I blogged recently about configuring SSL for Jetty based CXF services using Java APIs here. http://aruld.info/programming-ssl-for-jetty-based-cxf-services/
The sample is all Apache licensed. So, feel free to use. -Arul _____ From: Arul Dhesiaseelan [mailto:[EMAIL PROTECTED] To: [email protected] Sent: Wed, 23 Jul 2008 13:40:25 -0600 Subject: Re: CXF ssl sample using CXF APIs Glen, Created a JIRA report for this issue (https://issues.apache.org/jira/browse/CXF-1718). Thanks! Arul Glen Mazza wrote: > Good to hear. About the Java API issue, feel free to type up a JIRA report > on it. Attach this thread to it: > http://www.nabble.com/CXF-ssl-sample-using-CXF-APIs-tt18570914.html > > Glen > > > Arul Dhesiaseelan wrote: > >> Glen, >> >> Thanks for all your help. I appreciate your inputs. >> >> I did a quick test using the spring-configs and embedded Jetty server >> (JaxWsServerFactoryBean). It worked like a charm. CXF uses Jetty SSL >> connector to support SSL (CXFJettySslSocketConnector). >> >> My only gut feeling says if embedded Jetty supports SSL using >> spring-config, it should support Java APIs as well. >> >> -Arul >> >> Glen Mazza wrote: >> >>> Actually, we may not be able to support SSL with embedded Jetty >>> anyway--look >>> at this thread, as well as a J2SE 6.0 based alternative solution: >>> >>> http://www.nabble.com/Help-needed-for-SSL-and-Basic-authentication-tt17761832.html >>> >>> HTH, >>> Glen >>> >>> >>> Glen Mazza wrote: >>> >>> >>>> While I hope others can help you with your problem, if you want to use >>>> SSL, I suspect you'd be better off with a standalone container[1] >>>> anyway--WAR file, web.xml, all that good stuff--this way at least you >>>> know >>>> what you're coding on top of. I just haven't researched SSL over >>>> embedded >>>> Jetty containers. >>>> >>>> Glen >>>> >>>> [1] http://www.jroller.com/gmazza/entry/setting_up_ssl_and_basic >>>> >>>> >>>> Arul Dhesiaseelan wrote: >>>> >>>> >>>>> Can someone look into this pls? >>>>> >>>>> I am close to making this work. But, figuring out what could be wrong >>>>> is >>>>> still a puzzle to me. >>>>> >>>>> Thank you, >>>>> Arul >>>>> >>>>> Arul Dhesiaseelan wrote: >>>>> >>>>> >>>>>> Hello, >>>>>> >>>>>> I did some debugging using CXF 2.1.1 sources. I see the problem in >>>>>> line 201 in JettyHTTPServerEngineFactory.createJettyHTTPServerEngine() >>>>>> where it makes a call to ref.finalizeConfig(). >>>>>> >>>>>> In JettyHTTPServerEngine.finalizeConfig(), it calls method >>>>>> retrieveListenerFactory(). In this method the "tlsServerParameters" is >>>>>> null so the protocol is defaulted to "http" and finally throws the >>>>>> exception. >>>>>> >>>>>> This tells me that I am not correctly setting the TLSServerParameters >>>>>> to the JettyHTTPServerEngine in my code in the correct order. Or, I am >>>>>> not creating the JettyHTTPServerEngine instance properly. >>>>>> >>>>>> Does some one help me if I am missing something here? >>>>>> >>>>>> Appreciate your help. >>>>>> >>>>>> -Arul >>>>>> >>>>>> Arul Dhesiaseelan wrote: >>>>>> >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> I was trying to use CXF APIs to configure SSL on the service. But, I >>>>>>> am getting an illegal state exception: Port 9001 is configured with >>>>>>> wrong protocol "http" for "https://localhost:9001/hello"; >>>>>>> >>>>>>> JaxWsServerFactoryBean sf = new JaxWsServerFactoryBean(); >>>>>>> sf.setServiceClass(HelloWorld.class); >>>>>>> sf.getServiceFactory().setWrapped(true); >>>>>>> >>>>>>> QName name = new QName("http://test.com";, "ws", ""); >>>>>>> sf.setServiceName(name); >>>>>>> sf.setAddress("https://localhost:9001/hello";); >>>>>>> >>>>>>> HelloWorld helloService = new HelloWorldImpl(); >>>>>>> >>>>>>> sf.getServiceFactory().setInvoker(new BeanInvoker(helloService)); >>>>>>> //org.apache.cxf.endpoint.Server server = sf.create(); >>>>>>> >>>>>>> JettyHTTPServerEngineFactory factory = >>>>>>> sf.getBus().getExtension(JettyHTTPServerEngineFactory.class); >>>>>>> >>>>>>> TLSServerParameters tlsParams = new TLSServerParameters(); >>>>>>> JettyHTTPServerEngine engine = null; >>>>>>> try { >>>>>>> engine = factory.createJettyHTTPServerEngine(9001, "https"); >>>>>>> KeyStore keyStore = KeyStore.getInstance("JKS"); >>>>>>> String trustpass = "password"; >>>>>>> File truststore = new >>>>>>> File("C:\\apache-cxf-2.1.1\\samples\\wsdl_first_https\\certs\\cherry.jks"); >>>>>>> >>>>>>> keyStore.load(new FileInputStream(truststore), >>>>>>> trustpass.toCharArray()); >>>>>>> KeyManagerFactory keyFactory = >>>>>>> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); >>>>>>> keyFactory.init(keyStore, trustpass.toCharArray()); >>>>>>> KeyManager[] km = keyFactory.getKeyManagers(); >>>>>>> tlsParams.setKeyManagers(km); >>>>>>> >>>>>>> truststore = new >>>>>>> File("C:\\apache-cxf-2.1.1\\samples\\wsdl_first_https\\certs\\truststore.jks"); >>>>>>> >>>>>>> keyStore.load(new FileInputStream(truststore), >>>>>>> trustpass.toCharArray()); >>>>>>> TrustManagerFactory trustFactory = >>>>>>> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); >>>>>>> >>>>>>> trustFactory.init(keyStore); >>>>>>> TrustManager[] tm = trustFactory.getTrustManagers(); >>>>>>> tlsParams.setTrustManagers(tm); >>>>>>> FiltersType filter = new FiltersType(); >>>>>>> filter.getInclude().add(".*_EXPORT_.*"); >>>>>>> filter.getInclude().add(".*_EXPORT1024_.*"); >>>>>>> filter.getInclude().add(".*_WITH_DES_.*"); >>>>>>> filter.getInclude().add(".*_WITH_NULL_.*"); >>>>>>> filter.getExclude().add(".*_DH_anon_.*"); >>>>>>> tlsParams.setCipherSuitesFilter(filter); >>>>>>> ClientAuthentication ca = new ClientAuthentication(); >>>>>>> ca.setRequired(true); >>>>>>> ca.setWant(true); >>>>>>> tlsParams.setClientAuthentication(ca); >>>>>>> tlsParams.setSecureSocketProtocol("SSL"); >>>>>>> if (engine != null) { >>>>>>> engine.setTlsServerParameters(tlsParams); >>>>>>> } >>>>>>> } catch (KeyStoreException kse) { >>>>>>> } catch (NoSuchAlgorithmException nsa) { >>>>>>> } catch (FileNotFoundException fnfe) { >>>>>>> } catch (UnrecoverableKeyException uke) { >>>>>>> } catch (CertificateException ce) { >>>>>>> } catch (GeneralSecurityException gse) { >>>>>>> } catch (IOException ioe) { >>>>>>> } >>>>>>> >>>>>>> List<JettyHTTPServerEngine> engines = new >>>>>>> ArrayList<JettyHTTPServerEngine>(); >>>>>>> if (engine != null) >>>>>>> engines.add(engine); >>>>>>> factory.setEnginesList(engines); >>>>>>> org.apache.cxf.endpoint.Server server = sf.create(); >>>>>>> ((JettyHTTPServerEngine) ((JettyHTTPDestination) >>>>>>> server.getDestination()).getEngine()).setJettyHTTPServerEngineFactory(factory); >>>>>>> >>>>>>> >>>>>>> String endpoint = >>>>>>> server.getEndpoint().getEndpointInfo().getAddress(); >>>>>>> System.out.println("Server started at " + endpoint); >>>>>>> >>>>>>> >>>>>>> But when I start the service, I get the below error: >>>>>>> >>>>>>> Jul 21, 2008 9:15:10 AM >>>>>>> org.apache.cxf.service.factory.ReflectionServiceFactoryBean >>>>>>> buildServiceFromClass >>>>>>> INFO: Creating Service {http://test.com}ws from class >>>>>>> com.test.cxf.HelloWorld >>>>>>> Exception in thread "main" java.lang.IllegalStateException: Port 9001 >>>>>>> is configured with wrong protocol "http" for >>>>>>> "https://localhost:9001/hello"; >>>>>>> at >>>>>>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.retrieveEngine(JettyHTTPDestination.java:115) >>>>>>> >>>>>>> at >>>>>>> org.apache.cxf.transport.http_jetty.JettyHTTPDestination.finalizeConfig(JettyHTTPDestination.java:134) >>>>>>> >>>>>>> at >>>>>>> org.apache.cxf.transport.http_jetty.JettyHTTPTransportFactory.createDestination(JettyHTTPTransportFactory.java:123) >>>>>>> >>>>>>> at >>>>>>> org.apache.cxf.transport.http_jetty.JettyHTTPTransportFactory.getDestination(JettyHTTPTransportFactory.java:103) >>>>>>> >>>>>>> at >>>>>>> org.apache.cxf.endpoint.ServerImpl.initDestination(ServerImpl.java:90) >>>>>>> at org.apache.cxf.endpoint.ServerImpl.<init>(ServerImpl.java:69) >>>>>>> at >>>>>>> org.apache.cxf.frontend.ServerFactoryBean.create(ServerFactoryBean.java:115) >>>>>>> >>>>>>> at >>>>>>> org.apache.cxf.jaxws.JaxWsServerFactoryBean.create(JaxWsServerFactoryBean.java:164) >>>>>>> >>>>>>> at com.test.cxf.Server.main(Server.java:104) >>>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>>>> at >>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) >>>>>>> >>>>>>> at >>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) >>>>>>> >>>>>>> at java.lang.reflect.Method.invoke(Method.java:585) >>>>>>> at >>>>>>> com.intellij.rt.execution.application.AppMain.main(AppMain.java:90) >>>>>>> >>>>>>> >>>>>>> Any thoughts on this issue? >>>>>>> >>>>>>> Thank you, >>>>>>> -Arul >>>>>>> >>>>>>> >>>>>>> ______________________________ >>>>>>> >>>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > > ________________________________ Scanned by MessageLabs for Flux ________________________________
