534 words — 3 minutes read

Create an instant SSL setup using Maven with Cargo and Keytool plugins

In my last post I showed you how to setup a basic execution environment based on Maven and Cargo with a Tomcat 8.x application server; I recommend to read that post if you need an introduction. This article will extend the previous configuration in a way that you can run your web application with a self-signed certificate using the HTTPS protocol in a development / test environment - production of course needs a “real” certificate. Some products or features you need to integrate with your application might require the use of the HTTPS protocol or otherwise will refuse to work for security reasons.

Make use of the Keytool Maven Plugin

One of the key advantages of the approach shown here is that there is no need messing around with command line tools to create fake certificates and manipulate your current Java installation with them. It’s enough to just run Cargo with the Keytool configuration, everything regarding certificates will be handled automatically!

To reach this goal, we integrate the Keytool Maven Plugin with the Maven configuration / pom.xml of our webapp.

Sample Maven configuration with Keytool and Cargo plugins

I have added the needed configuration to the very basic pom.xml of a Magnolia webapp module:

  <?xml version="1.0" encoding="UTF-8"?>
    <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
        <modelVersion>4.0.0</modelVersion>
        <parent>
          <groupId>info.magnolia.project</groupId>
          <artifactId>magnolia-cargo-demo</artifactId>
          <version>1.0-SNAPSHOT</version>
          <relativePath>../pom.xml</relativePath>
        </parent>
        <artifactId>magnolia-cargo-demo-webapp</artifactId>
        <name>magnolia-cargo-demo: webapp</name>
        <packaging>war</packaging>
        <dependencies>
          <dependency>
            <groupId>info.magnolia</groupId>
            <artifactId>magnolia-empty-webapp</artifactId>
            <type>pom</type>
          </dependency>
          <dependency>
            <groupId>info.magnolia</groupId>
            <artifactId>magnolia-empty-webapp</artifactId>
            <type>war</type>
          </dependency>
        </dependencies>
        <build>
          <plugins>
            <plugin>
            <artifactId>maven-war-plugin</artifactId>
            <configuration>
              <!-- exclude jars copied "physically" from the webapp overlay - so we only get those resolved by Maven's dependency management -->
              <dependentWarExcludes>WEB-INF/lib/*.jar</dependentWarExcludes>
            </configuration>
          </plugin>

          <!-- Keytool Maven plugin configuration starts here -->

          <plugin>
            <groupId>org.codehaus.mojo</groupId>
            <artifactId>keytool-maven-plugin</artifactId>
            <version>1.5</version>
            <executions>
              <execution>
                <phase>generate-resources</phase>
                <id>clean</id>
                <goals>
                  <goal>clean</goal>
                </goals>
              </execution>
              <execution>
                <phase>generate-resources</phase>
                <id>genkey</id>
                <goals>
                  <goal>generateKeyPair</goal>
                </goals>
               </execution>
            </executions>
            <configuration>
              <keystore>${project.build.directory}/tomcat-ssl.keystore</keystore>
              <dname>cn=localhost</dname>
              <keypass>tomcat8</keypass>
              <storepass>tomcat8</storepass>
              <alias>tomcat8</alias>
              <keyalg>RSA</keyalg>
            </configuration>
          </plugin>
          <!-- end of Keytool Maven Plugin configuration -->

          <!-- Cargo with Tomcat 8 starts here -->
          <plugin>
            <groupId>org.codehaus.cargo</groupId>
            <artifactId>cargo-maven2-plugin</artifactId>
            <version>1.5.0</version>
            <configuration>
              <container>
                <!-- https://codehaus-cargo.github.io/cargo/Maven2+Plugin+Reference+Guide.html#Maven2PluginReferenceGuide-container -->
                <containerId>tomcat8x</containerId>
                <zipUrlInstaller>
                  <url>http://repo1.maven.org/maven2/org/apache/tomcat/tomcat/8.5.4/tomcat-8.5.4.zip</url>
                </zipUrlInstaller>
                <!-- Instead of downloading the container, you can also reuse an existing installation by settings its directory:
                <home>/Users/horsti/files/tomcats/apache-tomcat-8.5.4</home> -->
                <output>${project.build.directory}/tomcat8x/container.log</output>

                <!-- If true, then the file specified by <output> will not be erased across different runs -->
                <append>false</append>
                <!-- set this value if your web app is taking some time to start -->
                <timeout>360000</timeout>
              </container>
              <configuration>
                <type>standalone</type>
                <home>${project.build.directory}/tomcat8x</home>
                <properties>
                  <cargo.logging>high</cargo.logging>
                  <cargo.jvmargs>-XX:MaxPermSize=512m -Xms256m -Xmx3072m -Xdebug -Xnoagent -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -XX:+DisableExplicitGC -Xverify:none -Djava.awt.headless=true</cargo.jvmargs>
                  <!-- https configuration -->
                  <cargo.servlet.port>8443</cargo.servlet.port>
                  <cargo.protocol>https</cargo.protocol>
                  <cargo.tomcat.connector.keystoreFile>${project.build.directory}/tomcat-ssl.keystore</cargo.tomcat.connector.keystoreFile>
                  <cargo.tomcat.connector.keystorePass>tomcat8</cargo.tomcat.connector.keystorePass>
                  <cargo.tomcat.connector.keyAlias>tomcat8</cargo.tomcat.connector.keyAlias>
                  <cargo.tomcat.connector.clientAuth>false</cargo.tomcat.connector.clientAuth>
                  <cargo.tomcat.connector.sslProtocol>TLS</cargo.tomcat.connector.sslProtocol>
                  <cargo.tomcat.httpSecure>true</cargo.tomcat.httpSecure>
                </properties>
              </configuration>
              <deployables>
                <deployable>
                  <groupId>${project.groupId}</groupId>
                  <artifactId>${project.artifactId}</artifactId>
                  <type>war</type>
                  <properties>
                    <!-- set the context for your web app so the correct configuration is applied -->
                    <context>/devSecure</context>
                  </properties>
                </deployable>
              </deployables>
            </configuration>
          </plugin>
          <!-- end of Cargo Maven Plugin configuration -->
        </plugins>
      </build>
  </project>

Run the server from within your web application directory with

  mvn cargo:run

Remark: you might have to run mvn clean install before that.

Notes

  • Compared to the previous configuration, the port has been changed from 8080 to 8443 and the protocol has been changed to https.
  • The configuration to integrate the Keystore / SSL settings has been added to the Cargo plugin.
  • As in the previous configuration have a look at the context and timeout parameters.

Resources

Lars Fischer

IT. Aerophonist. Autor ohne Werk.