jetty.xml revision 3e7f5d1d7f53cd235d54f7052aa81f4426e043bf
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
<!--
~ The contents of this file are subject to the terms of the Common Development and
~ Distribution License (the License). You may not use this file except in compliance with the
~ License.
~
~ You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
~ specific language governing permission and limitations under the License.
~
~ When distributing Covered Software, include this CDDL Header Notice in each file and include
~ the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
~ Header, with the fields enclosed by brackets [] replaced by your own identifying
~ information: "Portions copyright [year] [name of copyright owner]".
~
~ Copyright 2015 ForgeRock AS.
-->
<!-- =========================================================== -->
<!-- Set connectors -->
<!-- =========================================================== -->
<!-- One of each type! -->
<!-- =========================================================== -->
<!--<Arg name="threadpool">
<Arg name="maxThreads">500</Arg>
<Arg name="minThreads">50</Arg>
<Arg name="idleTimeout">60000</Arg>
<Arg name="queue">
<New class="java.util.concurrent.ArrayBlockingQueue">
<Arg type="int">6000</Arg>
</New>
</Arg>
<Set name="minThreads">50</Set>
<Set name="maxThreads">500</Set>
<Set name="detailedDump">false</Set>
</New>
</Arg>-->
<Set name="outputBufferSize">32768</Set>
<Set name="requestHeaderSize">8192</Set>
<Set name="responseHeaderSize">8192</Set>
<Call name="addCustomizer">
</Call>
</New>
<Arg><Ref refid="httpConfig"/></Arg>
<Set name="secureScheme">https</Set>
<Set name="securePort">
</Call>
</Set>
<Call name="addCustomizer">
</Call>
</New>
<Arg><Ref refid="httpConfig"/></Arg>
<Set name="secureScheme">https</Set>
<Set name="securePort">
</Call>
</Set>
<Call name="addCustomizer">
</Call>
</New>
<!-- EXP-RC4-MD5 -->
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_DH_anon_EXPORT_WITH_RC4_40_MD5</Item>
<Item>TLS_KRB5_EXPORT_WITH_RC4_40_MD5</Item>
<!-- EXP-EDH-RSA-DES-CBC-SHA or EXP-DHE-RSA-DES-CBC-SHA -->
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<!-- EXP-DES-CBC-SHA -->
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA </Item>
<Item>TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA</Item>
<!-- DES-CBC-SHA -->
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_DH_anon_WITH_DES_CBC_SHA</Item>
<Item>TLS_KRB5_WITH_DES_CBC_SHA</Item>
<!--
EDH-RSA-DES-CBC-SHA or DHE-RSA-DES-CBC-SHA is excluded above
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
-->
<!-- RC4-MD5 -->
<Item>SSL_RSA_WITH_RC4_128_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_DH_anon_WITH_RC4_128_MD5</Item>
<Item>SSL_DH_anon_EXPORT_WITH_RC4_40_MD5</Item>
<Item>TLS_KRB5_WITH_RC4_128_MD5</Item>
<Item>TLS_KRB5_EXPORT_WITH_RC4_40_MD5</Item>
<!-- RC4-SHA -->
<Item>SSL_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDH_ECDSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDH_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDHE_RSA_WITH_RC4_128_SHA</Item>
<Item>TLS_ECDH_anon_WITH_RC4_128_SHA</Item>
<Item>TLS_KRB5_WITH_RC4_128_SHA</Item>
<Item>TLS_KRB5_EXPORT_WITH_RC4_40_SHA</Item>
<!--
ECDHE-RSA-RC4-SHA is excluded above
<Item>TLS_ECDHE_RSA_WITH_RC4_128_SHA</Item>
-->
</Array>
<Set name="keyStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="keystoreLocation"/></Set>
<Set name="keyStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="keystorePassword"/></Set>
<Set name="trustStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="truststoreLocation"/></Set>
<Set name="trustStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="truststorePassword"/></Set>
<Set name="wantClientAuth">true</Set>
<Set name="ExcludeProtocols">
<Item>SSLv3</Item>
</Array>
</Set>
<Set name="ExcludeCipherSuites">
<Ref refid="excludedCipherSuites"/>
</Set>
</New>
<Set name="keyStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="keystoreLocation"/></Set>
<Set name="keyStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="keystorePassword"/></Set>
<Set name="trustStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="truststoreLocation"/></Set>
<Set name="trustStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="truststorePassword"/></Set>
<Set name="needClientAuth">true</Set>
<Set name="ExcludeProtocols">
<Item>SSLv3</Item>
</Array>
</Set>
<Set name="ExcludeCipherSuites">
<Ref refid="excludedCipherSuites"/>
</Set>
</New>
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="executor"/>
<Arg name="scheduler"/>
<Arg name="bufferPool"/>
<Arg name="acceptors" type="int">-1</Arg>
<Arg name="selectors" type="int">-1</Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="httpConfig" /></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="port">
</Call>
</Set>
<Set name="idleTimeout">300000</Set>
<Set name="name">
<Property name="jetty.host" default="0.0.0.0" />:<Call class="org.forgerock.openidm.jetty.Param" name="getProperty">
</Call>
</Set>
</New>
</Arg>
</Call>
<Call id="sslConnector" name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="executor"/>
<Arg name="scheduler"/>
<Arg name="bufferPool"/>
<Arg name="acceptors" type="int">-1</Arg>
<Arg name="selectors" type="int">-1</Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="sslContextFactory"><Ref refid="sslContextFactory"/></Arg>
</New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="tlsHttpConfig"/></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="port">
</Call>
</Set>
<Set name="idleTimeout">30000</Set>
<Set name="name">
<Property name="jetty.host" default="0.0.0.0" />:<Call class="org.forgerock.openidm.jetty.Param" name="getProperty">
</Call>
</Set>
</New>
</Arg>
</Call>
<Call name="addConnector">
<Arg>
<Arg name="server"><Ref refid="Server" /></Arg>
<Arg name="factories">
<Array type="org.eclipse.jetty.server.ConnectionFactory">
<Item>
<New class="org.eclipse.jetty.server.SslConnectionFactory">
<Arg name="sslContextFactory">
<Ref refid="sslContextFactoryMutualAuth"/>
</Arg>
</New>
</Item>
<Item>
<New class="org.eclipse.jetty.server.HttpConnectionFactory">
<Arg name="config"><Ref refid="mutualAuthHttpConfig"/></Arg>
</New>
</Item>
</Array>
</Arg>
<Set name="port">
</Call>
</Set>
<Set name="idleTimeout">30000</Set>
<Set name="name">
<Property name="jetty.host" default="0.0.0.0" />:<Call class="org.forgerock.openidm.jetty.Param" name="getProperty">
</Call>
</Set>
<!--Call class="org.forgerock.openidm.jetty.DisableOpenIDMAuth"
name="add">
<Arg>
<Ref refid="MutualAuthPort"/>
</Arg>
</Call-->
</New>
</Arg>
</Call>
</Configure>