JettyServletWebserverFactory sets up SSL connector by creating an SslServerCustomizer. This customizer's 'customize' method encapsulates the SslContextFactory instance. So we do not have access to this instance to reload the SSL certificates using the Jetty 'hot reload' (https://github.com/eclipse/jetty.project/issues/918) It is also not easy to use this SslServerCustomizer to create another HTTPS connector. For example, we are setting up two HTTPS endpoints - one with 1-way SSL and the other with 2-way SSL. This requires code duplication today.
Comment From: wilkinsona
SslServerCustomizer is package-private and is intended for internal use only. Rather than trying to use it, I would recommend using Jetty's API's directly. For example, you can get from a Jetty Server to the SslContextFactory of each HTTPS-capable connector with code like this:
for (Connector connector : server.getConnectors()) {
if (connector instanceof AbstractConnector) {
for (ConnectionFactory connectionFactory : ((AbstractConnector) connector)
.getConnectionFactories()) {
if (connectionFactory instanceof SslConnectionFactory) {
SslContextFactory sslContextFactory = ((SslConnectionFactory) connectionFactory)
.getSslContextFactory();
try {
sslContextFactory.reload((factory) -> {
// Reconfigure SSL
});
}
catch (Exception ex) {
throw new RuntimeException(ex);
}
}
}
}
}
In Spring Boot, you can access an instance of the Server in a few ways. One way is via a JettyServerCustomizer bean, another is via WebServerApplicationContext.getWebServer() and ((JettyWebServer)webServer).getServer().
Alternatively, if you are already programmatically configuring the second HTTPS-capable connector, you may want to configure the first programmatically as well. This would allow you to create the SslContextFactory and hold a reference to it, rather than having to retrieve it from the Connector that Boot has created for you.