Dario Amiri created CXF-4806:
--------------------------------
Summary: When using Spring, cannot set Jetty engine connector to
an instance of SslSelectChannelConnector
Key: CXF-4806
URL: https://issues.apache.org/jira/browse/CXF-4806
Project: CXF
Issue Type: Bug
Affects Versions: 2.7.2
Environment: Mac OS X, Karaf container, Spring 3.1.2
Reporter: Dario Amiri
When using spring it is not possible to set a connector of type
SslSelectChannelConnector. Below is a sample Spring configuration that does not
work:
<httpj:engine-factory bus="cxf">
<httpj:engine port="${webservice.https.port}">
<httpj:tlsServerParameters>
<sec:keyManagers
keyPassword="${webservice.https.keyManagerPwd}">
<sec:keyStore
url="${webservice.https.serviceKeyStoreUrl}"
password="${webservice.https.serviceKeyStorePwd}"
type="JKS" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore
url="${webservice.https.trustKeyStoreUrl}"
password="${webservice.https.trustKeyStorePwd}"
type="JKS" />
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_WITH_3DES_.*</sec:include>
<sec:include>.*_WITH_AES_128_.*</sec:include>
<sec:include>.*_WITH_AES_256_.*</sec:include>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="false"
required="false" />
<sec:certAlias>${webservice.https.certAlias}</sec:certAlias>
</httpj:tlsServerParameters>
<httpj:threadingParameters
minThreads="${webservice.minThreads}"
maxThreads="${webservice.maxThreads}" />
<httpj:connector>
<bean
class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<beans:constructor-arg ref="sslContextFactory" />
<property name="port"
value="${webservice.https.port}" />
<property name="acceptors"
value="${webservice.acceptors}" />
</bean>
</httpj:connector>
</httpj:engine>
</httpj:engine-factory>
The problem is code in JettHTTPServerEngine.java at line 607 and 617:
protected void retrieveListenerFactory() {
if (tlsServerParameters != null) {
if (null != connector && !(connector instanceof
SslSocketConnector)) {
LOG.warning("Connector " + connector + " for JettyServerEngine
Port "
+ port + " does not support SSL connections.");
return;
}
connectorFactory =
getHTTPSConnectorFactory(tlsServerParameters);
protocol = "https";
} else {
if (connector instanceof SslSocketConnector) {
throw new RuntimeException("Connector " + connector + " for
JettyServerEngine Port "
+ port + " does not support non-SSL connections.");
}
connectorFactory = getHTTPConnectorFactory();
protocol = "http";
}
LOG.fine("Configured port " + port + " for \"" + protocol + "\".");
}
As the code is right now it does not allow the use of SslSelectChannelConnector
only SslSocketConnector. Furthermore, the error checking for a plain HTTP
engine is incorrect since the logic will not throw an exception for using
SslSelectChannelConnector for a plain HTTP engine.
Instead, the code should check if the instance is of a type that implements
SslConnector. SslConnector is an interface which both SslSocketConnector and
SslSelectChannelConnector implement and no non Ssl connector should implement.
For discussion on this issue see:
http://cxf.547215.n5.nabble.com/Bug-in-2-7-2-td5722635.html#a5722736
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
