Re: Karaf SSL CXF Client https
I'm still trying to do some https as a client. I installed some features: spring spring-dm spring-security includes : cxf.config.file = C:\\apache-karaf-4.0.8\\etc\\org.apache.cxf.osgi.cfg to system.properties and other problems appeared... still getting : 2017-07-21 16:34:52,262 | ERROR | 4.0.8\bin\..\etc | fileinstall | 4 - org.apache.felix.fileinstall - 3.5.6 | Failed to install artifact: C:\apache-karaf-4.0.8\etc\org.apache.cxf.osgi.cfg java.util.InvalidPropertiesFormatException: org.xml.sax.SAXParseException: Document root element "beans", must match DOCTYPE root "null". but get this first time 2017-07-21 16:35:07,196 | INFO | eduler_Worker-10 | BusApplicationContext | 79 - org.apache.cxf.cxf-core - 3.1.9 | Loaded configuration file C:\apache-karaf-4.0.8\etc\org.apache.cxf.osgi.cfg. 2017-07-21 16:35:07,196 | INFO | eduler_Worker-10 | alidationXmlBeanDefinitionReader | 263 - org.apache.servicemix.bundles.spring-beans - 4.2.8.RELEASE_1 | Loading XML bean definitions from class path resource [META-INF/cxf/cxf.xml] 2017-07-21 16:35:07,196 | WARN | eduler_Worker-10 | SpringBusFactory | 79 - org.apache.cxf.cxf-core - 3.1.9 | Initial attempt to create application context was unsuccessful. org.springframework.beans.factory.BeanDefinitionStoreException: IOException parsing XML document from class path resource [META-INF/cxf/cxf.xml]; nested exception is java.io.FileNotFoundException: class path resource [META-INF/cxf/cxf.xml] cannot be opened because it does not exist then 2017-07-21 16:35:07,209 | INFO | eduler_Worker-10 | alidationXmlBeanDefinitionReader | 263 - org.apache.servicemix.bundles.spring-beans - 4.2.8.RELEASE_1 | Loading XML bean definitions from class path resource [META-INF/cxf/cxf.xml] 2017-07-21 16:35:07,210 | INFO | eduler_Worker-10 | alidationXmlBeanDefinitionReader | 263 - org.apache.servicemix.bundles.spring-beans - 4.2.8.RELEASE_1 | Loading XML bean definitions from file [C:\apache-karaf-4.0.8\etc\org.apache.cxf.osgi.cfg] 2017-07-21 16:35:07,383 | WARN | eduler_Worker-10 | SpringBusFactory | 79 - org.apache.cxf.cxf-core - 3.1.9 | Failed to create application context. org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://cxf.apache.org/transports/http/configuration] -- View this message in context: http://karaf.922171.n3.nabble.com/Karaf-SSL-CXF-Client-https-tp4050999p4051073.html Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Karaf SSL CXF Client https
wandering if it has something to do with this note in cxf site: Note starting with CXF 2.6.0, Maven users will need to add the following dependency for the cxf.xml file to be read: org.springframework spring-context 3.0.6.RELEASE (or most recent supported) Do we have to install a specific feature inside karaf to be able for the file to be loaded? -- View this message in context: http://karaf.922171.n3.nabble.com/Karaf-SSL-CXF-Client-https-tp4050999p4051058.html Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Karaf SSL CXF Client https
Hello, don't have any clue for the moment. Hope you will be able to give an answer on your side. -- View this message in context: http://karaf.922171.n3.nabble.com/Karaf-SSL-CXF-Client-https-tp4050999p4051045.html Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Karaf SSL CXF Client https
That's what we were thinking about the pax web configuration (server side). We are sending some http requests using cxf to an external server (javax.ws.rs.client.WebTarget used). We configure a org.apache.cxf.osgi.cfg in etc/ directory and launch karaf.bat -Dcxf.config.file=org.apache.cxf.osgi.cfg content is the one previously entered. (org.apache.cxf.osgi.cfg = cxf.xml) We also tried using cxf.config.file=${karaf.etc}/org.apache.cxf.osgi.cfg in \apache-karaf-4.0.8\etc\system.properties without success. -- View this message in context: http://karaf.922171.n3.nabble.com/Karaf-SSL-CXF-Client-https-tp4050999p4051031.html Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Karaf SSL CXF Client https
Hi, Pax Web is for the "server" side, not the client side. That's why you have to configure the http-conduits (which is the client side). The org.apache.cxf.osgi.cfg is wrong in your case. Can you explain what did you do exactly ? Regards JB On 07/17/2017 09:34 AM, erwan wrote: Hello, and thanks for your reply. I tried to use what is described in the documentation without any success. I still have these kind of messages in traces: 2017-07-17 09:22:57,344 | DEBUG | heduler_Worker-1 | HTTPConduit :940 | 137 - org.apache.cxf.cxf-rt-transports-http - 3.1.9 | Conduit '{https://mydomain}WebClient.http-conduit' has been (re)configured for plain http. I though it was a configuration problem. I add this parameter to the command line: -Dcxf.config.file=cxf.xml but got an error as well: [FelixStartLevel] ERROR org.apache.felix.fileinstall - Failed to install artifact: \etc\org.apache.cxf.osgi.cfg java.util.InvalidPropertiesFormatException: org.xml.sax.SAXParseException: Document root element "beans", must match DOCTYPE root "null". content cxf.xml: http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"; xsi:schemaLocation=" http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd";> .*_EXPORT_.* .*_EXPORT1024_.* .*_WITH_DES_.* .*_WITH_AES_.* .*_WITH_NULL_.* .*_DH_anon_.* So not working yet... Something seems to be strange as well in startup traces: 2017-07-17 09:22:47,625 | INFO | FelixStartLevel | HttpServiceFactoryImpl :35 | 240 - org.ops4j.pax.web.pax-web-runtime - 4.3.0 | Binding bundle: [cxf-dosgi-ri-dsw-cxf [68]] to http service do we have to configure pax-web as well? -- View this message in context: http://karaf.922171.n3.nabble.com/Karaf-SSL-CXF-Client-https-tp4050999p4051025.html Sent from the Karaf - User mailing list archive at Nabble.com. -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com
Re: Karaf SSL CXF Client https
Hello, and thanks for your reply. I tried to use what is described in the documentation without any success. I still have these kind of messages in traces: 2017-07-17 09:22:57,344 | DEBUG | heduler_Worker-1 | HTTPConduit :940 | 137 - org.apache.cxf.cxf-rt-transports-http - 3.1.9 | Conduit '{https://mydomain}WebClient.http-conduit' has been (re)configured for plain http. I though it was a configuration problem. I add this parameter to the command line: -Dcxf.config.file=cxf.xml but got an error as well: [FelixStartLevel] ERROR org.apache.felix.fileinstall - Failed to install artifact: \etc\org.apache.cxf.osgi.cfg java.util.InvalidPropertiesFormatException: org.xml.sax.SAXParseException: Document root element "beans", must match DOCTYPE root "null". content cxf.xml: http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"; xsi:schemaLocation=" http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd";> .*_EXPORT_.* .*_EXPORT1024_.* .*_WITH_DES_.* .*_WITH_AES_.* .*_WITH_NULL_.* .*_DH_anon_.* So not working yet... Something seems to be strange as well in startup traces: 2017-07-17 09:22:47,625 | INFO | FelixStartLevel | HttpServiceFactoryImpl :35 | 240 - org.ops4j.pax.web.pax-web-runtime - 4.3.0 | Binding bundle: [cxf-dosgi-ri-dsw-cxf [68]] to http service do we have to configure pax-web as well? -- View this message in context: http://karaf.922171.n3.nabble.com/Karaf-SSL-CXF-Client-https-tp4050999p4051025.html Sent from the Karaf - User mailing list archive at Nabble.com.
Re: Karaf SSL CXF Client https
Hi, you can take a look on: http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html Especially, you will find the where you define the SSL configuration for the http-conduit (the client part of CXF). Regards JB On 07/13/2017 11:27 AM, erwan wrote: Hi all, We are facing some issues for configuring SSL for CXF as a HTTPS *client*. Our environment is karaf 4.0.8, cxf 3.1.9. The page https://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport(includingSSLsupport)-ConfiguringSSLSupport (Section "Configuring SSL Support") explains how to do that when using Spring. However we don’t use Spring; just karaf & CXF. So we tried with the "-Djavax.net.ssl.trustStore" and "-Djavax.net.ssl.trustStorePassword" stuff, with no success : Caused by: javax.ws.rs.ProcessingException: javax.net.ssl.SSLHandshakeException: SSLHandshakeException invoking https://[...]: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target [...] at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:1035)[93:org.apache.cxf.cxf-rt-rs-client:3.1.9] at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:892)[93:org.apache.cxf.cxf-rt-rs-client:3.1.9] at org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:863)[93:org.apache.cxf.cxf-rt-rs-client:3.1.9] at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:426)[93:org.apache.cxf.cxf-rt-rs-client:3.1.9] at org.apache.cxf.jaxrs.client.WebClient$SyncInvokerImpl.method(WebClient.java:1562)[93:org.apache.cxf.cxf-rt-rs-client:3.1.9] at org.apache.cxf.jaxrs.client.WebClient$SyncInvokerImpl.method(WebClient.java:1557)[93:org.apache.cxf.cxf-rt-rs-client:3.1.9] at org.apache.cxf.jaxrs.client.spec.InvocationBuilderImpl.method(InvocationBuilderImpl.java:115)[93:org.apache.cxf.cxf-rt-rs-client:3.1.9] at org.apache.cxf.jaxrs.client.spec.InvocationBuilderImpl$InvocationImpl.invoke(InvocationBuilderImpl.java:334)[93:org.apache.cxf.cxf-rt-rs-client:3.1.9] [...] So how do we configure SSL (truststore) for the CXF HTTPS client ? Thanks, -- View this message in context: http://karaf.922171.n3.nabble.com/Karaf-SSL-CXF-Client-https-tp4050999.html Sent from the Karaf - User mailing list archive at Nabble.com. -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com