For a recent project I had to enable SSL communication for the Maven Jetty plugin. So when we run mvn jetty:run
we must be able to use the https
protocol. After browsing several mailing list I found the answer. For development we can create our own security certificate and configure the plugin to use it.
To create the development certificate we run the following command:
$ keytool -genkey -alias jetty6 -keyalg RSA -keystore target/jetty-ssl.keystore -storepass jetty6 -keypass jetty6 -dname "CN=your name or domain"
Fill in your name or domain for the -dname "CN="
option. We need the keystore and key password again when we configure the plugin in the Maven POM. The following code fragment shows how the Jetty plugin supports SSL:
<plugin> <groupId>org.mortbay.jetty</groupId> <artifactId>maven-jetty-plugin</artifactId> <configuration> <contextPath>/context</contextPath> <scanIntervalSeconds>5</scanIntervalSeconds> <connectors> <connector implementation="org.mortbay.jetty.nio.SelectChannelConnector"> <port>8080</port> <maxIdleTime>60000</maxIdleTime> </connector> <connector implementation="org.mortbay.jetty.security.SslSocketConnector"> <port>8443</port> <maxIdleTime>60000</maxIdleTime> <keystore>${project.build.directory}/jetty-ssl.keystore</keystore> <password>jetty6</password> <keyPassword>jetty6</keyPassword> </connector> </connectors> </configuration> </plugin>
In the connectors
element we have defined connectors for http
listening on port 8080, and for https
listening on port 8443. At line 14 we reference the keystore file we have created with keytool
. Lines 15, 16 define the password value.
To test this configuration we can invoke mvn jetty:run
and open a web browser with address https://localhost:8443/context. We must not forget to use https
for the protocol.
We generated the keystore by using the keytool
command from the Java Development Kit. But there is a Maven plugin that does the same thing, but we can define all arguments for keytool
in our POM. When we run mvn keytool:genkey
the keystore is generated and with mvn keytool:clean
we can remove the keystore again. If we want to attach the creation of the keystore to the Maven generate-resources phase we must first make sure we invoke keytool:clean
otherwise we get an error from keytool
that the specified alias already exists. So we can add the following to our POM:
<plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>keytool-maven-plugin</artifactId> <executions> <execution> <phase>generate-resources</phase> <id>clean</id> <goals> <goal>clean</goal> </goals> </execution> <execution> <phase>generate-resources</phase> <id>genkey</id> <goals> <goal>genkey</goal> </goals> </execution> </executions> <configuration> <keystore>${project.build.directory}/jetty-ssl.keystore</keystore> <dname>cn=www.mrhaki.com</dname> <keypass>jetty6</keypass> <storepass>jetty6</storepass> <alias>jetty6</alias> <keyalg>RSA</keyalg> </configuration> </plugin>
Now we can invoke mvn jetty:run
and the keystore is automatically generated and used by the Jetty plugin.