Googling on "httpj:tlsServerParameters" brought
http://aruld.info/programming-ssl-for-jetty-based-cxf-services/
(although it's 3 years old, it may still be accurate.) That term also
brings up other hits. What I can immediately see is that your
configuration does not wrap httpj:engine with httpj:engine-factory,
although I'm unsure if that's required.
Glen
On 07/26/2011 06:02 PM, Jesse Pangburn wrote:
Hi,
Any advice on the httj:engine using SSL problem below?
Thank you,
Jesse
-----Original Message-----
From: Jesse Pangburn [mailto:[email protected]]
Sent: Wednesday, July 20, 2011 5:55 PM
To: [email protected]
Subject: SSL engine starting problem
Hi,
I'm new to CXF so please forgive these noob questions. I'm running CXF
embedded in a Spring app and have a couple problems. The following is the
content of my spring config xml:
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:beans="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:sec="http://cxf.apache.org/configuration/security";
xmlns:http="http://cxf.apache.org/transports/http/configuration";
xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration";
xmlns:jaxws="http://cxf.apache.org/jaxws";
xmlns:cxf="http://cxf.apache.org/core";
xmlns:soap="http://cxf.apache.org/bindings/soap";
xsi:schemaLocation="http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://cxf.apache.org/bindings/soap
http://cxf.apache.org/schemas/configuration/soap.xsd";>
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-jaxws.xml" />
<jaxws:endpoint id="restfulGreeting"
implementor="com.infor.cloverleaf.ib.RestfulGreetingProvider"
bindingUri="http://www.w3.org/2004/08/wsdl/http";
address="http://localhost:9001/RestfulGreeting"; />
<httpj:engine-factory bus="cxf" id="engineFactory">
<httpj:engine port="9001">
<httpj:threadingParameters minThreads="6"
maxThreads="16" />
</httpj:engine>
<httpj:engine port="9002">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="changeit">
<sec:keyStore type="JKS"
password="changeit"
file="/home/jpangburn/certs/server-keystore.jks" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS"
password="changeit"
file="/home/jpangburn/certs/server-truststore.jks" />
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
<httpj:threadingParameters minThreads="5"
maxThreads="15" />
<httpj:connector>
<beans:bean
class="org.eclipse.jetty.server.ssl.SslSocketConnector">
<beans:property name="port" value="9002"
/>
</beans:bean>
</httpj:connector>
<httpj:handlers>
<beans:bean
class="org.eclipse.jetty.server.handler.DefaultHandler" />
</httpj:handlers>
<httpj:sessionSupport>true</httpj:sessionSupport>
</httpj:engine>
</httpj:engine-factory>
</beans>
This file is loaded by the following code:
ApplicationContext context = new ClassPathXmlApplicationContext(new String[]
{"/com/infor/cloverleaf/ib/IBApplicationContext.xml"});
// this line is just for debugging, not needed otherwise
Object factory = context.getBean("engineFactory");
With the address in my restful endpoint like this
'address="http://localhost:9001/RestfulGreeting";' I have no problems. I can
connect to the service and in the debugger when I look at the factory object's portMap
field I find that the 9001 port has maxThreads=16 and minThreads=6, so I know that it's
using the httpj:engine settings for that port.
Problem #1 is if I change the address to
'address="https://localhost:9002/RestfulGreeting";' to use SSL then I get an
error on startup. It says this:
WARNING: FAILED org.eclipse.jetty.http.ssl.SslContextFactory@73b879:
java.io.FileNotFoundException: /home/jpangburn/.keystore (No such file or
directory)
So since it's looking for /home/jpangburn/.keystore (the default) instead of
/home/jpangburn/certs/server-keystore.jks as I have configured for port 9002,
it's clear that it's ignoring my configuration for that port. I know it's
reading the configuration for the HTTP port, so why not the HTTPS port?
The problem #2 is probably just my own misunderstanding, but I see some examples where
the address doesn't have the host:port but can't get it to work. If I set
'address="/RestfulGreeting"' it does not seem to start the jetty engine and
netstat shows the port is not listening. I would have thought that it would try to
listen on each engine instance (port 9001 and 9002 in my case) when you didn't specify
the host port. Instead it says the following but doesn't open any ports:
INFO: Setting the server's publish address to be /RestfulGreeting
Thanks for your help!
Jesse
--
Glen Mazza
Application Integration Division
Talend (http://www.talend.com/ai)
blog: http://www.jroller.com/gmazza
