JettyBase10ForWindows

Owned by Rod Widdowson
Last updated: Nov 01, 2023
4 min read

The embedded Jetty that is installed by with Windows IdP installer requires a forked version of the standard 9.4 jetty-base.  This differs from the standard by the addition of four files and the modification of one.  Since the branch is not used in regular testing, part of the preparation for building the Windows installer is due diligence on this branch.

It is easiest to do this if you have the git repository cloned and updated

This project has no J2EE/jakarta dependencies and so works with both the 10.x.y and 11.x.y versions of jetty - subject to the version of logback deployed being pinned (see below)

Check Changes

First, we need to track any changes in the origin\11 branch. Cherry pick in any appropriate changes.

We need to track breaking changes in jetty.

A potential quick cut is to difference the jetty sources between the two tags

git diff jetty-10.0.9 jetty-10.0.10 jetty-deploy/src/main/config/etc/jetty-deploy.xml

and so forth.

Logback Version

Check the logback version in the top level pom for the jetty project and amend as appropriate

<logback.version>1.3.5</logback.version>

You must also override the version in start.d\idp-system.ini and in the jetty base pom

The Jetty 11 and Jetty 10 versions no longer interoperate so you need to make changes in the jetty11 and the jetty 10 branches. In practise this does not need to be revised unless there is a logback issue.

SLF4J Version

Check the slf4j version in the top level pom for the jetty project and amend as appropriate

<slf4j.version>2.0.5</slf4j.version>

You should also override the version in start.d\idp-system.ini This is defensive against Jetty 10 and Jetty 11 versions drifting apart

The change must be made in the pom as well as the start.d\idp-system.ini

start.d/idp.ini

Any changes to this file may need to be reflected in changes to the file idp.ini.rewrite.property.names and/or idp.ini.windows and/or idp-system.windows

  • Properties new to idp.ini that occur in idp.ini.rewrite.property.names should be added to idp-system.ini if they are required

  • Properties name changes must be added to idp.ini.rewrite.property.names.  Note that the name changes are cumulative

  • Properties new to idp.ini that do not occur in idp.ini.rewrite.property.names should be added to idp.ini.windows if they are required.  Add them below the "don't change these values" lines.

start.d/idp.ini.rewrite.property.names

The target property names (values) starting with jetty. should be checked against the distribution xml files to ensure that they are still valid.  

start.d/idp-system.ini

This is reserved to you to change as requirements change,

etc/jetty-ssl-context.xml 

The is the most complex change and potentially the most fragile.  In general if this file has not changed since the last release (folder jetty-server\src\main\config\etc and the file jetty-util\src\main\java\org\eclipse\jetty\util\ssl\SslContextFactory.java  has not changed either then no changes are needed. 

The explicit changes are:

--- a/jetty-server/src/main/config/etc/jetty-ssl-context.xml +++ b/jetty-server/src/main/config/etc/jetty-ssl-context.xml @@ -5,25 +5,10 @@ <Arg> <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server"> <Set name="Provider" property="jetty.sslContext.provider" /> - <Set name="KeyStorePath"> - <Call name="resolvePath" class="org.eclipse.jetty.xml.XmlConfiguration"> - <Arg><Property name="jetty.base"/></Arg> - <Arg><Property name="jetty.sslContext.keyStorePath" deprecated="jetty.sslContext.keyStoreAbsolutePath,jetty.keystore" default="etc/keystore.p12" /></Arg> - </Call> - </Set> + <Set name="KeyStorePath"><Property name="jetty.sslContext.keyStorePath" deprecated="jetty.sslContext.keyStoreAbsolutePath,jetty.keystore" default="etc/keystore.p12" /></Set> <Set name="KeyStorePassword"><Property name="jetty.sslContext.keyStorePassword" /></Set> <Set name="KeyStoreType" property="jetty.sslContext.keyStoreType" /> <Set name="KeyStoreProvider" property="jetty.sslContext.keyStoreProvider" /> - <Set name="KeyManagerPassword"><Property name="jetty.sslContext.keyManagerPassword" /></Set> - <Set name="TrustStorePath"> - <Call name="resolvePath" class="org.eclipse.jetty.xml.XmlConfiguration"> - <Arg><Property name="jetty.base"/></Arg> - <Arg><Property name="jetty.sslContext.trustStorePath" deprecated="jetty.sslContext.trustStoreAbsolutePath,jetty.truststore" /></Arg> - </Call> - </Set> - <Set name="TrustStorePassword" property="jetty.sslContext.trustStorePassword" /> - <Set name="TrustStoreType" property="jetty.sslContext.trustStoreType" /> - <Set name="TrustStoreProvider" property="jetty.sslContext.trustStoreProvider" /> <Set name="EndpointIdentificationAlgorithm" property="jetty.sslContext.endpointIdentificationAlgorithm" /> <Set name="NeedClientAuth" property="jetty.sslContext.needClientAuth" /> <Set name="WantClientAuth" property="jetty.sslContext.wantClientAuth" />


Deconstructed this change is

  • Remove the prefixing of KeyStorePath with ${Jetty.base},this  allows absolute paths to be used.  Procrun is setup to allow relative paths to use this shortcut.

  • Remove the explicit setting of 5 bean properties, allowing the Java defaults to take over..  These can be checked in jetty-util\src\main\java\org\eclipse\jetty\util\ssl\SslContextFactory.java

    • KeyManagerPassword This is used in getKeyManagers().  Having it not set  means it defaults to the KeyStorePassword

    • TrustStore reading the loadTrustStore will show that if these three properties are not set then the keystore is used.

etc\jetty-requestlog.xml

This should track the version checked into the 10 branch

  • Java files to look are

    • jetty-server\src\main\java\org\eclipse\jetty\server\Slf4jRequestLogWriter.java

    • jetty-server\src\main\java\org\eclipse\jetty\server\CustomRequestLog.java

Build & Release