Hi, I think the configuration for jetty should look something like this using the engine-factory as Glen has suggested.
<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd "> <import resource="META-INF/cxf/cxf.xml"/> <engine-factory bus="cxf" xmlns="http://cxf.apache.org/transports/http-jetty/configuration";> <engine port="9090"> <threadingParameters minThreads="10" maxThreads="10" /> <sessionSupport>true</sessionSupport> </engine> <engine port="9191"> <tlsServerParameters> <keyManagers xmlns="http://cxf.apache.org/configuration/security"; keyPassword="password"> <keyStore type="JKS" password="password" resource="certs/cherry.jks"/> </keyManagers> </tlsServerParameters> <threadingParameters minThreads="10" maxThreads="10" /> <sessionSupport>true</sessionSupport> </engine> </engine-factory> <!-- additional configuration here... --> </beans> On Wed, Jul 27, 2011 at 6:57 AM, Glen Mazza <[email protected]> wrote: > Googling on "httpj:tlsServerParameters" brought > http://aruld.info/programming-**ssl-for-jetty-based-cxf-**services/<http://aruld.info/programming-ssl-for-jetty-based-cxf-services/>(although > it's 3 years old, it may still be accurate.) That term also > brings up other hits. What I can immediately see is that your configuration > does not wrap httpj:engine with httpj:engine-factory, although I'm unsure if > that's required. > > Glen > > > On 07/26/2011 06:02 PM, Jesse Pangburn wrote: > >> Hi, >> Any advice on the httj:engine using SSL problem below? >> >> Thank you, >> Jesse >> >> -----Original Message----- >> From: Jesse Pangburn >> [mailto:Jesse.Pangburn@us.**lawson.com<[email protected]> >> ] >> Sent: Wednesday, July 20, 2011 5:55 PM >> To: [email protected] >> Subject: SSL engine starting problem >> >> Hi, >> I'm new to CXF so please forgive these noob questions. I'm running CXF >> embedded in a Spring app and have a couple problems. The following is the >> content of my spring config xml: >> <beans >> xmlns="http://www.**springframework.org/schema/**beans<http://www.springframework.org/schema/beans> >> " >> >> xmlns:beans="http://www.**springframework.org/schema/**beans<http://www.springframework.org/schema/beans>" >> xmlns:xsi="http://www.w3.org/**2001/XMLSchema-instance<http://www.w3.org/2001/XMLSchema-instance> >> " >> >> xmlns:sec="http://cxf.apache.**org/configuration/security<http://cxf.apache.org/configuration/security>" >> xmlns:http="http://cxf.apache.**org/transports/http/**configuration<http://cxf.apache.org/transports/http/configuration> >> " >> xmlns:httpj="http://cxf.**apache.org/transports/http-** >> jetty/configuration<http://cxf.apache.org/transports/http-jetty/configuration> >> " >> >> xmlns:jaxws="http://cxf.**apache.org/jaxws<http://cxf.apache.org/jaxws>" >> xmlns:cxf="http://cxf.apache.**org/core <http://cxf.apache.org/core>" >> >> xmlns:soap="http://cxf.apache.**org/bindings/soap<http://cxf.apache.org/bindings/soap> >> " >> xsi:schemaLocation="http://**cxf.apache.org/configuration/** >> security <http://cxf.apache.org/configuration/security> >> http://cxf.apache.org/schemas/**configuration/security.xsd<http://cxf.apache.org/schemas/configuration/security.xsd> >> >> http://cxf.apache.org/**transports/http/configuration<http://cxf.apache.org/transports/http/configuration> >> http://cxf.apache.org/schemas/**configuration/http-conf.xsd<http://cxf.apache.org/schemas/configuration/http-conf.xsd> >> >> http://cxf.apache.org/**transports/http-jetty/**configuration<http://cxf.apache.org/transports/http-jetty/configuration> >> http://cxf.apache.org/schemas/**configuration/http-jetty.xsd<http://cxf.apache.org/schemas/configuration/http-jetty.xsd> >> >> http://www.springframework.**org/schema/beans<http://www.springframework.org/schema/beans> >> http://www.springframework.**org/schema/beans/spring-beans-**3.0.xsd<http://www.springframework.org/schema/beans/spring-beans-3.0.xsd> >> http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/** >> jaxws.xsd <http://cxf.apache.org/schemas/jaxws.xsd> >> http://cxf.apache.org/core http://cxf.apache.org/schemas/** >> core.xsd <http://cxf.apache.org/schemas/core.xsd> >> >> http://cxf.apache.org/**bindings/soap<http://cxf.apache.org/bindings/soap> >> http://cxf.apache.org/schemas/**configuration/soap.xsd<http://cxf.apache.org/schemas/configuration/soap.xsd> >> "> >> >> <import resource="classpath:META-INF/**cxf/cxf.xml" /> >> <import resource="classpath:META-INF/**cxf/cxf-extension-jaxws.xml" >> /> >> >> <jaxws:endpoint id="restfulGreeting" >> >> implementor="com.infor.**cloverleaf.ib.**RestfulGreetingProvider" >> >> >> bindingUri="http://www.w3.org/**2004/08/wsdl/http<http://www.w3.org/2004/08/wsdl/http> >> " >> >> address="http://localhost:**9001/RestfulGreeting<http://localhost:9001/RestfulGreeting>" >> /> >> >> <httpj:engine-factory bus="cxf" id="engineFactory"> >> >> <httpj:engine port="9001"> >> <httpj:threadingParameters minThreads="6" >> maxThreads="16" /> >> </httpj:engine> >> >> <httpj:engine port="9002"> >> <httpj:tlsServerParameters> >> <sec:keyManagers keyPassword="changeit"> >> <sec:keyStore type="JKS" >> password="changeit" >> >> file="/home/jpangburn/certs/**server-keystore.jks" /> >> </sec:keyManagers> >> <sec:trustManagers> >> <sec:keyStore type="JKS" >> password="changeit" >> >> file="/home/jpangburn/certs/**server-truststore.jks" /> >> </sec:trustManagers> >> <sec:cipherSuitesFilter> >> <sec:include>.*_EXPORT_.*</** >> sec:include> >> <sec:include>.*_EXPORT1024_.*<** >> /sec:include> >> <sec:include>.*_WITH_DES_.*</** >> sec:include> >> <sec:include>.*_WITH_NULL_.*</** >> sec:include> >> <sec:exclude>.*_DH_anon_.*</** >> sec:exclude> >> </sec:cipherSuitesFilter> >> </httpj:tlsServerParameters> >> <httpj:threadingParameters minThreads="5" >> maxThreads="15" /> >> <httpj:connector> >> <beans:bean class="org.eclipse.jetty.** >> server.ssl.SslSocketConnector"**> >> <beans:property name="port" >> value="9002" /> >> </beans:bean> >> </httpj:connector> >> <httpj:handlers> >> <beans:bean >> class="org.eclipse.jetty.**server.handler.DefaultHandler" >> /> >> </httpj:handlers> >> <httpj:sessionSupport>true</** >> httpj:sessionSupport> >> </httpj:engine> >> </httpj:engine-factory> >> </beans> >> >> This file is loaded by the following code: >> ApplicationContext context = new ClassPathXmlApplicationContext**(new >> String[] {"/com/infor/cloverleaf/ib/**IBApplicationContext.xml"}); >> // this line is just for debugging, not needed otherwise >> Object factory = context.getBean("**engineFactory"); >> >> With the address in my restful endpoint like this 'address=" >> http://localhost:**9001/RestfulGreeting<http://localhost:9001/RestfulGreeting>"' >> I have no problems. I can connect to the service and in the debugger when I >> look at the factory object's portMap field I find that the 9001 port has >> maxThreads=16 and minThreads=6, so I know that it's using the httpj:engine >> settings for that port. >> >> Problem #1 is if I change the address to 'address="https://localhost:** >> 9002/RestfulGreeting <https://localhost:9002/RestfulGreeting>"' to use >> SSL then I get an error on startup. It says this: >> WARNING: FAILED org.eclipse.jetty.http.ssl.**SslContextFactory@73b879: >> java.io.FileNotFoundException: /home/jpangburn/.keystore (No such file or >> directory) >> >> So since it's looking for /home/jpangburn/.keystore (the default) instead >> of /home/jpangburn/certs/server-**keystore.jks as I have configured for >> port 9002, it's clear that it's ignoring my configuration for that port. I >> know it's reading the configuration for the HTTP port, so why not the HTTPS >> port? >> >> The problem #2 is probably just my own misunderstanding, but I see some >> examples where the address doesn't have the host:port but can't get it to >> work. If I set 'address="/RestfulGreeting"' it does not seem to start the >> jetty engine and netstat shows the port is not listening. I would have >> thought that it would try to listen on each engine instance (port 9001 and >> 9002 in my case) when you didn't specify the host port. Instead it says the >> following but doesn't open any ports: >> INFO: Setting the server's publish address to be /RestfulGreeting >> >> Thanks for your help! >> Jesse >> >> >> >> > > -- > Glen Mazza > Application Integration Division > Talend (http://www.talend.com/ai) > blog: http://www.jroller.com/gmazza > > >
