Hi, Any advice on the httj:engine using SSL problem below? Thank you, Jesse
-----Original Message----- From: Jesse Pangburn [mailto:[email protected]] Sent: Wednesday, July 20, 2011 5:55 PM To: [email protected] Subject: SSL engine starting problem Hi, I'm new to CXF so please forgive these noob questions. I'm running CXF embedded in a Spring app and have a couple problems. The following is the content of my spring config xml: <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:beans="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:soap="http://cxf.apache.org/bindings/soap"; xsi:schemaLocation="http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/bindings/soap http://cxf.apache.org/schemas/configuration/soap.xsd";> <import resource="classpath:META-INF/cxf/cxf.xml" /> <import resource="classpath:META-INF/cxf/cxf-extension-jaxws.xml" /> <jaxws:endpoint id="restfulGreeting" implementor="com.infor.cloverleaf.ib.RestfulGreetingProvider" bindingUri="http://www.w3.org/2004/08/wsdl/http"; address="http://localhost:9001/RestfulGreeting"; /> <httpj:engine-factory bus="cxf" id="engineFactory"> <httpj:engine port="9001" > <httpj:threadingParameters minThreads="6" maxThreads="16" /> </httpj:engine> <httpj:engine port="9002"> <httpj:tlsServerParameters> <sec:keyManagers keyPassword="changeit"> <sec:keyStore type="JKS" password="changeit" file="/home/jpangburn/certs/server-keystore.jks" /> </sec:keyManagers> <sec:trustManagers> <sec:keyStore type="JKS" password="changeit" file="/home/jpangburn/certs/server-truststore.jks" /> </sec:trustManagers> <sec:cipherSuitesFilter> <sec:include>.*_EXPORT_.*</sec:include> <sec:include>.*_EXPORT1024_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:include>.*_WITH_NULL_.*</sec:include> <sec:exclude>.*_DH_anon_.*</sec:exclude> </sec:cipherSuitesFilter> </httpj:tlsServerParameters> <httpj:threadingParameters minThreads="5" maxThreads="15" /> <httpj:connector> <beans:bean class="org.eclipse.jetty.server.ssl.SslSocketConnector"> <beans:property name="port" value="9002" /> </beans:bean> </httpj:connector> <httpj:handlers> <beans:bean class="org.eclipse.jetty.server.handler.DefaultHandler" /> </httpj:handlers> <httpj:sessionSupport>true</httpj:sessionSupport> </httpj:engine> </httpj:engine-factory> </beans> This file is loaded by the following code: ApplicationContext context = new ClassPathXmlApplicationContext(new String[] {"/com/infor/cloverleaf/ib/IBApplicationContext.xml"}); // this line is just for debugging, not needed otherwise Object factory = context.getBean("engineFactory"); With the address in my restful endpoint like this 'address="http://localhost:9001/RestfulGreeting";' I have no problems. I can connect to the service and in the debugger when I look at the factory object's portMap field I find that the 9001 port has maxThreads=16 and minThreads=6, so I know that it's using the httpj:engine settings for that port. Problem #1 is if I change the address to 'address="https://localhost:9002/RestfulGreeting";' to use SSL then I get an error on startup. It says this: WARNING: FAILED org.eclipse.jetty.http.ssl.SslContextFactory@73b879: java.io.FileNotFoundException: /home/jpangburn/.keystore (No such file or directory) So since it's looking for /home/jpangburn/.keystore (the default) instead of /home/jpangburn/certs/server-keystore.jks as I have configured for port 9002, it's clear that it's ignoring my configuration for that port. I know it's reading the configuration for the HTTP port, so why not the HTTPS port? The problem #2 is probably just my own misunderstanding, but I see some examples where the address doesn't have the host:port but can't get it to work. If I set 'address="/RestfulGreeting"' it does not seem to start the jetty engine and netstat shows the port is not listening. I would have thought that it would try to listen on each engine instance (port 9001 and 9002 in my case) when you didn't specify the host port. Instead it says the following but doesn't open any ports: INFO: Setting the server's publish address to be /RestfulGreeting Thanks for your help! Jesse
