Re: CXF ssl sample using CXF APIs

[Arul Dhesiaseelan]

Glen,

Thanks for all your help. I appreciate your inputs.
I did a quick test using the spring-configs and embedded Jetty server 
(JaxWsServerFactoryBean). It worked like a charm. CXF uses Jetty SSL 
connector to support SSL (CXFJettySslSocketConnector).

My only gut feeling says if embedded Jetty supports SSL using 
spring-config, it should support Java APIs as well.

-Arul

Glen Mazza wrote:
Actually, we may not be able to support SSL with embedded Jetty anyway--look
at this thread, as well as a J2SE 6.0 based alternative solution:

http://www.nabble.com/Help-needed-for-SSL-and-Basic-authentication-tt17761832.html

HTH,
Glen


Glen Mazza wrote:
  
While I hope others can help you with your problem, if you want to use
SSL, I suspect you'd be better off with a standalone container[1]
anyway--WAR file, web.xml, all that good stuff--this way at least you know
what you're coding on top of.  I just haven't researched SSL over embedded
Jetty containers.

Glen

[1] http://www.jroller.com/gmazza/entry/setting_up_ssl_and_basic


Arul Dhesiaseelan wrote:
    
Can someone look into this pls?

I am close to making this work. But, figuring out what could be wrong is 
still a puzzle to me.

Thank you,
Arul

Arul Dhesiaseelan wrote:
      
Hello,

I did some debugging using CXF 2.1.1 sources. I see the problem in 
line 201 in JettyHTTPServerEngineFactory.createJettyHTTPServerEngine() 
where it makes a call to ref.finalizeConfig().

In JettyHTTPServerEngine.finalizeConfig(), it calls method 
retrieveListenerFactory(). In this method the "tlsServerParameters" is 
null so the protocol is defaulted to "http" and finally throws the 
exception.

This tells me that I am not correctly setting the TLSServerParameters 
to the JettyHTTPServerEngine in my code in the correct order. Or, I am 
not creating the JettyHTTPServerEngine instance properly.

Does some one help me if I am missing something here?

Appreciate your help.

-Arul

Arul Dhesiaseelan wrote:
        
Hello,

I was trying to use CXF APIs to configure SSL on the service. But, I 
am getting an illegal state exception: Port 9001 is configured with 
wrong protocol "http" for "https://localhost:9001/hello";

   JaxWsServerFactoryBean sf = new JaxWsServerFactoryBean();
   sf.setServiceClass(HelloWorld.class);      
sf.getServiceFactory().setWrapped(true);

   QName name = new QName("http://test.com";, "ws", "");
   sf.setServiceName(name);
   sf.setAddress("https://localhost:9001/hello";);

   HelloWorld helloService = new HelloWorldImpl();

   sf.getServiceFactory().setInvoker(new BeanInvoker(helloService));
   //org.apache.cxf.endpoint.Server server = sf.create();

   JettyHTTPServerEngineFactory factory = 
sf.getBus().getExtension(JettyHTTPServerEngineFactory.class);

   TLSServerParameters tlsParams = new TLSServerParameters();
   JettyHTTPServerEngine engine = null;
   try {
     engine = factory.createJettyHTTPServerEngine(9001, "https");
     KeyStore keyStore = KeyStore.getInstance("JKS");
     String trustpass = "password";
     File truststore = new 
File("C:\\apache-cxf-2.1.1\\samples\\wsdl_first_https\\certs\\cherry.jks"); 

     keyStore.load(new FileInputStream(truststore), 
trustpass.toCharArray());
     KeyManagerFactory keyFactory = 
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
     keyFactory.init(keyStore, trustpass.toCharArray());
     KeyManager[] km = keyFactory.getKeyManagers();
     tlsParams.setKeyManagers(km);

     truststore = new 
File("C:\\apache-cxf-2.1.1\\samples\\wsdl_first_https\\certs\\truststore.jks"); 

     keyStore.load(new FileInputStream(truststore), 
trustpass.toCharArray());
     TrustManagerFactory trustFactory = 
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 

     trustFactory.init(keyStore);
     TrustManager[] tm = trustFactory.getTrustManagers();
     tlsParams.setTrustManagers(tm);
     FiltersType filter = new FiltersType();
     filter.getInclude().add(".*_EXPORT_.*");
     filter.getInclude().add(".*_EXPORT1024_.*");
     filter.getInclude().add(".*_WITH_DES_.*");
     filter.getInclude().add(".*_WITH_NULL_.*");
     filter.getExclude().add(".*_DH_anon_.*");
     tlsParams.setCipherSuitesFilter(filter);
     ClientAuthentication ca = new ClientAuthentication();
     ca.setRequired(true);
     ca.setWant(true);
     tlsParams.setClientAuthentication(ca);
     tlsParams.setSecureSocketProtocol("SSL");
     if (engine != null) {
       engine.setTlsServerParameters(tlsParams);
     }
   } catch (KeyStoreException kse) {
   } catch (NoSuchAlgorithmException nsa) {
   } catch (FileNotFoundException fnfe) {
   } catch (UnrecoverableKeyException uke) {
   } catch (CertificateException ce) {
   } catch (GeneralSecurityException gse) {
   } catch (IOException ioe) {
   }

   List<JettyHTTPServerEngine> engines = new 
ArrayList<JettyHTTPServerEngine>();
   if (engine != null)
     engines.add(engine);
   factory.setEnginesList(engines);
   org.apache.cxf.endpoint.Server server = sf.create();
   ((JettyHTTPServerEngine) ((JettyHTTPDestination) 
server.getDestination()).getEngine()).setJettyHTTPServerEngineFactory(factory); 


   String endpoint = 
server.getEndpoint().getEndpointInfo().getAddress();
   System.out.println("Server started at " + endpoint);


But when I start the service, I get the below error:

Jul 21, 2008 9:15:10 AM 
org.apache.cxf.service.factory.ReflectionServiceFactoryBean 
buildServiceFromClass
INFO: Creating Service {http://test.com}ws from class 
com.test.cxf.HelloWorld
Exception in thread "main" java.lang.IllegalStateException: Port 9001 
is configured with wrong protocol "http" for 
"https://localhost:9001/hello";
   at 
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.retrieveEngine(JettyHTTPDestination.java:115) 

   at 
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.finalizeConfig(JettyHTTPDestination.java:134) 

   at 
org.apache.cxf.transport.http_jetty.JettyHTTPTransportFactory.createDestination(JettyHTTPTransportFactory.java:123) 

   at 
org.apache.cxf.transport.http_jetty.JettyHTTPTransportFactory.getDestination(JettyHTTPTransportFactory.java:103) 

   at 
org.apache.cxf.endpoint.ServerImpl.initDestination(ServerImpl.java:90)
   at org.apache.cxf.endpoint.ServerImpl.<init>(ServerImpl.java:69)
   at 
org.apache.cxf.frontend.ServerFactoryBean.create(ServerFactoryBean.java:115) 

   at 
org.apache.cxf.jaxws.JaxWsServerFactoryBean.create(JaxWsServerFactoryBean.java:164) 

   at com.test.cxf.Server.main(Server.java:104)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 

   at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) 

   at java.lang.reflect.Method.invoke(Method.java:585)
   at 
com.intellij.rt.execution.application.AppMain.main(AppMain.java:90)


Any thoughts on this issue?

Thank you,
-Arul


______________________________