1. 首頁
  2. 問答
  3. 如何將安全Jersey應用程序部署到Heroku

如何將安全Jersey應用程序部署到Heroku

2016-06-09 58 views
0

很容易弄清楚如何將使用Grizzly的Jersey應用程序部署到Heroku。一旦我獲得了基本的應用程序,我決定遵循https-clientserver-grizzly示例中的說明來保護我的端點,但遇到了將它部署到Heroku的一些問題。如何將安全Jersey應用程序部署到Heroku

一旦部署到Heroku,服務器拒絕響應,關閉所有連接請求而不發送響應。本地我沒有問題,只有當我部署到Heroku時發生此錯誤。

我已經在下面列出了我的Server.java文件的相關部分。

public class Server extends ResourceConfig { 
    private static final String DEFAULT_SERVER_PORT = "8443"; 
    private static final String KEY_SERVER_PORT = "server.port"; 
    private static final String KEY_TRUST_PASSWORD = "TRUST_PASSWORD"; 
    private static final String KEYSTORE_SERVER_FILE = "./security/keystore_server"; 
    private static final String LOCALHOST = "https://0.0.0.0:%s/v1"; 
    private static final String TRUSTSTORE_SERVER_FILE = "./security/truststore_server"; 

    private final String endpoint; 
    private final HttpServer httpServer; 

    private Server(final String endpoint) throws KeyManagementException, 
      NoSuchAlgorithmException, KeyStoreException, CertificateException, 
      FileNotFoundException, IOException, UnrecoverableKeyException { 
     super(); 

     ... 

     URI.create(this.endpoint), 
       this, 
       true, 
       secure()); 

     this.httpServer.start(); 

     System.out.println(String.format(
       "Jersey app started with WADL available at %s/application.wadl", 
       this.endpoint)); 
    } 


    /** 
    * Generates a secure configurator for the server. 
    * @return A {@link SSLEngineConfigurator} instance for the server. 
    * @throws IOException If the key or trust store password cannot be read. 
    * @throws RuntimeException If the configuration is considered invalid. 
    */ 
    private static SSLEngineConfigurator secure() throws IOException, RuntimeException { 
     // Set up security context 
     final String password = System.getenv(KEY_TRUST_PASSWORD); 
     if (password == null) { 
      throw new RuntimeException("Truststore password is not set in the environment"); 
     } 

     // Grizzly ssl configuration 
     SSLContextConfigurator sslContext = new SSLContextConfigurator(); 

     // set up security context 
     sslContext.setKeyStoreFile(KEYSTORE_SERVER_FILE); // contains server keypair 
     sslContext.setKeyStorePass(password); 
     sslContext.setTrustStoreFile(TRUSTSTORE_SERVER_FILE); // contains client certificate 
     sslContext.setTrustStorePass(password); 
     sslContext.setSecurityProtocol("TLS"); 

     if (!sslContext.validateConfiguration(true)) { 
      throw new RuntimeException("SSL context is invalid"); 
     } 

     return new SSLEngineConfigurator(sslContext) 
       .setClientMode(false) 
       .setNeedClientAuth(false); 
    } 
}

如果有人通過這個戰鬥,並有任何建議,將不勝感激!

來源

2016-06-09 mattforni

回答

1

在Heroku上,你不需要自己在Java應用程序中設置HTTPS。 Heroku爲您處理HTTPS,並在Heroku路由器上發生SSL終止,因此流量在到達您的應用程序時未加密。

只需訪問您的網站作爲https://.herokuapp.com

來源

2016-06-10 15:03:41 codefinger

+0

那麼我怎麼可能會拒絕或重新路由所有未加密的流量? – mattforni

+0

這是一個不同的問題,它取決於你的服務器和其他一些東西。這裏是Tomcat的一個例子https://github.com/kissaten/tomcat-disable-http – codefinger

+0

重要的部分在這裏https://github.com/kissaten/tomcat-disable-http/blob/master/src/main /java/ForwardHttpFilter.java – codefinger

相關問題

 相關問題