KB Article #182073
How to add new HTTP/HTTPS connectors in Jetty9 for TSIM 3.9.1 SP24
Problem
TSIM 3.9.1 SP24 comes with a new version of Jetty (Jetty 9) which has a completely new config structure.
Customers who had custom HTTP/HTTPS connectors in previous versions of the product will need to re-configure their connectors after installing SP24.
This article provides examples on how to perform this action.
Same instructions will be delivered also by R&D together with SP25
Resolution
In order to add a new plain HTTP connector for CGI, the following configuration needs to be uncommented in $ACTISEDI/internet/www/Jetty/etc/jetty-http.xml:
<Call name="addConnector">
<Arg>
<New id="httpConnector" class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property name="jetty.http.acceptors" deprecated="http.acceptors" default="2"/></Arg>
<Arg name="selectors" type="int"><Property name="jetty.http.selectors" deprecated="http.selectors" default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="httpConfig" /></Arg>
<Arg name="compliance">
<Call class="org.eclipse.jetty.http.HttpCompliance" name="valueOf"><Arg><Property name="jetty.http.compliance" default="RFC7230_LEGACY"/></Arg></Call>
</Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host"><Property name="jetty.http.host" deprecated="jetty.host" default="0.0.0.0"/></Set>
<Set name="port">8080</Set>
<Set name="idleTimeout"><Property name="jetty.http.idleTimeout" deprecated="http.timeout" default="30000"/></Set>
<Set name="acceptorPriorityDelta"><Property name="jetty.http.acceptorPriorityDelta" deprecated="http.acceptorPriorityDelta" default="0"/></Set>
<Set name="acceptQueueSize"><Property name="jetty.http.acceptQueueSize" deprecated="http.acceptQueueSize" default="0"/></Set>
<Set name="reuseAddress"><Property name="jetty.http.reuseAddress" default="true"/></Set>
<Set name="acceptedTcpNoDelay"><Property name="jetty.http.acceptedTcpNoDelay" default="true"/></Set>
<Set name="acceptedReceiveBufferSize"><Property name="jetty.http.acceptedReceiveBufferSize" default="-1"/></Set>
<Set name="acceptedSendBufferSize"><Property name="jetty.http.acceptedSendBufferSize" default="-1"/></Set>
<Get name="SelectorManager">
<Set name="connectTimeout"><Property name="jetty.http.connectTimeout" default="15000"/></Set>
</Get>
</New>
</Arg>
</Call>
This corresponds to the old configuration in Jetty 6.1.25 ($ACTISEDI/internet/www/Jetty/etc/jetty.xml):
<!-- =============================================================== -->
<!-- Configure HTTP for CGI support only -->
<!-- =============================================================== -->
<!--
<Call name="addConnector">
<Arg>
<New class="org.mortbay.jetty.nio.SelectChannelConnector">
<Set name="host"><SystemProperty name="jetty.host" default="0.0.0.0"/></Set>
<Set name="port">8080</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="Acceptors">2</Set>
<Set name="statsOn">false</Set>
<Set name="confidentialPort">9180</Set>
<Set name="lowResourcesConnections">5000</Set>
<Set name="lowResourcesMaxIdleTime">5000</Set>
</New>
</Arg>
</Call>
-->In order to add a new HTTPS connector, the following configuration example needs to be added in $ACTISEDI/internet/www/Jetty/etc/jetty-ssl.xml just before the end of the "Configure" tag:
<!-- ======================================================================== -->
<!-- Add a custom SSL Connector -->
<!-- ======================================================================== -->
<Call name="addConnector">
<Arg>
<New id="customSslConnector" class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="acceptors" type="int"><Property name="jetty.ssl.acceptors" deprecated="ssl.acceptors" default="-1"/></Arg>
<Arg name="selectors" type="int"><Property name="jetty.ssl.selectors" deprecated="ssl.selectors" default="-1"/></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="next">http/1.1</Arg>
<Arg name="sslContextFactory">
<!-- if already configured sslContextFactory object is to be used, then uncomment below line and comment the creation of the new factory -->
<!--<Ref refid="sslContextFactory"/>-->
<!-- if using existing sslContextFactory like above is not possible, then instanciate a new factory and customize it -->
<New class="de.axway.ajas.httpserver.application.CmSslServerContextFactory">
<Set name="Provider"><Property name="jetty.sslContext.provider"/></Set>
<!-- Certificate Manager configuration parameters for secure connections / certificate retrieval BEGIN -->
<!-- Specify an existing Certificate Manager ssl.cfg entry name, or leave empty to apply Jetty default security protocols and cipher suites -->
<!-- NOTE: No "CBC" cipher suites specified in the ssl.cfg entry name are allowed by Jetty, only "GCM" -->
<Set name="cmSslConfig">DEFAULT</Set>
<Set name="cmUsage">HTTPS2</Set>
<Set name="cmPartner">EDIMAN2</Set>
<Set name="cmApplication">AJAS2</Set>
<Set name="cmDeploymentTarget"></Set>
<Set name="cmOptionalParameter"></Set>
<!-- Certificate Manager configuration parameters for secure connections / certificate retrieval END -->
<!-- Jetty 9 keystore/truststore default configuration is not used, but due to internal Jetty logic below property needs to be set -->
<Set name="KeyStorePath">
<Property name="jetty.sslContext.keyStoreAbsolutePath">
<Default>
<Property name="jetty.base" default="." />/<Property name="jetty.sslContext.keyStorePath" deprecated="jetty.keystore" default="etc/keystore"/>
</Default>
</Property>
</Set>
<Set name="EndpointIdentificationAlgorithm"><Property name="jetty.sslContext.endpointIdentificationAlgorithm"/></Set>
<Set name="NeedClientAuth"><Property name="jetty.sslContext.needClientAuth" deprecated="jetty.ssl.needClientAuth" default="false"/></Set>
<Set name="WantClientAuth"><Property name="jetty.sslContext.wantClientAuth" deprecated="jetty.ssl.wantClientAuth" default="false"/></Set>
<Set name="useCipherSuitesOrder"><Property name="jetty.sslContext.useCipherSuitesOrder" default="true"/></Set>
<Set name="sslSessionCacheSize"><Property name="jetty.sslContext.sslSessionCacheSize" default="-1"/></Set>
<Set name="sslSessionTimeout"><Property name="jetty.sslContext.sslSessionTimeout" default="-1"/></Set>
<Set name="RenegotiationAllowed"><Property name="jetty.sslContext.renegotiationAllowed" default="true"/></Set>
<Set name="RenegotiationLimit"><Property name="jetty.sslContext.renegotiationLimit" default="5"/></Set>
<Set name="SniRequired"><Property name="jetty.sslContext.sniRequired" default="false"/></Set>
</New>
</Arg>
</New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="sslHttpConfig" /></Arg>
<Arg name="compliance">
<Call class="org.eclipse.jetty.http.HttpCompliance" name="valueOf">
<Arg><Property name="jetty.http.compliance" default="RFC7230"/></Arg>
</Call>
</Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="host"><Property name="jetty.ssl.host" deprecated="jetty.host" default="0.0.0.0"/></Set>
<Set name="port">5443</Set>
<Set name="idleTimeout"><Property name="jetty.ssl.idleTimeout" deprecated="ssl.timeout" default="30000"/></Set>
<Set name="acceptorPriorityDelta"><Property name="jetty.ssl.acceptorPriorityDelta" deprecated="ssl.acceptorPriorityDelta" default="0"/></Set>
<Set name="acceptQueueSize"><Property name="jetty.ssl.acceptQueueSize" deprecated="ssl.acceptQueueSize" default="0"/></Set>
<Set name="reuseAddress"><Property name="jetty.ssl.reuseAddress" default="true"/></Set>
<Set name="acceptedTcpNoDelay"><Property name="jetty.ssl.acceptedTcpNoDelay" default="true"/></Set>
<Set name="acceptedReceiveBufferSize"><Property name="jetty.ssl.acceptedReceiveBufferSize" default="-1"/></Set>
<Set name="acceptedSendBufferSize"><Property name="jetty.ssl.acceptedSendBufferSize" default="-1"/></Set>
<Get name="SelectorManager">
<Set name="connectTimeout"><Property name="jetty.ssl.connectTimeout" default="15000"/></Set>
</Get>
</New>
</Arg>
</Call>
This corresponds to to the old configuration in Jetty 6.1.25 ($ACTISEDI/internet/www/Jetty/etc/jetty.xml):
<Call name="addConnector">
<Arg>
<New class="de.axway.ajas.httpserver.application.CmSslSocketConnector">
<Set name="port">5443</Set>
<Set name="maxIdleTime">30000</Set>
<Set name="cmSslConfig">DEFAULT</Set>
<Set name="cmUsage">HTTPS2</Set>
<Set name="cmPartner">EDIMAN2</Set>
<Set name="cmApplication">AJAS2</Set>
<Set name="cmDeploymentTarget"></Set>
<Set name="cmOptionalParameter"></Set>
</New>
</Arg>
</Call>Note: you can use any SSL configuration defined in $ACTISEDI/param/ssl.cfg , with the observation that No "CBC" cipher suites are allowed by Jetty 9, only "GCM" (as mentioned in the jetty-ssl-context.xml config file).