<%--
-
- Copyright (C) 2017-2026 Ignite Realtime Foundation. All rights reserved.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--%>
<%@ page contentType="text/html; charset=UTF-8" %>
<%@ page import="java.time.Duration" %>
<%@ page import="java.util.HashMap" %>
<%@ page import="java.util.Map" %>
<%@ page import="org.jivesoftware.openfire.XMPPServer" %>
<%@ page import="org.jivesoftware.openfire.session.ConnectionSettings" %>
<%@ page import="org.jivesoftware.openfire.spi.ConnectionConfiguration" %>
<%@ page import="org.jivesoftware.openfire.spi.ConnectionListener" %>
<%@ page import="org.jivesoftware.openfire.spi.ConnectionType" %>
<%@ page import="org.jivesoftware.openfire.ratelimit.NewConnectionLimiterRegistry" %>
<%@ page import="org.jivesoftware.util.CookieUtils" %>
<%@ page import="org.jivesoftware.util.ParamUtils" %>
<%@ page import="org.jivesoftware.util.StringUtils" %>
<%@ page import="org.jivesoftware.openfire.ConnectionManager" %>
<%@ page errorPage="error.jsp" %>
<%@ taglib uri="admin" prefix="admin" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>
<% webManager.init(request, response, session, application, out ); %>
<%
final ConnectionType connectionType = ConnectionType.SOCKET_C2S;
final ConnectionManager manager = XMPPServer.getInstance().getConnectionManager();
final ConnectionConfiguration plaintextConfiguration = manager.getListener( connectionType, false ).generateConnectionConfiguration();
final ConnectionConfiguration directtlsConfiguration = manager.getListener( connectionType, true ).generateConnectionConfiguration();
boolean update = request.getParameter( "update" ) != null;
final Map errors = new HashMap<>();
Cookie csrfCookie = CookieUtils.getCookie(request, "csrf");
String csrfParam = ParamUtils.getParameter(request, "csrf");
if (update) {
if (csrfCookie == null || csrfParam == null || !csrfCookie.getValue().equals(csrfParam)) {
update = false;
errors.put("csrf", "CSRF Failure!");
}
}
csrfParam = StringUtils.randomString(15);
CookieUtils.setCookie(request, response, "csrf", csrfParam, -1);
pageContext.setAttribute("csrf", csrfParam);
if ( update && errors.isEmpty() )
{
// New connection rate limiting.
final boolean c2sRateLimitEnabled = ParamUtils.getBooleanParameter(request, "ratelimit-enabled");
final String requestedPermits = ParamUtils.getParameter(request, "ratelimit-permits");
final String requestedMaxBurst = ParamUtils.getParameter(request, "ratelimit-max-burst");
String c2sRateLimitPermits = String.valueOf(NewConnectionLimiterRegistry.C2S_PERMITS_PER_SECOND.getValue());
String c2sRateLimitMaxBurst = String.valueOf(NewConnectionLimiterRegistry.C2S_MAX_BURST.getValue());
if (requestedPermits != null) {
c2sRateLimitPermits = requestedPermits.trim();
}
if (requestedMaxBurst != null) {
c2sRateLimitMaxBurst = requestedMaxBurst.trim();
}
int parsedPermits = 0;
int parsedMaxBurst = 0;
try {
parsedPermits = Integer.parseInt(c2sRateLimitPermits);
if (parsedPermits <= 0) {
errors.put("ratelimit-permits", "invalid");
}
} catch (final Exception e) {
errors.put("ratelimit-permits", "invalid");
}
try {
parsedMaxBurst = Integer.parseInt(c2sRateLimitMaxBurst);
if (parsedMaxBurst <= 0) {
errors.put("ratelimit-max-burst", "invalid");
}
} catch (final Exception e) {
errors.put("ratelimit-max-burst", "invalid");
}
if (errors.isEmpty()) {
// plaintext
final boolean plaintextEnabled = ParamUtils.getBooleanParameter( request, "plaintext-enabled" );
final int plaintextTcpPort = ParamUtils.getIntParameter( request, "plaintext-tcpPort", plaintextConfiguration.getPort() );
// Direct TLS
final boolean directtlsEnabled = ParamUtils.getBooleanParameter( request, "directtls-enabled" );
final int directtlsTcpPort = ParamUtils.getIntParameter( request, "directtls-tcpPort", directtlsConfiguration.getPort() );
// Apply
final ConnectionListener plaintextListener = manager.getListener( connectionType, false );
final ConnectionListener directtlsListener = manager.getListener( connectionType, true );
plaintextListener.enable( plaintextEnabled );
plaintextListener.setPort( plaintextTcpPort );
directtlsListener.enable( directtlsEnabled );
directtlsListener.setPort( directtlsTcpPort );
NewConnectionLimiterRegistry.C2S_PERMITS_PER_SECOND.setValue(parsedPermits);
NewConnectionLimiterRegistry.C2S_MAX_BURST.setValue(parsedMaxBurst);
NewConnectionLimiterRegistry.C2S_ENABLED.setValue(c2sRateLimitEnabled);
// TODO below is the 'idle connection' handing. This should go into the connection configuration, like all other configuration.
final int clientIdle = 1000* ParamUtils.getIntParameter(request, "clientIdle", -1);
final boolean idleDisco = ParamUtils.getBooleanParameter(request, "idleDisco");
final boolean pingIdleClients = ParamUtils.getBooleanParameter(request, "pingIdleClients");
if (!idleDisco) {
ConnectionSettings.Client.IDLE_TIMEOUT_PROPERTY.setValue(Duration.ofMillis(-1));
} else {
ConnectionSettings.Client.IDLE_TIMEOUT_PROPERTY.setValue(Duration.ofMillis(clientIdle));
}
ConnectionSettings.Client.KEEP_ALIVE_PING_PROPERTY.setValue(pingIdleClients);
// Log the event
webManager.logEvent( "Updated connection settings for " + connectionType, "plain: enabled=" + plaintextEnabled + ", port=" + plaintextTcpPort + "\nDirect TLS: enabled=" + directtlsEnabled+ ", port=" + directtlsTcpPort+ "\nRate limit: enabled=" + c2sRateLimitEnabled + ", permits_per_second=" + parsedPermits + ", max_burst=" + parsedMaxBurst + "\n" );
webManager.logEvent("set server property " + ConnectionSettings.Client.IDLE_TIMEOUT_PROPERTY.getKey(), ConnectionSettings.Client.IDLE_TIMEOUT_PROPERTY.getKey() + " = " + ConnectionSettings.Client.IDLE_TIMEOUT_PROPERTY.getDisplayValue());
webManager.logEvent("set server property " + ConnectionSettings.Client.KEEP_ALIVE_PING_PROPERTY.getKey(), ConnectionSettings.Client.KEEP_ALIVE_PING_PROPERTY.getKey() + " = " + ConnectionSettings.Client.KEEP_ALIVE_PING_PROPERTY.getDisplayValue());
response.sendRedirect( "connection-settings-socket-c2s.jsp?success=true" );
return;
}
}
pageContext.setAttribute( "errors", errors );
pageContext.setAttribute( "plaintextConfiguration", plaintextConfiguration );
pageContext.setAttribute( "directtlsConfiguration", directtlsConfiguration );
pageContext.setAttribute( "clientIdle", ConnectionSettings.Client.IDLE_TIMEOUT_PROPERTY.getValue().toMillis());
pageContext.setAttribute( "pingIdleClients", ConnectionSettings.Client.KEEP_ALIVE_PING_PROPERTY.getValue());
pageContext.setAttribute( "c2sRateLimitEnabled", NewConnectionLimiterRegistry.C2S_ENABLED.getValue() );
pageContext.setAttribute( "c2sRateLimitPermits", NewConnectionLimiterRegistry.C2S_PERMITS_PER_SECOND.getValue() );
pageContext.setAttribute( "c2sRateLimitMaxBurst", NewConnectionLimiterRegistry.C2S_MAX_BURST.getValue() );
%>
<fmt:message key="client.connections.settings.title"/>
:
" />