Re: Jetty or CXF Http:Conduit for SSL?
Hi Christain I used the apporach suggested by you. I get the following exception. Could you suggest what could have went wrong. Pls advice. Its really urgent Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://ascsq14:8105/XISOAPAdapter/MessageServlet?senderParty=senderService=BS_Q_MES_MiheevskyreceiverParty=receiverService=interface=SI_ID56_CopperRecovery_async_outinterfaceNamespace=urn:outotec:pi:mes:id56:CopperRecovery: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)[:1.6.0_45] at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)[:1.6.0_45] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)[:1.6.0_45] at java.lang.reflect.Constructor.newInstance(Unknown Source)[:1.6.0_45] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1452)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] ... 65 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)[:1.6] at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)[:1.6] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)[:1.6] at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)[:1.6.0_45] at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)[:1.6] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1410)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1351)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1424)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] ... 68 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source)[:1.6.0_45] at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)[:1.6.0_45] at sun.security.validator.Validator.validate(Unknown Source)[:1.6.0_45] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)[:1.6]
Re: Jetty or CXF Http:Conduit for SSL?
Hi reji, Can you share your http-conduit configuration details Cheers!!! Bharath -- View this message in context: http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876p5737933.html Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Jetty or CXF Http:Conduit for SSL?
hi Bharath its as follows http:conduit name={urn:outotec:pi:mes:id56:CopperRecovery}.HTTPS_Port.http-conduit http:tlsClientParameters sec:keyManagers keyPassword=fuseesb sec:keyStore type=JKS password=fuseesb resource=certs/keystore.jks / /sec:keyManagers sec:trustManagers sec:keyStore type=JKS password=fuse resource=certs/truststore.jks / /sec:trustManagers sec:cipherSuitesFilter sec:include.*_EXPORT_.*/sec:include sec:include.*_EXPORT1024_.*/sec:include sec:include.*_WITH_DES_.*/sec:include sec:include.*_WITH_AES_.*/sec:include sec:include.*_WITH_NULL_.*/sec:include sec:exclude.*_DH_anon_.*/sec:exclude /sec:cipherSuitesFilter /http:tlsClientParameters http:client AutoRedirect=true Connection=Keep-Alive / /http:conduit I am getting following exception * Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://ascsq14:8105/XISOAPAdapter/MessageServlet?senderParty=senderService=BS_Q_MES_MiheevskyreceiverParty=receiverService=interface=SI_ID56_CopperRecovery_async_outinterfaceNamespace=urn:outotec:pi:mes:id56:CopperRecovery: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)[:1.6.0_45] at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)[:1.6.0_45] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)[:1.6.0_45] at java.lang.reflect.Constructor.newInstance(Unknown Source)[:1.6.0_45] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1452)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] ... 65 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)[:1.6] at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)[:1.6] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)[:1.6] at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)[:1.6.0_45] at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)[:1.6] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1410)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1351)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
Re: Jetty or CXF Http:Conduit for SSL?
have you verified by which certificate your service provider (SAP PI)'s certificate is signed and if this certificate is in your truststore? I think it's not in there, so the cxf client can't verify the provider's certificate. 2013/8/26 contactreji contactr...@gmail.com: hi Bharath its as follows http:conduit name={urn:outotec:pi:mes:id56:CopperRecovery}.HTTPS_Port.http-conduit http:tlsClientParameters sec:keyManagers keyPassword=fuseesb sec:keyStore type=JKS password=fuseesb resource=certs/keystore.jks / /sec:keyManagers sec:trustManagers sec:keyStore type=JKS password=fuse resource=certs/truststore.jks / /sec:trustManagers sec:cipherSuitesFilter sec:include.*_EXPORT_.*/sec:include sec:include.*_EXPORT1024_.*/sec:include sec:include.*_WITH_DES_.*/sec:include sec:include.*_WITH_AES_.*/sec:include sec:include.*_WITH_NULL_.*/sec:include sec:exclude.*_DH_anon_.*/sec:exclude /sec:cipherSuitesFilter /http:tlsClientParameters http:client AutoRedirect=true Connection=Keep-Alive / /http:conduit I am getting following exception * Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://ascsq14:8105/XISOAPAdapter/MessageServlet?senderParty=senderService=BS_Q_MES_MiheevskyreceiverParty=receiverService=interface=SI_ID56_CopperRecovery_async_outinterfaceNamespace=urn:outotec:pi:mes:id56:CopperRecovery: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)[:1.6.0_45] at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)[:1.6.0_45] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)[:1.6.0_45] at java.lang.reflect.Constructor.newInstance(Unknown Source)[:1.6.0_45] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1452)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] ... 65 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)[:1.6] at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)[:1.6] at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)[:1.6] at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)[:1.6.0_45] at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown
Re: Jetty or CXF Http:Conduit for SSL?
Hi Reji, 1) Try with adding client connection params and conduit name as *.http-conduit 2) Also disableCNCheck should be true. Here am posting the working conduit config details which i did while doing some poc http:conduit name=*.http-conduit http-conf:client Connection=Keep-Alive MaxRetransmits=1 AllowChunking=false ConnectionTimeout=0 ReceiveTimeout=0 / http:tlsClientParameters secureSocketProtocol=SSL disableCNCheck=true sec:keyManagers keyPassword=password sec:keyStore type=JKS password=xxx file=etc/keystore.jks / /sec:keyManagers sec:trustManagers sec:keyStore type=JKS password=xxx file=etc/truststore.jks / /sec:trustManagers sec:cipherSuitesFilter sec:includeTLS_DHE_RSA_WITH_AES_128_CBC_SHA|SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA|TLS_RSA_WITH_AES_128_CBC_SHA|SSL_RSA_WITH_3DES_EDE_CBC_SHA|TLS_DHE_DSS_WITH_AES_128_CBC_SHA|SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA|/sec:include sec:exclude.*_DH_anon_.*/sec:exclude /sec:cipherSuitesFilter /http:tlsClientParameters /http:conduit Hope this helps you!!! Cheers!!! Bharath -- View this message in context: http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876p5737938.html Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Jetty or CXF Http:Conduit for SSL?
If it doesn't help, please enable SSL debuging with the JVM option javax.net.debug=all as shown at [1]. [1] http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/samples/sslengine/SSLEngineSimpleDemo.java Best, Christian - Software Integration Specialist Apache Camel committer: https://camel.apache.org/team V.P. Apache Camel: https://www.apache.org/foundation/ Apache Member: https://www.apache.org/foundation/members.html https://www.linkedin.com/pub/christian-mueller/11/551/642 On Mon, Aug 26, 2013 at 10:39 AM, Aki Yoshida elak...@gmail.com wrote: have you verified by which certificate your service provider (SAP PI)'s certificate is signed and if this certificate is in your truststore? I think it's not in there, so the cxf client can't verify the provider's certificate. 2013/8/26 contactreji contactr...@gmail.com: hi Bharath its as follows http:conduit name={urn:outotec:pi:mes:id56:CopperRecovery}.HTTPS_Port.http-conduit http:tlsClientParameters sec:keyManagers keyPassword=fuseesb sec:keyStore type=JKS password=fuseesb resource=certs/keystore.jks / /sec:keyManagers sec:trustManagers sec:keyStore type=JKS password=fuse resource=certs/truststore.jks / /sec:trustManagers sec:cipherSuitesFilter sec:include.*_EXPORT_.*/sec:include sec:include.*_EXPORT1024_.*/sec:include sec:include.*_WITH_DES_.*/sec:include sec:include.*_WITH_AES_.*/sec:include sec:include.*_WITH_NULL_.*/sec:include sec:exclude.*_DH_anon_.*/sec:exclude /sec:cipherSuitesFilter /http:tlsClientParameters http:client AutoRedirect=true Connection=Keep-Alive / /http:conduit I am getting following exception * Caused by: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://ascsq14:8105/XISOAPAdapter/MessageServlet?senderParty=senderService=BS_Q_MES_MiheevskyreceiverParty=receiverService=interface=SI_ID56_CopperRecovery_async_outinterfaceNamespace=urn:outotec:pi:mes:id56:CopperRecovery : sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)[:1.6.0_45] at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)[:1.6.0_45] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)[:1.6.0_45] at java.lang.reflect.Constructor.newInstance(Unknown Source)[:1.6.0_45] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException(HTTPConduit.java:1467)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1452)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:660)[178:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047] at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)[169:org.apache.cxf.cxf-api:2.6.0.fuse-71-047] ... 65 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)[:1.6] at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)[:1.6] at
Re: Jetty or CXF Http:Conduit for SSL?
Hi Brother!! You saved!!! Thank you so much for that! My prog works now.. U deserve a beer!! Reji -- View this message in context: http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876p5737952.html Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Jetty or CXF Http:Conduit for SSL?
cool!! nice to hear Cheers!!! Bharath -- View this message in context: http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876p5737954.html Sent from the Camel - Users mailing list archive at Nabble.com.
Jetty or CXF Http:Conduit for SSL?
Hey! I am trying to connect to a https enabled secure service at SAP PI end. I have the SSL certificates in form of jks files namely truststore.jks and keystore.jks Could you advice which is the best component to use in my case. I will be sending xml data to SAP PI which is received from third party system at the CXF Endpoint in Fuse ESB. I found a note at http://camel.apache.org/jetty.html as follows: /Jetty is stream based, which means the input it receives is submitted to Camel as a stream. That means you will only be able to read the content of the stream once. If you find a situation where the message body appears to be empty or you need to access the data multiple times (eg: doing multicasting, or redelivery error handling) you should use Stream caching or convert the message body to a String which is safe to be re-read multiple times./ So can I use this component? Will SAP PI be able to receive my xml data or will it receive it as stream ? * Pls look at my code configuring JETTY: bean id=jetty class=org.apache.camel.component.jetty.JettyHttpComponent property name=sslSocketConnectorProperties map entry key=password value=fuseesb / entry key=keyPassword value=fuseesb / entry key=keystore value=src/main/resources/certs/keystore.jks / entry key=truststore value=src/main/resources/certs/truststore.jks / entry key=trustPassword value=fuse / entry key=needClientAuth value=true / /map /property /bean jaxws:client id=PIServiceProxy address=jetty:https://server:8105/XISOAPAdapter/MessageServlet?senderParty=amp;senderService=SS_Q_MES_Miheevskyamp;receiverParty=amp;receiverService=amp;interface=SI_ID56_CopperRecovery_async_outamp;interfaceNamespace=urn:company:pi:mes:id56:CopperRecovery; serviceClass=company.pi.mes.id56.copperrecovery.SIID56CopperRecoveryAsyncOut username=om_sys_user password=om_sys_user / osgi:reference id=company-datasource interface=javax.sql.DataSource / * IS THIS THE CORRECT WAY of configuring jetty? Reji -- View this message in context: http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876.html Sent from the Camel - Users mailing list archive at Nabble.com.
Re: Jetty or CXF Http:Conduit for SSL?
IF the SAP service is exposed as JAX-WS or JAX-RS service, I would recommend to use the camel-cxf component to access this service. It supports HTTPS with server and client certificates by using the 'conduit' configuration [1]. [1] http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html Best, Christian - Software Integration Specialist Apache Camel committer: https://camel.apache.org/team V.P. Apache Camel: https://www.apache.org/foundation/ Apache Member: https://www.apache.org/foundation/members.html https://www.linkedin.com/pub/christian-mueller/11/551/642 On Sun, Aug 25, 2013 at 9:19 AM, contactreji contactr...@gmail.com wrote: Hey! I am trying to connect to a https enabled secure service at SAP PI end. I have the SSL certificates in form of jks files namely truststore.jks and keystore.jks Could you advice which is the best component to use in my case. I will be sending xml data to SAP PI which is received from third party system at the CXF Endpoint in Fuse ESB. I found a note at http://camel.apache.org/jetty.html as follows: /Jetty is stream based, which means the input it receives is submitted to Camel as a stream. That means you will only be able to read the content of the stream once. If you find a situation where the message body appears to be empty or you need to access the data multiple times (eg: doing multicasting, or redelivery error handling) you should use Stream caching or convert the message body to a String which is safe to be re-read multiple times./ So can I use this component? Will SAP PI be able to receive my xml data or will it receive it as stream ? * Pls look at my code configuring JETTY: bean id=jetty class=org.apache.camel.component.jetty.JettyHttpComponent property name=sslSocketConnectorProperties map entry key=password value=fuseesb / entry key=keyPassword value=fuseesb / entry key=keystore value=src/main/resources/certs/keystore.jks / entry key=truststore value=src/main/resources/certs/truststore.jks / entry key=trustPassword value=fuse / entry key=needClientAuth value=true / /map /property /bean jaxws:client id=PIServiceProxy address=jetty: https://server:8105/XISOAPAdapter/MessageServlet?senderParty=amp;senderService=SS_Q_MES_Miheevskyamp;receiverParty=amp;receiverService=amp;interface=SI_ID56_CopperRecovery_async_outamp;interfaceNamespace=urn:company:pi:mes:id56:CopperRecovery serviceClass=company.pi.mes.id56.copperrecovery.SIID56CopperRecoveryAsyncOut username=om_sys_user password=om_sys_user / osgi:reference id=company-datasource interface=javax.sql.DataSource / * IS THIS THE CORRECT WAY of configuring jetty? Reji -- View this message in context: http://camel.465427.n5.nabble.com/Jetty-or-CXF-Http-Conduit-for-SSL-tp5737876.html Sent from the Camel - Users mailing list archive at Nabble.com.