1. 首页
  2. 问答
  3. 如何将安全Jersey应用程序部署到Heroku

如何将安全Jersey应用程序部署到Heroku

2016-06-09 60 views
0

很容易弄清楚如何将使用Grizzly的Jersey应用程序部署到Heroku。一旦我获得了基本的应用程序,我决定遵循https-clientserver-grizzly示例中的说明来保护我的端点,但遇到了将它部署到Heroku的一些问题。如何将安全Jersey应用程序部署到Heroku

一旦部署到Heroku,服务器拒绝响应,关闭所有连接请求而不发送响应。本地我没有问题,只有当我部署到Heroku时发生此错误。

我已经在下面列出了我的Server.java文件的相关部分。

public class Server extends ResourceConfig { 
    private static final String DEFAULT_SERVER_PORT = "8443"; 
    private static final String KEY_SERVER_PORT = "server.port"; 
    private static final String KEY_TRUST_PASSWORD = "TRUST_PASSWORD"; 
    private static final String KEYSTORE_SERVER_FILE = "./security/keystore_server"; 
    private static final String LOCALHOST = "https://0.0.0.0:%s/v1"; 
    private static final String TRUSTSTORE_SERVER_FILE = "./security/truststore_server"; 

    private final String endpoint; 
    private final HttpServer httpServer; 

    private Server(final String endpoint) throws KeyManagementException, 
      NoSuchAlgorithmException, KeyStoreException, CertificateException, 
      FileNotFoundException, IOException, UnrecoverableKeyException { 
     super(); 

     ... 

     URI.create(this.endpoint), 
       this, 
       true, 
       secure()); 

     this.httpServer.start(); 

     System.out.println(String.format(
       "Jersey app started with WADL available at %s/application.wadl", 
       this.endpoint)); 
    } 


    /** 
    * Generates a secure configurator for the server. 
    * @return A {@link SSLEngineConfigurator} instance for the server. 
    * @throws IOException If the key or trust store password cannot be read. 
    * @throws RuntimeException If the configuration is considered invalid. 
    */ 
    private static SSLEngineConfigurator secure() throws IOException, RuntimeException { 
     // Set up security context 
     final String password = System.getenv(KEY_TRUST_PASSWORD); 
     if (password == null) { 
      throw new RuntimeException("Truststore password is not set in the environment"); 
     } 

     // Grizzly ssl configuration 
     SSLContextConfigurator sslContext = new SSLContextConfigurator(); 

     // set up security context 
     sslContext.setKeyStoreFile(KEYSTORE_SERVER_FILE); // contains server keypair 
     sslContext.setKeyStorePass(password); 
     sslContext.setTrustStoreFile(TRUSTSTORE_SERVER_FILE); // contains client certificate 
     sslContext.setTrustStorePass(password); 
     sslContext.setSecurityProtocol("TLS"); 

     if (!sslContext.validateConfiguration(true)) { 
      throw new RuntimeException("SSL context is invalid"); 
     } 

     return new SSLEngineConfigurator(sslContext) 
       .setClientMode(false) 
       .setNeedClientAuth(false); 
    } 
}

如果有人通过这个战斗,并有任何建议,将不胜感激!

来源

2016-06-09 mattforni

回答

1

在Heroku上,你不需要自己在Java应用程序中设置HTTPS。 Heroku为您处理HTTPS,并在Heroku路由器上发生SSL终止,因此流量在到达您的应用程序时未加密。

只需访问您的网站作为https://.herokuapp.com

来源

2016-06-10 15:03:41 codefinger

+0

那么我怎么可能会拒绝或重新路由所有未加密的流量? – mattforni

+0

这是一个不同的问题,它取决于你的服务器和其他一些东西。这里是Tomcat的一个例子https://github.com/kissaten/tomcat-disable-http – codefinger

+0

重要的部分在这里https://github.com/kissaten/tomcat-disable-http/blob/master/src/main /java/ForwardHttpFilter.java – codefinger

相关问题

 相关问题