devd February 2016

How to start jetty on port 80 as root from embedded jetty?

I am trying to start the https port 443 as root then downgrade to non-root user using embedded jetty. I gone through the https://www.eclipse.org/jetty/documentation/current/setting-port80-access.html#configuring-jetty-setuid-feature but didn't get any solution how to do it from java program.

This is the embedded jetty code :

package com.jetty.startup;

import java.io.File;

import java.util.ArrayList;
import java.util.List;

import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.handler.ContextHandlerCollection;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.webapp.WebAppContext;

import org.eclipse.jetty.annotations.ServletContainerInitializersStarter;
import org.eclipse.jetty.apache.jsp.JettyJasperInitializer;
import org.eclipse.jetty.plus.annotation.ContainerInitializer;

import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;

import org.apache.log4j.Logger;

import org.eclipse.jetty.setuid.*;

/**
 * Handles Webapp server's serviice
 * 
 * 
 */
class MyServer {
   private static Logger logger = Logger.getLogger(MyServer.class);

   private static Server server;
   private String jettyHome;

   /**
    * Creates an instance of {@link MyServer}
    * 
    * @param jettyHome
    *            jetty home path
    */
    public MyServer(String jettyHome) {
       this.jettyHome = jettyHome;
    }

    /**
     * Initializes Webapp server:
     * 
     */
    public Server init() throws Exception {
      server = new Server();

      int httpsPort = 443;

      Stri        

Answers


Joakim Erdfelt February 2016

This is ultimately a OS permissions issue, and you'll need a way to work around that.

This means any solution you come up with will also be OS specific

One example is to use the jetty-setuid-java artifact, and appropriate jetty-setuid-native library to accomplish this.

Make sure you fully understand how setuid functions on your desired OS before starting this effort

As for enabling the jetty setuid specific pieces, you can either use the XmlConfiguration to inject the appropriate lifecycle listener into your Server, or you can do it entirely in code.

See the Jetty Distribution's etc/jetty-setuid.xml for help.

<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN"
           "http://www.eclipse.org/jetty/configure_9_3.dtd">

<!-- ================================================================ -->
<!-- Configure the Jetty SetUIDListener                                -->
<!-- ================================================================ -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">

  <Call name="addLifeCycleListener">
    <Arg>
      <New class="org.eclipse.jetty.setuid.SetUIDL 

Post Status

Asked in February 2016
Viewed 2,824 times
Voted 14
Answered 1 times

Search




Leave an answer