This is an automated email from the ASF dual-hosted git repository.
elserj pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/accumulo.git
commit c35f17f5354340ee6da773d84c42fee017f8bb81
Merge: 5af231f 159c97a
Author: Josh Elser <els...@apache.org>
AuthorDate: Mon Sep 24 17:54:34 2018 -0400
Merge branch '1.9'
.../java/org/apache/accumulo/core/conf/Property.java | 4 ++++
.../org/apache/accumulo/monitor/EmbeddedWebServer.java | 18 ++++++++++++------
2 files changed, 16 insertions(+), 6 deletions(-)
diff --cc
server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
index ee2ebaa,e8309be..69222ab
---
a/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
+++
b/server/monitor/src/main/java/org/apache/accumulo/monitor/EmbeddedWebServer.java
@@@ -42,29 -49,23 +42,35 @@@ public class EmbeddedWebServer
public EmbeddedWebServer(String host, int port) {
server = new Server();
final AccumuloConfiguration conf =
Monitor.getContext().getConfiguration();
- if (EMPTY.equals(conf.get(Property.MONITOR_SSL_KEYSTORE))
- || EMPTY.equals(conf.get(Property.MONITOR_SSL_KEYSTOREPASS))
- || EMPTY.equals(conf.get(Property.MONITOR_SSL_TRUSTSTORE))
- || EMPTY.equals(conf.get(Property.MONITOR_SSL_TRUSTSTOREPASS))) {
+ connector = new ServerConnector(server, getConnectionFactories(conf));
+ connector.setHost(host);
+ connector.setPort(port);
+
+ handler = new ServletContextHandler(
+ ServletContextHandler.SESSIONS | ServletContextHandler.SECURITY);
+ handler.getSessionHandler().getSessionCookieConfig().setHttpOnly(true);
+ handler.setContextPath("/");
+ }
+
+ private static AbstractConnectionFactory[]
getConnectionFactories(AccumuloConfiguration conf) {
+ HttpConnectionFactory httpFactory = new HttpConnectionFactory();
+ EnumSet<Property> requireForSecure =
EnumSet.of(Property.MONITOR_SSL_KEYSTORE,
- Property.MONITOR_SSL_KEYSTOREPASS, Property.MONITOR_SSL_TRUSTSTORE);
++ Property.MONITOR_SSL_KEYSTOREPASS, Property.MONITOR_SSL_TRUSTSTORE,
++ Property.MONITOR_SSL_TRUSTSTOREPASS);
+
+ if (requireForSecure.stream().map(p -> conf.get(p)).anyMatch(s -> s ==
null || s.isEmpty())) {
+ LOG.debug("Not configuring Jetty to use TLS");
- connector = new ServerConnector(server, new HttpConnectionFactory());
- usingSsl = false;
+ return new AbstractConnectionFactory[] {httpFactory};
} else {
- final String trustStorePass =
conf.get(Property.MONITOR_SSL_TRUSTSTOREPASS);
- if (trustStorePass.isEmpty()) {
- LOG.warn("Truststore JKS file has an empty password which prevents
any integrity checks.");
+ LOG.debug("Configuring Jetty to use TLS");
+ final SslContextFactory sslContextFactory = new SslContextFactory();
+ // If the key password is the same as the keystore password, we don't
+ // have to explicitly set it. Thus, if the user doesn't provide a key
+ // password, don't set anything.
+ final String keyPass = conf.get(Property.MONITOR_SSL_KEYPASS);
+ if (!Property.MONITOR_SSL_KEYPASS.getDefaultValue().equals(keyPass)) {
+ sslContextFactory.setKeyManagerPassword(keyPass);
}
- SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setKeyStorePath(conf.get(Property.MONITOR_SSL_KEYSTORE));
sslContextFactory.setKeyStorePassword(conf.get(Property.MONITOR_SSL_KEYSTOREPASS));
sslContextFactory.setKeyStoreType(conf.get(Property.MONITOR_SSL_KEYSTORETYPE));
