From 0a420826715d7f93d219e8abd55e10330b5dea2e Mon Sep 17 00:00:00 2001 From: Andy Wilkinson Date: Tue, 18 Feb 2025 10:03:03 +0000 Subject: [PATCH] Fail fast when trying to use SNI with reactive Jetty Previously only a servlet-based Jetty server would fail fast when trying to use SNI with Jetty. A reactive Jetty server just ignored the configuration. This commit aligns the behavior of the two by making the reactive server fail fast as well. Closes gh-44316 --- .../jetty/JettyReactiveWebServerFactory.java | 3 ++- .../JettyReactiveWebServerFactoryTests.java | 19 ++++++++++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/jetty/JettyReactiveWebServerFactory.java b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/jetty/JettyReactiveWebServerFactory.java index aad002cfcd3..85816a4b41c 100644 --- a/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/jetty/JettyReactiveWebServerFactory.java +++ b/spring-boot-project/spring-boot/src/main/java/org/springframework/boot/web/embedded/jetty/JettyReactiveWebServerFactory.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2024 the original author or authors. + * Copyright 2012-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -249,6 +249,7 @@ public class JettyReactiveWebServerFactory extends AbstractReactiveWebServerFact } private void customizeSsl(Server server, InetSocketAddress address) { + Assert.state(getSsl().getServerNameBundles().isEmpty(), "Server name SSL bundles are not supported with Jetty"); new SslServerCustomizer(getHttp2(), address, getSsl().getClientAuth(), getSslBundle()).customize(server); } diff --git a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/jetty/JettyReactiveWebServerFactoryTests.java b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/jetty/JettyReactiveWebServerFactoryTests.java index 336ed38ab01..0b8992d47a8 100644 --- a/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/jetty/JettyReactiveWebServerFactoryTests.java +++ b/spring-boot-project/spring-boot/src/test/java/org/springframework/boot/web/embedded/jetty/JettyReactiveWebServerFactoryTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2012-2023 the original author or authors. + * Copyright 2012-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,6 +20,7 @@ import java.net.ConnectException; import java.net.InetAddress; import java.time.Duration; import java.util.Arrays; +import java.util.List; import org.awaitility.Awaitility; import org.eclipse.jetty.server.ConnectionLimit; @@ -33,11 +34,14 @@ import org.mockito.InOrder; import org.springframework.boot.web.reactive.server.AbstractReactiveWebServerFactory; import org.springframework.boot.web.reactive.server.AbstractReactiveWebServerFactoryTests; import org.springframework.boot.web.server.Shutdown; +import org.springframework.boot.web.server.Ssl; +import org.springframework.boot.web.server.Ssl.ServerNameSslBundle; import org.springframework.http.server.reactive.HttpHandler; import org.springframework.web.reactive.function.client.WebClient; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException; +import static org.assertj.core.api.Assertions.assertThatIllegalStateException; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.inOrder; import static org.mockito.Mockito.mock; @@ -146,6 +150,19 @@ class JettyReactiveWebServerFactoryTests extends AbstractReactiveWebServerFactor assertThat(connectionLimit.getMaxConnections()).isOne(); } + @Test + void sslServerNameBundlesConfigurationThrowsException() { + Ssl ssl = new Ssl(); + ssl.setBundle("test"); + List bundles = List.of(new ServerNameSslBundle("first", "test1"), + new ServerNameSslBundle("second", "test2")); + ssl.setServerNameBundles(bundles); + JettyReactiveWebServerFactory factory = getFactory(); + factory.setSsl(ssl); + assertThatIllegalStateException().isThrownBy(() -> this.webServer = factory.getWebServer(new EchoHandler())) + .withMessageContaining("Server name SSL bundles are not supported with Jetty"); + } + @Override protected String startedLogMessage() { return ((JettyWebServer) this.webServer).getStartedLogMessage();