnector:Started SelectChannelConnector@0.0.0.0:9090
2013-04-21 15:15:03.912:INFO:oejus.SslContextFactory:Enabled Protocols [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2] of [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]
2013-04-21 15:15:03.917:INFO:oejs.AbstractConnector:Started SslSelectChannelConnector@0.0.0.0:9090
Started Jetty Server

I've @Override over doGet and doPost and both methods fire just fine when I send HTTP request. But none of them are fired when client sends HTTPS Connect. I would like to intercept HTTPS Connect so that I can inspect SSL traffic.

Any idea how to make it work?

Update- I think I've found first issue. Even though I see in logs that SelectChannelConnector and SslSelectChannelConnector are started on port 9090, the SSL connector is not being fired.

So my question is- is it possible to handle both HTTP and HTTPS on same port using servlet 3.0 and Jetty?

user375868
  • 1,288
  • 4
  • 21
  • 45

1 Answers1

0

No, that's not possible (in fact it is possible, but it shouldn't be). Every connector needs it's own port.

You could however redirect all connects to the http listener to the https port using security-constraints in your web.xml. However that doesn't seem to be what you're looking for.

I wonder why jetty doesn't throw any exception at startup when you try to setup two connectors on a single port. Will verify that.

Thomas Becker
  • 934
  • 8
  • 16
  • Jetty or to be precise the JVM throws an AddressAlreadyInUseException when you try to configure two connectors on the same port in jetty 9. As expected. – Thomas Becker Apr 22 '13 at 11:01
  • 3
    except on some versions of windows which apparently allow you to open the same port twice..which is just wrong and broken, besides, http and https are not supposed to run on the same port – jesse mcconnell Apr 22 '13 at 12:17