Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

Securing Jetty

Securing against accidental or malicious termination

You can start Jetty in such a way as to require identification before a termination request is accepted. This can help safeguard against either accidental or malicious terminations.

This involves starting jetty with a STOP.PORT parameter:

Code Block
java -DSTOP.PORT=8079 -jar start.jar

The STOP.PORT is the number of a port on which Jetty will listen for termination requests. In this case, the port number is 8079. You can then stop jetty either with a cntrl-c in the controlling terminal window (unless you have disassociated the Jetty process from a terminal), or by supplying this port number on a stop request from any terminal.

You can also supply a secret key on startup which must also be present on the termination request to enhance security:

Code Block
java -DSTOP.PORT=8079 -DSTOP.KEY=mysecret -jar start.jar

WARNING: In some operating systems your STOP.KEY may be visible in the process list, allowing other users to connect to the stop port and initiate the stop command. Please consider this before using the STOP.PORT and STOP.KEY in start/stop scripts, for example init.d scripts on linux distributions.

As a further security measure, you can omit the STOP.KEY property on startup, in which case Jetty will generate and print on stdout a random key:

Code Block
> java -DSTOP.PORT=8079 -jar start.jar

This key should then be supplied on the termination request:

Code Block
java -DSTOP.PORT=8079 -DSTOP.KEY=3xspihnnsse8 -jar start.jar --stop

Contact the core Jetty developers at
private support for your internal/customer projects ... custom extensions and distributions ... versioned snapshots for indefinite support ... scalability guidance for your apps and Ajax/Comet projects ... development services from 1 day to full product delivery