0
很容易弄清楚如何将使用Grizzly的Jersey应用程序部署到Heroku。一旦我获得了基本的应用程序,我决定遵循https-clientserver-grizzly示例中的说明来保护我的端点,但遇到了将它部署到Heroku的一些问题。如何将安全Jersey应用程序部署到Heroku
一旦部署到Heroku,服务器拒绝响应,关闭所有连接请求而不发送响应。本地我没有问题,只有当我部署到Heroku时发生此错误。
我已经在下面列出了我的Server.java文件的相关部分。
public class Server extends ResourceConfig {
private static final String DEFAULT_SERVER_PORT = "8443";
private static final String KEY_SERVER_PORT = "server.port";
private static final String KEY_TRUST_PASSWORD = "TRUST_PASSWORD";
private static final String KEYSTORE_SERVER_FILE = "./security/keystore_server";
private static final String LOCALHOST = "https://0.0.0.0:%s/v1";
private static final String TRUSTSTORE_SERVER_FILE = "./security/truststore_server";
private final String endpoint;
private final HttpServer httpServer;
private Server(final String endpoint) throws KeyManagementException,
NoSuchAlgorithmException, KeyStoreException, CertificateException,
FileNotFoundException, IOException, UnrecoverableKeyException {
super();
...
URI.create(this.endpoint),
this,
true,
secure());
this.httpServer.start();
System.out.println(String.format(
"Jersey app started with WADL available at %s/application.wadl",
this.endpoint));
}
/**
* Generates a secure configurator for the server.
* @return A {@link SSLEngineConfigurator} instance for the server.
* @throws IOException If the key or trust store password cannot be read.
* @throws RuntimeException If the configuration is considered invalid.
*/
private static SSLEngineConfigurator secure() throws IOException, RuntimeException {
// Set up security context
final String password = System.getenv(KEY_TRUST_PASSWORD);
if (password == null) {
throw new RuntimeException("Truststore password is not set in the environment");
}
// Grizzly ssl configuration
SSLContextConfigurator sslContext = new SSLContextConfigurator();
// set up security context
sslContext.setKeyStoreFile(KEYSTORE_SERVER_FILE); // contains server keypair
sslContext.setKeyStorePass(password);
sslContext.setTrustStoreFile(TRUSTSTORE_SERVER_FILE); // contains client certificate
sslContext.setTrustStorePass(password);
sslContext.setSecurityProtocol("TLS");
if (!sslContext.validateConfiguration(true)) {
throw new RuntimeException("SSL context is invalid");
}
return new SSLEngineConfigurator(sslContext)
.setClientMode(false)
.setNeedClientAuth(false);
}
}
如果有人通过这个战斗,并有任何建议,将不胜感激!
那么我怎么可能会拒绝或重新路由所有未加密的流量? – mattforni
这是一个不同的问题,它取决于你的服务器和其他一些东西。这里是Tomcat的一个例子https://github.com/kissaten/tomcat-disable-http – codefinger
重要的部分在这里https://github.com/kissaten/tomcat-disable-http/blob/master/src/main /java/ForwardHttpFilter.java – codefinger