import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
+import javax.servlet.http.HttpServletResponse;
import org.cacert.gigi.api.GigiAPI;
import org.cacert.gigi.email.EmailProvider;
import org.cacert.gigi.natives.SetUID;
import org.cacert.gigi.util.CipherInfo;
import org.cacert.gigi.util.ServerConstants;
+import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.http.HttpVersion;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.util.log.Log;
+import org.eclipse.jetty.util.resource.Resource;
import org.eclipse.jetty.util.ssl.SslContextFactory;
public class Launcher {
secureContextFactory.setNeedClientAuth(false);
final SslContextFactory staticContextFactory = generateSSLContextFactory(conf, "static");
final SslContextFactory apiContextFactory = generateSSLContextFactory(conf, "api");
+ apiContextFactory.setWantClientAuth(true);
try {
secureContextFactory.start();
staticContextFactory.start();
}
private static ContextHandler generateGigiServletContext(ServletHolder webAppServlet) {
- final ResourceHandler rh = new ResourceHandler();
+ final ResourceHandler rh = generateResourceHandler();
rh.setResourceBase("static/www");
HandlerWrapper hw = new PolicyRedirector();
servlet.addServlet(webAppServlet, "/*");
ErrorPageErrorHandler epeh = new ErrorPageErrorHandler();
epeh.addErrorPage(404, "/error");
+ epeh.addErrorPage(403, "/denied");
servlet.setErrorHandler(epeh);
HandlerList hl = new HandlerList();
}
private static Handler generateStaticContext() {
- final ResourceHandler rh = new ResourceHandler();
+ final ResourceHandler rh = generateResourceHandler();
rh.setResourceBase("static/static");
ContextHandler ch = new ContextHandler();
return ch;
}
+ private static ResourceHandler generateResourceHandler() {
+ ResourceHandler rh = new ResourceHandler() {
+
+ @Override
+ protected void doResponseHeaders(HttpServletResponse response, Resource resource, String mimeType) {
+ super.doResponseHeaders(response, resource, mimeType);
+ response.setDateHeader(HttpHeader.EXPIRES.asString(), System.currentTimeMillis() + 1000L * 60 * 60 * 24 * 7);
+ }
+ };
+ rh.setEtags(true);
+ return rh;
+ }
+
private static Handler generateAPIContext() {
ServletContextHandler sch = new ServletContextHandler();