Hi Glen, Thanks for your reply. There are two http:engine instances in my config and those two elements are definitely wrapped by the http:engine-factory. Thanks for the link, it agrees with the page on CXF's site http://cxf.apache.org/docs/standalone-http-transport.html which also doesn't show any httpj:Connector element. Guess I just started from a bad example somewhere and assumed it worked. Should have tried those other examples before posting...
Thanks, Jesse -----Original Message----- From: Glen Mazza [mailto:[email protected]] Sent: Wednesday, July 27, 2011 3:57 AM To: [email protected] Subject: Re: SSL engine starting problem Googling on "httpj:tlsServerParameters" brought http://aruld.info/programming-ssl-for-jetty-based-cxf-services/ (although it's 3 years old, it may still be accurate.) That term also brings up other hits. What I can immediately see is that your configuration does not wrap httpj:engine with httpj:engine-factory, although I'm unsure if that's required. Glen On 07/26/2011 06:02 PM, Jesse Pangburn wrote: > Hi, > Any advice on the httj:engine using SSL problem below? > > Thank you, > Jesse > > -----Original Message----- > From: Jesse Pangburn [mailto:[email protected]] > Sent: Wednesday, July 20, 2011 5:55 PM > To: [email protected] > Subject: SSL engine starting problem > > Hi, > I'm new to CXF so please forgive these noob questions. I'm running CXF > embedded in a Spring app and have a couple problems. The following is the > content of my spring config xml: > <beans xmlns="http://www.springframework.org/schema/beans"; > xmlns:beans="http://www.springframework.org/schema/beans"; > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns:sec="http://cxf.apache.org/configuration/security"; > xmlns:http="http://cxf.apache.org/transports/http/configuration"; > xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; > xmlns:jaxws="http://cxf.apache.org/jaxws"; > xmlns:cxf="http://cxf.apache.org/core"; > xmlns:soap="http://cxf.apache.org/bindings/soap"; > xsi:schemaLocation="http://cxf.apache.org/configuration/security > http://cxf.apache.org/schemas/configuration/security.xsd > http://cxf.apache.org/transports/http/configuration > http://cxf.apache.org/schemas/configuration/http-conf.xsd > http://cxf.apache.org/transports/http-jetty/configuration > http://cxf.apache.org/schemas/configuration/http-jetty.xsd > http://www.springframework.org/schema/beans > http://www.springframework.org/schema/beans/spring-beans-3.0.xsd > http://cxf.apache.org/jaxws > http://cxf.apache.org/schemas/jaxws.xsd > http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd > http://cxf.apache.org/bindings/soap > http://cxf.apache.org/schemas/configuration/soap.xsd";> > > <import resource="classpath:META-INF/cxf/cxf.xml" /> > <import resource="classpath:META-INF/cxf/cxf-extension-jaxws.xml" /> > > <jaxws:endpoint id="restfulGreeting" > implementor="com.infor.cloverleaf.ib.RestfulGreetingProvider" > > bindingUri="http://www.w3.org/2004/08/wsdl/http"; > address="http://localhost:9001/RestfulGreeting"; /> > > <httpj:engine-factory bus="cxf" id="engineFactory"> > > <httpj:engine port="9001"> > <httpj:threadingParameters minThreads="6" > maxThreads="16" /> > </httpj:engine> > > <httpj:engine port="9002"> > <httpj:tlsServerParameters> > <sec:keyManagers keyPassword="changeit"> > <sec:keyStore type="JKS" > password="changeit" > > file="/home/jpangburn/certs/server-keystore.jks" /> > </sec:keyManagers> > <sec:trustManagers> > <sec:keyStore type="JKS" > password="changeit" > > file="/home/jpangburn/certs/server-truststore.jks" /> > </sec:trustManagers> > <sec:cipherSuitesFilter> > <sec:include>.*_EXPORT_.*</sec:include> > > <sec:include>.*_EXPORT1024_.*</sec:include> > > <sec:include>.*_WITH_DES_.*</sec:include> > > <sec:include>.*_WITH_NULL_.*</sec:include> > <sec:exclude>.*_DH_anon_.*</sec:exclude> > </sec:cipherSuitesFilter> > </httpj:tlsServerParameters> > <httpj:threadingParameters minThreads="5" > maxThreads="15" /> > <httpj:connector> > <beans:bean > class="org.eclipse.jetty.server.ssl.SslSocketConnector"> > <beans:property name="port" > value="9002" /> > </beans:bean> > </httpj:connector> > <httpj:handlers> > <beans:bean > class="org.eclipse.jetty.server.handler.DefaultHandler" /> > </httpj:handlers> > <httpj:sessionSupport>true</httpj:sessionSupport> > </httpj:engine> > </httpj:engine-factory> > </beans> > > This file is loaded by the following code: > ApplicationContext context = new ClassPathXmlApplicationContext(new String[] > {"/com/infor/cloverleaf/ib/IBApplicationContext.xml"}); > // this line is just for debugging, not needed otherwise > Object factory = context.getBean("engineFactory"); > > With the address in my restful endpoint like this > 'address="http://localhost:9001/RestfulGreeting";' I have no problems. I can > connect to the service and in the debugger when I look at the factory > object's portMap field I find that the 9001 port has maxThreads=16 and > minThreads=6, so I know that it's using the httpj:engine settings for that > port. > > Problem #1 is if I change the address to > 'address="https://localhost:9002/RestfulGreeting";' to use SSL then I get an > error on startup. It says this: > WARNING: FAILED org.eclipse.jetty.http.ssl.SslContextFactory@73b879: > java.io.FileNotFoundException: /home/jpangburn/.keystore (No such file or > directory) > > So since it's looking for /home/jpangburn/.keystore (the default) instead of > /home/jpangburn/certs/server-keystore.jks as I have configured for port 9002, > it's clear that it's ignoring my configuration for that port. I know it's > reading the configuration for the HTTP port, so why not the HTTPS port? > > The problem #2 is probably just my own misunderstanding, but I see some > examples where the address doesn't have the host:port but can't get it to > work. If I set 'address="/RestfulGreeting"' it does not seem to start the > jetty engine and netstat shows the port is not listening. I would have > thought that it would try to listen on each engine instance (port 9001 and > 9002 in my case) when you didn't specify the host port. Instead it says the > following but doesn't open any ports: > INFO: Setting the server's publish address to be /RestfulGreeting > > Thanks for your help! > Jesse > > > -- Glen Mazza Application Integration Division Talend (http://www.talend.com/ai) blog: http://www.jroller.com/gmazza
