Add support for `server.ssl.enabled` property

Fixes gh-2241

Add support for `server.ssl.enabled` property
Fixes gh-2241
4ad5c52d · Phillip Webb · f9c3baed · 4ad5c52d · 4ad5c52d · 4ad5c52d
Commit 4ad5c52d authored Jan 07, 2015 by Phillip Webb
6 changed files
--- a/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
+++ b/spring-boot-docs/src/main/asciidoc/appendix-application-properties.adoc
@@ -58,6 +58,7 @@ content into your application; rather pick only the properties that you need.
 	server.context-parameters.*= # Servlet context init parameters, e.g. server.context-parameters.a=alpha
 	server.context-path= # the context path, defaults to '/'
 	server.servlet-path= # the servlet path, defaults to '/'
+	server.ssl.enabled=true # if SSL support is enabled
 	server.ssl.client-auth= # want or need
 	server.ssl.key-alias=
 	server.ssl.ciphers= # supported SSL ciphers

--- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/Ssl.java
+++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/Ssl.java
 /*
- * Copyright 2012-2014 the original author or authors.
+ * Copyright 2012-2015 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -25,6 +25,11 @@ package org.springframework.boot.context.embedded;
 */
 public class Ssl {

+	/**
+	 * If SSL support is enabled.
+	 */
+	private boolean enabled = true;
+
 	/**
 	 * Whether client authentication is wanted ("want") or needed ("need"). Requires a
 	 * trust store.
@@ -91,6 +96,14 @@ public class Ssl {
 	 */
 	private String protocol = "TLS";

+	public boolean isEnabled() {
+		return this.enabled;
+	}
+
+	public void setEnabled(boolean enabled) {
+		this.enabled = enabled;
+	}
+
 	public ClientAuth getClientAuth() {
 		return this.clientAuth;
 	}

--- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java
+++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java
 /*
- * Copyright 2012-2014 the original author or authors.
+ * Copyright 2012-2015 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -121,7 +121,7 @@ public class JettyEmbeddedServletContainerFactory extends
 		configureWebAppContext(context, initializers);
 		server.setHandler(context);
 		this.logger.info("Server initialized with port: " + port);
-		if (getSsl() != null) {
+		if (getSsl() != null && getSsl().isEnabled()) {
 			SslContextFactory sslContextFactory = new SslContextFactory();
 			configureSsl(sslContextFactory, getSsl());
 			AbstractConnector connector = getSslServerConnectorFactory().getConnector(

--- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java
+++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java
 /*
- * Copyright 2012-2014 the original author or authors.
+ * Copyright 2012-2015 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -240,7 +240,7 @@ public class TomcatEmbeddedServletContainerFactory extends
 		// prematurely...
 		connector.setProperty("bindOnInit", "false");

-		if (getSsl() != null) {
+		if (getSsl() != null && getSsl().isEnabled()) {
 			Assert.state(
 					connector.getProtocolHandler() instanceof AbstractHttp11JsseProtocol,
 					"To use SSL, the connector's protocol handler must be an "

--- a/spring-boot/src/main/java/org/springframework/boot/context/embedded/undertow/UndertowEmbeddedServletContainerFactory.java
+++ b/spring-boot/src/main/java/org/springframework/boot/context/embedded/undertow/UndertowEmbeddedServletContainerFactory.java
 /*
- * Copyright 2012-2014 the original author or authors.
+ * Copyright 2012-2015 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -229,11 +229,11 @@ public class UndertowEmbeddedServletContainerFactory extends
 		if (this.directBuffers != null) {
 			builder.setDirectBuffers(this.directBuffers);
 		}
-		if (getSsl() == null) {
-			builder.addHttpListener(port, getListenAddress());
+		if (getSsl() != null && getSsl().isEnabled()) {
+			configureSsl(getSsl(), port, builder);
 		}
 		else {
-			configureSsl(port, builder);
+			builder.addHttpListener(port, getListenAddress());
 		}
 		for (UndertowBuilderCustomizer customizer : this.builderCustomizers) {
 			customizer.customize(builder);
@@ -241,9 +241,8 @@ public class UndertowEmbeddedServletContainerFactory extends
 		return builder;
 	}

-	private void configureSsl(int port, Builder builder) {
+	private void configureSsl(Ssl ssl, int port, Builder builder) {
 		try {
-			Ssl ssl = getSsl();
 			SSLContext sslContext = SSLContext.getInstance(ssl.getProtocol());
 			sslContext.init(getKeyManagers(), getTrustManagers(), null);
 			builder.addHttpsListener(port, getListenAddress(), sslContext);

--- a/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java
+++ b/spring-boot/src/test/java/org/springframework/boot/context/embedded/AbstractEmbeddedServletContainerFactoryTests.java
 /*
- * Copyright 2012-2014 the original author or authors.
+ * Copyright 2012-2015 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -28,6 +28,7 @@ import java.util.Arrays;
 import java.util.Date;
 import java.util.concurrent.TimeUnit;

+import javax.net.ssl.SSLException;
 import javax.servlet.GenericServlet;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
@@ -314,6 +315,26 @@ public abstract class AbstractEmbeddedServletContainerFactoryTests {
 		testBasicSslWithKeyStore("src/test/resources/test.jks");
 	}

+	@Test
+	public void sslDisabled() throws Exception {
+		AbstractEmbeddedServletContainerFactory factory = getFactory();
+		Ssl ssl = getSsl(null, "password", "src/test/resources/test.jks");
+		ssl.setEnabled(false);
+		factory.setSsl(ssl);
+		this.container = factory.getEmbeddedServletContainer(new ServletRegistrationBean(
+				new ExampleServlet(true), "/hello"));
+		this.container.start();
+		SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(
+				new SSLContextBuilder().loadTrustMaterial(null,
+						new TrustSelfSignedStrategy()).build());
+		HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory)
+				.build();
+		HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(
+				httpClient);
+		this.thrown.expect(SSLException.class);
+		getResponse(getLocalUrl("https", "/hello"), requestFactory);
+	}
+
 	@Test
 	public void sslGetScheme() throws Exception { // gh-2232
 		AbstractEmbeddedServletContainerFactory factory = getFactory();