I forgot something:
More info:
http://cxf.apache.org/docs/secure-jax-rs-services.html#SecureJAX-RSServices-Configuringendpoints
(till the end of the page)
And:
<bean id="banned" class="..." factory-method="...">
<constructor-arg value="...">
</bean>
Should be:
<bean id="banned" class="..." factory-method="...">
<constructor-arg value="..."/>
</bean>
I just forgot a slash there. ;-)
Jana
Am Fr, 13.06.2014, 01:30 schrieb Jana Weschenfelder:
> Hello, I think I got it working...
>
> With the following configuration, it seems to work... I haven't found
> online references for it, and it looks twice configured, but it seems to
> work correctly... I have invented it right now, thanks to the Spring IoC
> documentation.
>
> <beans ...>
>
> <httpj:engine-factory id="https" bus="cxf">
> <httpj:identifiedTLSServerParameters id="secure">
> <httpj:tlsServerParameters>
> <sec:keyManagers>
> <sec:keyStore type="..." password="..." file="..."/>
> </sec:keyManagers>
> <sec:trustManagers>
> <sec:keyStore type="..." password="..." file="..."/>
> </sec:trustManagers>
> <sec:cipherSuitesFilter>
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </httpj:tlsServerParameters>
> </httpj:identifiedTLSServerParameters>
> <httpj:engine port="9001">
> <httpj:tlsServerParametersRef id="secure"/>
> <httpj:threadingParameters minThreads="5" maxThreads="15"/>
> <httpj:connector>
> <bean
> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
> <property name="port" value="9001"/>
> <constructor-arg>
> <bean
> class="org.eclipse.jetty.http.ssl.SslContextFactory">
> <property name="keyStore" value=""/>
> <property name="keyStoreType" value="..."/>
> <property name="keyStorePassword" value="..."/>
> <property name="trustStore" value="..."/>
> <property name="trustStoreType" value="..."/>
> <property name="trustStorePassword" value="..."/>
> <property name="wantClientAuth" value="..."/>
> <property name="needClientAuth" value="..."/>
> <property name="excludeCipherSuites"
> ref="banned"/>
> </bean>
> </constructor-arg>
> </bean>
> </httpj:connector>
> <httpj:handlers>
> <bean
> class="org.eclipse.jetty.server.handler.DefaultHandler"/>
> </httpj:handlers>
> <httpj:sessionSupport>true</httpj:sessionSupport>
> </httpj:engine>
> </httpj:engine-factory>
>
> <bean id="banned" class="..." factory-method="...">
> <constructor-arg value="...">
> </bean>
>
> </beans>
>
> The configuration looks really twice now... but without the lower
> configuration, you will get an error message that a .keystore file is
> missing. And without the upper configuration, you will get the error
> message "java.lang.RuntimeException: Connector
> [email protected]:9001 for JettyServerEngine Port 9001
> does not support non-SSL connections.".
>
> If you configure it twice as above, it seems to work without any problems.
> I can connect to the service after I confirmed that I trust the web site,
> as it should be. It will need more tests to be very sure.
>
> More/other properties can be set as specified in
> http://cxf.apache.org/docs/jetty-configuration.html and
> http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty. I
> think the configuration needs to be done twice at the moment so that it
> works, on CXF side and on Jetty side (the Jetty side uses Spring IoC).
>
> Not sure if the keyPassword for keyManagers is really needed, more info
> here:
> http://stackoverflow.com/questions/10847983/what-is-the-difference-between-keystorepassword-and-keymanagerpassword-in-jetty.
>
> If the configuration above is correct, either Apache or Eclipse will have
> to update their documentation. I would think that Eclipse made a change
> sometime and Apache still doesn't know about it. As I said, I also have to
> test the configuration first. It looks very good so far, but it still can
> be wrong somewhere.
>
> I believe, instead of
> org.eclipse.jetty.server.ssl.SslSelectChannelConnector, the class
> org.eclipse.jetty.server.ssl.SslSocketConnector can be used as well...
> looked very similar and worked, too.
>
> Thanks, Jana
>
>
> Am Do, 12.06.2014, 23:45 schrieb Jana Weschenfelder:
>> Dear Ladies and Gentlemen,
>>
>> I have exactly the problem of
>> http://mail-archives.apache.org/mod_mbox/cxf-users/201403.mbox/%[email protected]%3E.
>> I don't know if there existed a solution already.
>>
>> I followed the instructions of
>> http://cxf.apache.org/docs/jetty-configuration.html and I don't have any
>> success by using org.eclipse.jetty.server.bio.SocketConnector here. I
>> receive the error message then that the port (HTTP) wouldn't be
>> configured
>> for HTTPS.
>>
>> Regarding to Eclipse, org.eclipse.jetty.server.bio.SocketConnector is
>> configured for HTTP and is not a SSLConnector, and it also doesn't
>> accept
>> any SSL Configuration if I look into the code there.
>>
>> If I read the instructions of
>> http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty,
>> org.eclipse.jetty.server.ssl.SslSelectChannelConnector should be used as
>> SSLConnector instead. But if I just replace
>> org.eclipse.jetty.server.bio.SocketConnector in the example of
>> http://cxf.apache.org/docs/jetty-configuration.html, I receive the error
>> message "java.io.FileNotFoundException: /home/user/.keystore" as
>> described
>> in
>> http://mail-archives.apache.org/mod_mbox/cxf-users/201403.mbox/%[email protected]%3E.
>>
>> I would think that something like this would be more correct, regarding
>> to
>> Eclipse:
>> <httpj:engine-factory id="https" bus="cxf">
>> <httpj:engine port="${cdmi.net.ssl.port}">
>> <httpj:threadingParameters minThreads="5" maxThreads="15" />
>> <httpj:connector>
>> <bean
>> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
>> <property name = "port" value="9001"/>
>> <bean
>> class="org.eclipse.jetty.http.ssl.SslContextFactory">
>> <property name="keyStore" value="..."/>
>> <property name="keystoreType" value="..."/>
>> <property name="keyStorePassword" value="..."/>
>> ...
>> <property name="excludeCipherSuites" ref="..."/>
>> </bean>
>> </bean>
>> </httpj:connector>
>> <httpj:handlers>
>> <bean
>> class="org.eclipse.jetty.server.handler.DefaultHandler"/>
>> </httpj:handlers>
>> <httpj:sessionSupport>true</httpj:sessionSupport>
>> </httpj:engine>
>> </httpj:engine-factory>
>>
>> But it doesn't work. It doesn't accept the part <bean
>> class="org.eclipse.jetty.http.ssl.SslContextFactory">...</bean> within
>> of
>> <bean
>> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">...</bean>.
>> The error message is "Invalid content was found starting with element
>> 'bean'.".
>>
>> A similar configuration was found here:
>> http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory
>>
>> But I need it for httpj:engine-factory.
>>
>> What is the right way to configure the Jetty Runtime with SSLConnector?
>> Is Jetty still supported by Apache CXF? Btw, HTTP works fine, but I need
>> HTTPS because of certificates.
>>
>> Many thanks in advance!!!
>>
>> Jana
>>
>>
>
>
>
