Polish

spring-boot-docs/src/main/asciidoc/howto.adoc

@@ -387,6 +387,8 @@ and then inject the actual (``local'') port as a `@Value`. For example:
 	}
 ----
 
+
+
 [[howto-configure-ssl]]
 === Configure SSL
 SSL can be configured declaratively by setting the various `server.ssl.*` properties,

spring-boot-samples/spring-boot-sample-tomcat-ssl/src/main/java/sample/tomcat/SampleTomcatSslApplication.java

@@ -31,4 +31,5 @@ public class SampleTomcatSslApplication {
 	public static void main(String[] args) throws Exception {
 		SpringApplication.run(SampleTomcatSslApplication.class, args);
 	}
+
 }

spring-boot/src/main/java/org/springframework/boot/context/embedded/AbstractConfigurableEmbeddedServletContainer.java

@@ -244,11 +244,6 @@ public abstract class AbstractConfigurableEmbeddedServletContainer implements
 		return this.registerDefaultServlet;
 	}
 
-	@Override
-	public void setJspServletClassName(String jspServletClassName) {
-		this.jspServletClassName = jspServletClassName;
-	}
-
 	@Override
 	public void setSsl(Ssl ssl) {
 		this.ssl = ssl;
@@ -258,6 +253,11 @@ public abstract class AbstractConfigurableEmbeddedServletContainer implements
 		return this.ssl;
 	}
 
+	@Override
+	public void setJspServletClassName(String jspServletClassName) {
+		this.jspServletClassName = jspServletClassName;
+	}
+
 	/**
 	 * @return the JSP servlet class name
 	 */

spring-boot/src/main/java/org/springframework/boot/context/embedded/jetty/JettyEmbeddedServletContainerFactory.java

@@ -19,6 +19,7 @@ package org.springframework.boot.context.embedded.jetty;
 import java.io.File;
 import java.io.IOException;
 import java.net.InetSocketAddress;
+import java.net.URL;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -115,7 +116,7 @@ AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware {
 
 		if (getSsl() != null) {
 			SslContextFactory sslContextFactory = new SslContextFactory();
-			configureSslContextFactory(sslContextFactory, getSsl());
+			configureSsl(sslContextFactory, getSsl());
 
 			SslSocketConnector sslConnector = new SslSocketConnector(sslContextFactory);
 			sslConnector.setPort(port);
@@ -129,47 +130,65 @@ AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware {
 		return getJettyEmbeddedServletContainer(server);
 	}
 
-	protected void configureSslContextFactory(SslContextFactory sslContextFactory, Ssl ssl) {
+	/**
-		sslContextFactory.setProtocol(ssl.getProtocol());
+	 * Configure the SSL connection.
+	 * @param factory the Jetty {@link SslContextFactory}.
+	 * @param ssl the ssl details.
+	 */
+	protected void configureSsl(SslContextFactory factory, Ssl ssl) {
+		factory.setProtocol(ssl.getProtocol());
+		configureSslClientAuth(factory, ssl);
+		configureSslPasswords(factory, ssl);
+		factory.setCertAlias(ssl.getKeyAlias());
+		configureSslKeyStore(factory, ssl);
+		if (ssl.getCiphers() != null) {
+			factory.setIncludeCipherSuites(ssl.getCiphers());
+		}
+		configureSslTrustStore(factory, ssl);
+	}
+
+	private void configureSslClientAuth(SslContextFactory factory, Ssl ssl) {
 		if (ssl.getClientAuth() == ClientAuth.NEED) {
-			sslContextFactory.setNeedClientAuth(true);
+			factory.setNeedClientAuth(true);
-			sslContextFactory.setWantClientAuth(true);
+			factory.setWantClientAuth(true);
 		}
 		else if (ssl.getClientAuth() == ClientAuth.WANT) {
-			sslContextFactory.setWantClientAuth(true);
+			factory.setWantClientAuth(true);
 		}
+	}
+
+	private void configureSslPasswords(SslContextFactory factory, Ssl ssl) {
 		if (ssl.getKeyStorePassword() != null) {
-			sslContextFactory.setKeyStorePassword(ssl.getKeyStorePassword());
+			factory.setKeyStorePassword(ssl.getKeyStorePassword());
 		}
 		if (ssl.getKeyPassword() != null) {
-			sslContextFactory.setKeyManagerPassword(ssl.getKeyPassword());
+			factory.setKeyManagerPassword(ssl.getKeyPassword());
 		}
-		sslContextFactory.setCertAlias(ssl.getKeyAlias());
+	}
+
+	private void configureSslKeyStore(SslContextFactory factory, Ssl ssl) {
 		try {
-			sslContextFactory.setKeyStoreResource(Resource.newResource(ResourceUtils
+			URL url = ResourceUtils.getURL(ssl.getKeyStore());
-					.getURL(ssl.getKeyStore())));
+			factory.setKeyStoreResource(Resource.newResource(url));
 		}
-		catch (IOException e) {
+		catch (IOException ex) {
 			throw new EmbeddedServletContainerException("Could not find key store '"
-					+ ssl.getKeyStore() + "'", e);
+					+ ssl.getKeyStore() + "'", ex);
-		}
+		}
-
-		if (ssl.getCiphers() != null) {
-			sslContextFactory.setIncludeCipherSuites(ssl.getCiphers());
 	}
 
+	private void configureSslTrustStore(SslContextFactory factory, Ssl ssl) {
 		if (ssl.getTrustStorePassword() != null) {
-			sslContextFactory.setTrustStorePassword(ssl.getTrustStorePassword());
+			factory.setTrustStorePassword(ssl.getTrustStorePassword());
 		}
-
 		if (ssl.getTrustStore() != null) {
 			try {
-				sslContextFactory.setTrustStoreResource(Resource
+				URL url = ResourceUtils.getURL(ssl.getTrustStore());
-						.newResource(ResourceUtils.getURL(ssl.getTrustStore())));
+				factory.setTrustStoreResource(Resource.newResource(url));
 			}
-			catch (IOException e) {
+			catch (IOException ex) {
 				throw new EmbeddedServletContainerException(
-						"Could not find trust store '" + ssl.getTrustStore() + "'", e);
+						"Could not find trust store '" + ssl.getTrustStore() + "'", ex);
 			}
 		}
 	}
@@ -211,8 +230,8 @@ AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware {
 		if (root != null) {
 			try {
 				if (!root.isDirectory()) {
-					handler.setBaseResource(Resource.newResource("jar:" + root.toURI()
+					Resource resource = Resource.newResource("jar:" + root.toURI() + "!");
-							+ "!"));
+					handler.setBaseResource(resource);
 				}
 				else {
 					handler.setBaseResource(Resource.newResource(root));

spring-boot/src/main/java/org/springframework/boot/context/embedded/tomcat/TomcatEmbeddedServletContainerFactory.java

@@ -238,60 +238,71 @@ AbstractEmbeddedServletContainerFactory implements ResourceLoaderAware {
 		connector.setProperty("bindOnInit", "false");
 
 		if (getSsl() != null) {
-			if (connector.getProtocolHandler() instanceof AbstractHttp11JsseProtocol) {
+			Assert.state(
-				AbstractHttp11JsseProtocol jsseProtocol = (AbstractHttp11JsseProtocol) connector
+					connector.getProtocolHandler() instanceof AbstractHttp11JsseProtocol,
-						.getProtocolHandler();
+					"To use SSL, the connector's protocol handler must be an "
-				configureJsseProtocol(jsseProtocol, getSsl());
+							+ "AbstractHttp11JsseProtocol subclass");
+			configureSsl((AbstractHttp11JsseProtocol) connector.getProtocolHandler(),
+					getSsl());
 			connector.setScheme("https");
 			connector.setSecure(true);
 		}
-			else {
-				throw new IllegalStateException(
-						"To use SSL, the connector's protocol handler must be an AbstractHttp11JsseProtocol subclass");
-			}
-		}
 
 		for (TomcatConnectorCustomizer customizer : this.tomcatConnectorCustomizers) {
 			customizer.customize(connector);
 		}
 	}
 
-	protected void configureJsseProtocol(AbstractHttp11JsseProtocol jsseProtocol, Ssl ssl) {
+	/**
-		jsseProtocol.setSSLEnabled(true);
+	 * Configure Tomcat's {@link AbstractHttp11JsseProtocol} for SSL.
-		jsseProtocol.setSslProtocol(ssl.getProtocol());
+	 * @param protocol the protocol
+	 * @param ssl the ssl details
+	 */
+	protected void configureSsl(AbstractHttp11JsseProtocol protocol, Ssl ssl) {
+		protocol.setSSLEnabled(true);
+		protocol.setSslProtocol(ssl.getProtocol());
+		configureSslClientAuth(protocol, ssl);
+		protocol.setKeystorePass(ssl.getKeyStorePassword());
+		protocol.setKeyPass(ssl.getKeyPassword());
+		protocol.setKeyAlias(ssl.getKeyAlias());
+		configureSslKeyStore(protocol, ssl);
+		String ciphers = StringUtils.arrayToCommaDelimitedString(ssl.getCiphers());
+		protocol.setCiphers(ciphers);
+		configureSslTrustStore(protocol, ssl);
+	}
+
+	private void configureSslClientAuth(AbstractHttp11JsseProtocol protocol, Ssl ssl) {
 		if (ssl.getClientAuth() == ClientAuth.NEED) {
-			jsseProtocol.setClientAuth(Boolean.TRUE.toString());
+			protocol.setClientAuth(Boolean.TRUE.toString());
 		}
 		else if (ssl.getClientAuth() == ClientAuth.WANT) {
-			jsseProtocol.setClientAuth("want");
+			protocol.setClientAuth("want");
 		}
-		jsseProtocol.setKeystorePass(ssl.getKeyStorePassword());
+	}
-		jsseProtocol.setKeyPass(ssl.getKeyPassword());
+
-		jsseProtocol.setKeyAlias(ssl.getKeyAlias());
+	private void configureSslKeyStore(AbstractHttp11JsseProtocol protocol, Ssl ssl) {
 		try {
-			jsseProtocol.setKeystoreFile(ResourceUtils.getFile(ssl.getKeyStore())
+			File file = ResourceUtils.getFile(ssl.getKeyStore());
-					.getAbsolutePath());
+			protocol.setKeystoreFile(file.getAbsolutePath());
 		}
-		catch (FileNotFoundException e) {
+		catch (FileNotFoundException ex) {
 			throw new EmbeddedServletContainerException("Could not find key store "
-					+ ssl.getKeyStore(), e);
+					+ ssl.getKeyStore(), ex);
+		}
 	}
 
-		jsseProtocol
+	private void configureSslTrustStore(AbstractHttp11JsseProtocol protocol, Ssl ssl) {
-				.setCiphers(StringUtils.arrayToCommaDelimitedString(ssl.getCiphers()));
-
 		if (ssl.getTrustStore() != null) {
 			try {
-				jsseProtocol.setTruststoreFile(ResourceUtils.getFile(ssl.getTrustStore())
+				File file = ResourceUtils.getFile(ssl.getTrustStore());
-						.getAbsolutePath());
+				protocol.setTruststoreFile(file.getAbsolutePath());
 			}
-			catch (FileNotFoundException e) {
+			catch (FileNotFoundException ex) {
 				throw new EmbeddedServletContainerException("Could not find trust store "
-						+ ssl.getTrustStore(), e);
+						+ ssl.getTrustStore(), ex);
 			}
 		}
-
+		protocol.setTruststorePass(ssl.getTrustStorePassword());
-		jsseProtocol.setTruststorePass(ssl.getTrustStorePassword());
 	}
 
 	/**