How do I configure jetty to listen on multiple ports for ssl connections: one with mutualAuth, one without

Question

I'm fairly new to jetty, but I've dug through a lot of pages trying to find the answer to this one.

I'd like to have a single jetty instance running a single webapp. I need it to listen for SSL connections on two ports one that uses mutual ssl, and one that uses normal ssl (I'll be using a different auth method with that one).

The closest I found to an answer was this - but it is concerned with regular old http connections - and I think it may be out of date given its age.

I'm pretty sure this will involve tweaks to jetty-ssl.xml, jetty-ssl-context.xml, and jetty-https.xml . . . but have not been able to put the puzzle pieces together that is both plausible, and doesn't result in a stack trace (let alone doing what I want).

My best guess is that I need to create a second context factory that requires mutual auth (similar to the existing sslContextFactory), and then add another call to addIfAbsentConnectionFactory to wire it in. But while I seem to have the ability to restrict a context factory to require mutual auth - and don't see how I tie the context factories to operate on the separate ports.

Answer 1

I think I've figured it out - hopefully this will save someone else a lot of frustration. Here is what I did:

• Create a second context factory to require mutual auth. It did seem that I needed to do this in a separate file from the first one (jetty-ssl-context.xml) or jetty would complain, so I created jetty-ssl-context-mtls.xml and added a reference to the new file in the https.mod file.
• Create a second connector to point to the second port (jetty-ssl.xml).
• Configure the second connector to use the second context factory. Similarly to what I did with ssl-context, I needed to do this in a separate file from the first one (jetty-https.xml) or jetty would complain, so I created jetty-https-mtls.xml and added a reference to the new file in the https.mod file.