[
https://issues.apache.org/jira/browse/CXF-4806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daniel Kulp updated CXF-4806:
-----------------------------
Description:
When using spring it is not possible to set a connector of type
SslSelectChannelConnector. Below is a sample Spring configuration that does not
work:
{code:xml}
<httpj:engine-factory bus="cxf">
<httpj:engine port="${webservice.https.port}">
<httpj:tlsServerParameters>
<sec:keyManagers
keyPassword="${webservice.https.keyManagerPwd}">
<sec:keyStore
url="${webservice.https.serviceKeyStoreUrl}"
password="${webservice.https.serviceKeyStorePwd}"
type="JKS" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore
url="${webservice.https.trustKeyStoreUrl}"
password="${webservice.https.trustKeyStorePwd}"
type="JKS" />
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_WITH_3DES_.*</sec:include>
<sec:include>.*_WITH_AES_128_.*</sec:include>
<sec:include>.*_WITH_AES_256_.*</sec:include>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="false"
required="false" />
<sec:certAlias>${webservice.https.certAlias}</sec:certAlias>
</httpj:tlsServerParameters>
<httpj:threadingParameters
minThreads="${webservice.minThreads}"
maxThreads="${webservice.maxThreads}" />
<httpj:connector>
<bean
class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<beans:constructor-arg ref="sslContextFactory" />
<property name="port"
value="${webservice.https.port}" />
<property name="acceptors"
value="${webservice.acceptors}" />
</bean>
</httpj:connector>
</httpj:engine>
</httpj:engine-factory>
{code}
The problem is code in JettHTTPServerEngine.java at line 607 and 617:
{code:java}
protected void retrieveListenerFactory() {
if (tlsServerParameters != null) {
if (null != connector && !(connector instanceof
SslSocketConnector)) {
LOG.warning("Connector " + connector + " for JettyServerEngine
Port "
+ port + " does not support SSL connections.");
return;
}
connectorFactory =
getHTTPSConnectorFactory(tlsServerParameters);
protocol = "https";
} else {
if (connector instanceof SslSocketConnector) {
throw new RuntimeException("Connector " + connector + " for
JettyServerEngine Port "
+ port + " does not support non-SSL connections.");
}
connectorFactory = getHTTPConnectorFactory();
protocol = "http";
}
LOG.fine("Configured port " + port + " for \"" + protocol + "\".");
}
{code}
As the code is right now it does not allow the use of SslSelectChannelConnector
only SslSocketConnector. Furthermore, the error checking for a plain HTTP
engine is incorrect since the logic will not throw an exception for using
SslSelectChannelConnector for a plain HTTP engine.
Instead, the code should check if the instance is of a type that implements
SslConnector. SslConnector is an interface which both SslSocketConnector and
SslSelectChannelConnector implement and no non Ssl connector should implement.
For discussion on this issue see:
http://cxf.547215.n5.nabble.com/Bug-in-2-7-2-td5722635.html#a5722736
was:
When using spring it is not possible to set a connector of type
SslSelectChannelConnector. Below is a sample Spring configuration that does not
work:
<httpj:engine-factory bus="cxf">
<httpj:engine port="${webservice.https.port}">
<httpj:tlsServerParameters>
<sec:keyManagers
keyPassword="${webservice.https.keyManagerPwd}">
<sec:keyStore
url="${webservice.https.serviceKeyStoreUrl}"
password="${webservice.https.serviceKeyStorePwd}"
type="JKS" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore
url="${webservice.https.trustKeyStoreUrl}"
password="${webservice.https.trustKeyStorePwd}"
type="JKS" />
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_WITH_3DES_.*</sec:include>
<sec:include>.*_WITH_AES_128_.*</sec:include>
<sec:include>.*_WITH_AES_256_.*</sec:include>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
<sec:clientAuthentication want="false"
required="false" />
<sec:certAlias>${webservice.https.certAlias}</sec:certAlias>
</httpj:tlsServerParameters>
<httpj:threadingParameters
minThreads="${webservice.minThreads}"
maxThreads="${webservice.maxThreads}" />
<httpj:connector>
<bean
class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<beans:constructor-arg ref="sslContextFactory" />
<property name="port"
value="${webservice.https.port}" />
<property name="acceptors"
value="${webservice.acceptors}" />
</bean>
</httpj:connector>
</httpj:engine>
</httpj:engine-factory>
The problem is code in JettHTTPServerEngine.java at line 607 and 617:
protected void retrieveListenerFactory() {
if (tlsServerParameters != null) {
if (null != connector && !(connector instanceof
SslSocketConnector)) {
LOG.warning("Connector " + connector + " for JettyServerEngine
Port "
+ port + " does not support SSL connections.");
return;
}
connectorFactory =
getHTTPSConnectorFactory(tlsServerParameters);
protocol = "https";
} else {
if (connector instanceof SslSocketConnector) {
throw new RuntimeException("Connector " + connector + " for
JettyServerEngine Port "
+ port + " does not support non-SSL connections.");
}
connectorFactory = getHTTPConnectorFactory();
protocol = "http";
}
LOG.fine("Configured port " + port + " for \"" + protocol + "\".");
}
As the code is right now it does not allow the use of SslSelectChannelConnector
only SslSocketConnector. Furthermore, the error checking for a plain HTTP
engine is incorrect since the logic will not throw an exception for using
SslSelectChannelConnector for a plain HTTP engine.
Instead, the code should check if the instance is of a type that implements
SslConnector. SslConnector is an interface which both SslSocketConnector and
SslSelectChannelConnector implement and no non Ssl connector should implement.
For discussion on this issue see:
http://cxf.547215.n5.nabble.com/Bug-in-2-7-2-td5722635.html#a5722736
> When using Spring, cannot set Jetty engine connector to an instance of
> SslSelectChannelConnector
> ------------------------------------------------------------------------------------------------
>
> Key: CXF-4806
> URL: https://issues.apache.org/jira/browse/CXF-4806
> Project: CXF
> Issue Type: Bug
> Affects Versions: 2.7.2
> Environment: Mac OS X, Karaf container, Spring 3.1.2
> Reporter: Dario Amiri
>
> When using spring it is not possible to set a connector of type
> SslSelectChannelConnector. Below is a sample Spring configuration that does
> not work:
> {code:xml}
> <httpj:engine-factory bus="cxf">
> <httpj:engine port="${webservice.https.port}">
> <httpj:tlsServerParameters>
> <sec:keyManagers
> keyPassword="${webservice.https.keyManagerPwd}">
> <sec:keyStore
> url="${webservice.https.serviceKeyStoreUrl}"
> password="${webservice.https.serviceKeyStorePwd}"
> type="JKS" />
> </sec:keyManagers>
> <sec:trustManagers>
> <sec:keyStore
> url="${webservice.https.trustKeyStoreUrl}"
> password="${webservice.https.trustKeyStorePwd}"
> type="JKS" />
> </sec:trustManagers>
> <sec:cipherSuitesFilter>
> <sec:include>.*_WITH_3DES_.*</sec:include>
> <sec:include>.*_WITH_AES_128_.*</sec:include>
> <sec:include>.*_WITH_AES_256_.*</sec:include>
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_AES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> <sec:clientAuthentication want="false"
> required="false" />
> <sec:certAlias>${webservice.https.certAlias}</sec:certAlias>
> </httpj:tlsServerParameters>
> <httpj:threadingParameters
> minThreads="${webservice.minThreads}"
> maxThreads="${webservice.maxThreads}" />
> <httpj:connector>
> <bean
> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
> <beans:constructor-arg ref="sslContextFactory" />
> <property name="port"
> value="${webservice.https.port}" />
> <property name="acceptors"
> value="${webservice.acceptors}" />
> </bean>
> </httpj:connector>
> </httpj:engine>
> </httpj:engine-factory>
> {code}
> The problem is code in JettHTTPServerEngine.java at line 607 and 617:
> {code:java}
> protected void retrieveListenerFactory() {
> if (tlsServerParameters != null) {
> if (null != connector && !(connector instanceof
> SslSocketConnector)) {
> LOG.warning("Connector " + connector + " for
> JettyServerEngine Port "
> + port + " does not support SSL connections.");
> return;
> }
> connectorFactory =
> getHTTPSConnectorFactory(tlsServerParameters);
> protocol = "https";
>
> } else {
> if (connector instanceof SslSocketConnector) {
> throw new RuntimeException("Connector " + connector + " for
> JettyServerEngine Port "
> + port + " does not support non-SSL connections.");
> }
> connectorFactory = getHTTPConnectorFactory();
> protocol = "http";
> }
> LOG.fine("Configured port " + port + " for \"" + protocol + "\".");
> }
> {code}
> As the code is right now it does not allow the use of
> SslSelectChannelConnector only SslSocketConnector. Furthermore, the error
> checking for a plain HTTP engine is incorrect since the logic will not throw
> an exception for using SslSelectChannelConnector for a plain HTTP engine.
> Instead, the code should check if the instance is of a type that implements
> SslConnector. SslConnector is an interface which both SslSocketConnector and
> SslSelectChannelConnector implement and no non Ssl connector should implement.
> For discussion on this issue see:
> http://cxf.547215.n5.nabble.com/Bug-in-2-7-2-td5722635.html#a5722736
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
