[
https://issues.apache.org/jira/browse/CXF-9159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18019445#comment-18019445
]
Freeman Yue Fang commented on CXF-9159:
---------------------------------------
Hi [~kalgon],
On the server side, when we deploy CXF as SpringBoot server, we normally use
platform web server(Jetty/Tomcat/Undertow) which already supports SpringBoot
SSL bundle.
On the client side, in SpringBoot context, we can create SslContext directly
from injected org.springframework.boot.ssl.SslBundles(if SpringBoot SSL bundle
is configured). And then in CXF we can specify this SslContext into CXF client
TLSClientParameters(applied for both JAXWS and JAXRS) directly.
So a simple bean can do this work by register a HTTPConduitConfigurer to the
cxf bus, something like
{code}
import javax.net.ssl.SSLContext;
import org.apache.cxf.Bus;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.transport.http.HTTPConduitConfigurer;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.springframework.boot.ssl.SslBundles;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.beans.factory.InitializingBean;
@Configuration
public class CxfGlobalSslConfig {
@Bean
InitializingBean registerConduitConfigurer(Bus bus, SslBundles sslBundles) {
return () -> bus.setExtension((HTTPConduitConfigurer) (name, address,
conduit) -> {
if (address != null && address.startsWith("https://the server address you
have bundle configured")) {
SSLContext ctx = sslBundles.getBundle("tls-bundle1").createSslContext();
TLSClientParameters tls = new TLSClientParameters();
tls.setSslContext(ctx);
conduit.setTlsClientParameters(tls);
}
// else if (...) //can use other Spring SSL bundle for another server
}, HTTPConduitConfigurer.class);
}
}
{code}
But this won't work to hot-load new keys/certs.
Best Regards
Freeman
> Support spring boot SSL bundles
> -------------------------------
>
> Key: CXF-9159
> URL: https://issues.apache.org/jira/browse/CXF-9159
> Project: CXF
> Issue Type: Wish
> Components: spring boot
> Affects Versions: 4.1.3
> Reporter: Xavier Dury
> Assignee: Freeman Yue Fang
> Priority: Minor
>
> SSL configuration (one-way or two-way) can be simplified with Spring Boot SSL
> bundles.
> It would be nice if a SSL bundle could be specified directly at the
> {{JaxWsProxyFactoryBean}} level (or a subclass).
> SSL bundles can also be monitored/reloaded by spring so when a bundle is
> updated, the conduit configuration should also be adapted with the new
> cert/key.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
