af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici ~ The contents of this file are subject to the terms of the Common Development and
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici ~ Distribution License (the License). You may not use this file except in compliance with the
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici ~ You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici ~ specific language governing permission and limitations under the License.
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici ~ When distributing Covered Software, include this CDDL Header Notice in each file and include
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici ~ the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici ~ Header, with the fields enclosed by brackets [] replaced by your own identifying
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici ~ information: "Portions copyright [year] [name of copyright owner]".
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici ~ Copyright 2015 ForgeRock AS.
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici<Configure id="Server" class="org.eclipse.jetty.server.Server">
9c8c2c05a3d08f94d29b4a42b8a0506a4e97e4faLaszlo Hordos <!-- =========================================================== -->
9c8c2c05a3d08f94d29b4a42b8a0506a4e97e4faLaszlo Hordos <!-- Set connectors -->
9c8c2c05a3d08f94d29b4a42b8a0506a4e97e4faLaszlo Hordos <!-- =========================================================== -->
9c8c2c05a3d08f94d29b4a42b8a0506a4e97e4faLaszlo Hordos <!-- One of each type! -->
9c8c2c05a3d08f94d29b4a42b8a0506a4e97e4faLaszlo Hordos <!-- =========================================================== -->
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <!--<Arg name="threadpool">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New class="org.eclipse.jetty.util.thread.QueuedThreadPool">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Arg name="maxThreads">500</Arg>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Arg name="minThreads">50</Arg>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Arg name="idleTimeout">60000</Arg>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Arg name="queue">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New class="java.util.concurrent.ArrayBlockingQueue">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Arg type="int">6000</Arg>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="minThreads">50</Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="maxThreads">500</Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="detailedDump">false</Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New id="tlsHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Call class="org.forgerock.openidm.jetty.Param" name="getProperty">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New id="mutualAuthHttpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Call class="org.forgerock.openidm.jetty.Param" name="getProperty">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Arg><New class="org.eclipse.jetty.server.SecureRequestCustomizer"/></Arg>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Array id="excludedCipherSuites" type="java.lang.String">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <!-- EXP-RC4-MD5 -->
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <!-- EXP-EDH-RSA-DES-CBC-SHA or EXP-DHE-RSA-DES-CBC-SHA -->
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <!-- EXP-DES-CBC-SHA -->
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Item>SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA </Item>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <!-- DES-CBC-SHA -->
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici EDH-RSA-DES-CBC-SHA or DHE-RSA-DES-CBC-SHA is excluded above
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <!-- RC4-MD5 -->
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <!-- RC4-SHA -->
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici ECDHE-RSA-RC4-SHA is excluded above
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Item>TLS_ECDHE_RSA_WITH_RC4_128_SHA</Item>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="keyStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="keystoreLocation"/></Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="keyStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="keystorePassword"/></Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="keyStoreType"><Get class="org.forgerock.openidm.jetty.Param" name="keystoreType"/></Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="trustStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="truststoreLocation"/></Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="trustStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="truststorePassword"/></Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="certAlias"><Get class="org.forgerock.openidm.jetty.Param" name="certAlias"/></Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New id="sslContextFactoryMutualAuth" class="org.eclipse.jetty.util.ssl.SslContextFactory">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="keyStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="keystoreLocation"/></Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="keyStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="keystorePassword"/></Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="keyStoreType"><Get class="org.forgerock.openidm.jetty.Param" name="keystoreType"/></Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="trustStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="truststoreLocation"/></Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="trustStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="truststorePassword"/></Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Set name="certAlias"><Get class="org.forgerock.openidm.jetty.Param" name="certAlias"/></Set>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New class="org.eclipse.jetty.server.ServerConnector">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Array type="org.eclipse.jetty.server.ConnectionFactory">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New class="org.eclipse.jetty.server.HttpConnectionFactory">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Arg name="config"><Ref refid="httpConfig" /></Arg>
dd64d8e20831446341533528ce378356a6de0970Alin Brici <Call class="org.forgerock.openidm.jetty.Param" name="getProperty">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Property name="jetty.host" default="0.0.0.0" />:<Call class="org.forgerock.openidm.jetty.Param" name="getProperty">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New class="org.eclipse.jetty.server.ServerConnector">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Array type="org.eclipse.jetty.server.ConnectionFactory">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New class="org.eclipse.jetty.server.SslConnectionFactory">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New class="org.eclipse.jetty.server.HttpConnectionFactory">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Arg name="config"><Ref refid="tlsHttpConfig"/></Arg>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Call class="org.forgerock.openidm.jetty.Param" name="getProperty">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Property name="jetty.host" default="0.0.0.0" />:<Call class="org.forgerock.openidm.jetty.Param" name="getProperty">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New class="org.eclipse.jetty.server.ServerConnector" id="MutualAuthPort">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Array type="org.eclipse.jetty.server.ConnectionFactory">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New class="org.eclipse.jetty.server.SslConnectionFactory">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <New class="org.eclipse.jetty.server.HttpConnectionFactory">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Arg name="config"><Ref refid="mutualAuthHttpConfig"/></Arg>
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Call class="org.forgerock.openidm.jetty.Param" name="getProperty">
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Property name="jetty.host" default="0.0.0.0" />:<Call class="org.forgerock.openidm.jetty.Param" name="getProperty">
3e7f5d1d7f53cd235d54f7052aa81f4426e043bfNicolasPhilippe <!--Call class="org.forgerock.openidm.jetty.DisableOpenIDMAuth"
af23b07763760931e46b353308cb5c744d1e3bf0Alin Brici <Ref refid="MutualAuthPort"/>