Intercept SSL/TLS requests in HTTPS Grizzly server

Question

I have set up an HTTPS server using grizzly 2.3.30 and jersey 2.25.1, which can be found here.
The server works well and I can curl to it with certificate-authority, certificate and key:

curl -v --cacert $CERTS/myCA.pem --key $CERTS/grizzly.key --cert $CERTS/grizzly.crt https://localhost:9999/hello

I want to intercept TLS/SSL requests, so I can log which ones fail like for example:

curl -v https://localhost:9999/hello

I am using Grizzly Http Server Framework with Jersey in this fashion:

public class MyGrizzlyServer {

    public static void main(String[] args) throws Exception {

        System.out.println("Hello main!");
        String uriStr = "https://0.0.0.0:9999/";
        URI uri = URI.create(uriStr);
        final ResourceConfig rc = new ResourceConfig().packages("org");
        HttpServer server = GrizzlyHttpServerFactory.createHttpServer(uri, rc, false);

        SSLEngineConfigurator engineConfig = getSslEngineConfig();

        for (NetworkListener listener : server.getListeners()) {

            listener.setSecure(true);
            listener.setSSLEngineConfig(engineConfig);
        }

        HttpHandler handler = server.getHttpHandler();

        System.out.println("Http server start...");
        server.start();
        System.out.println("Hit enter to stop it...");
        System.in.read();
        server.shutdownNow();
    }

    private static SSLEngineConfigurator getSslEngineConfig() {

        SSLContextConfigurator sslConfigurator = new SSLContextConfigurator();

        sslConfigurator.setKeyStoreFile("./mycerts/grizzly.jks");
        sslConfigurator.setKeyStorePass("awesome");
        sslConfigurator.setTrustStoreFile("./mycerts/myCA.jks");
        sslConfigurator.setTrustStorePass("mycapass");
        sslConfigurator.setSecurityProtocol("TLS");

        SSLContext context = sslConfigurator.createSSLContext(true);
        SSLEngineConfigurator sslEngineConfigurator = new SSLEngineConfigurator(context);
        sslEngineConfigurator.setNeedClientAuth(true);
        sslEngineConfigurator.setClientMode(false);
        return sslEngineConfigurator;
    }
}

I have been reading Grizzly documentation to get familiarized with its internals.
Grizzly seems to pile filter chains for transport, ssl, http, etc.
I am experimenting with this, but haven't figured out how to achieve it yet.

Any hint will be appreciated.

Answer 1

After playing a bit with filter chains, I was able to remove default SSLBaseFilter and add a custom SSL Filter inherited from SSLBaseFilter.
That way I could captured exceptions thrown by failed TLS/SSL requests.

In MyGrizzlyServer server:

    server.start();

    NetworkListener listener = server.getListener("grizzly");
    FilterChain filterChain = listener.getFilterChain();

    int sslBaseFilterIndex = filterChain.indexOfType(SSLBaseFilter.class);
    filterChain.remove(sslBaseFilterIndex);

    MySslFilter sslFilter = new MySslFilter(sslEngineConfig);
    filterChain.add(sslBaseFilterIndex, sslFilter);

With custom SSL filter:

public class MySslFilter extends SSLBaseFilter {

    MySslFilter(SSLEngineConfigurator configurator) {
        super(configurator);
    }

    @Override
    public NextAction handleRead(FilterChainContext ctx) throws IOException {

        NextAction nextAction = null;
        try {
            System.out.println(" *** MySslFilter handleRead ***" );
            nextAction = super.handleRead(ctx);
        } catch (IOException e) {
            System.out.println(" *** MySslFilter Exception ***" );
            e.printStackTrace();
        }

        return nextAction;
    }
}