I don't know of a non-Spring solution, at least not service-side, but
the code is very easy & clean if you're willing to incorporate Spring:
http://svn.apache.org/viewvc/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/src/main/java/demo/hw_https/server/Server.java?revision=1368316&view=markup
The wsdl_first_https sample above, does however offer a non-Spring
solution client-side, look in the hw_https/client folder for that.
(Note I'm showing the unreleased version presently in trunk,
considerably simplified from the current release versions.)
Glen
On 08/13/2012 08:33 PM, Christopher Richmond wrote:
I had implemented 2 way SSL web services with CXF 2.3.0 and referencing
Jetty 7.2.2 libraries.
This was a purely embedded service/server in my application and used no
external spring configuration, very similar to this popular blog post on
the subject:
http://aruld.info/programming-ssl-for-jetty-based-cxf-services/
public class Server {
protected Server() throws Exception {
System.out.println("Starting Server");
String address = "https://localhost:9001/SoapContext/SoapPort";;
JaxWsServerFactoryBean sf = new JaxWsServerFactoryBean();
sf.setServiceClass(Greeter.class);
sf.setAddress(address);
Greeter implementor = new GreeterImpl();
sf.getServiceFactory().setInvoker(new BeanInvoker(implementor));
sf = configureSSLOnTheServer(sf, 9001);
org.apache.cxf.endpoint.Server server = sf.create();
String endpoint =
server.getEndpoint().getEndpointInfo().getAddress();
System.out.println("Server started at " + endpoint);
}
private JaxWsServerFactoryBean
configureSSLOnTheServer(JaxWsServerFactoryBean sf, int port) {
try {
TLSServerParameters tlsParams = new TLSServerParameters();
KeyStore keyStore = KeyStore.getInstance("JKS");
String password = "password";
File truststore = new File("certs\\cherry.jks");
keyStore.load(new FileInputStream(truststore),
password.toCharArray());
KeyManagerFactory keyFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, password.toCharArray());
KeyManager[] km = keyFactory.getKeyManagers();
tlsParams.setKeyManagers(km);
truststore = new File("certs\\truststore.jks");
keyStore.load(new FileInputStream(truststore),
password.toCharArray());
TrustManagerFactory trustFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(keyStore);
TrustManager[] tm = trustFactory.getTrustManagers();
tlsParams.setTrustManagers(tm);
FiltersType filter = new FiltersType();
filter.getInclude().add(".*_EXPORT_.*");
filter.getInclude().add(".*_EXPORT1024_.*");
filter.getInclude().add(".*_WITH_DES_.*");
filter.getInclude().add(".*_WITH_NULL_.*");
filter.getExclude().add(".*_DH_anon_.*");
tlsParams.setCipherSuitesFilter(filter);
ClientAuthentication ca = new ClientAuthentication();
ca.setRequired(true);
ca.setWant(true);
tlsParams.setClientAuthentication(ca);
JettyHTTPServerEngineFactory factory = new
JettyHTTPServerEngineFactory();
factory.setTLSServerParametersForPort(port, tlsParams);
} catch (KeyStoreException kse) {
System.out.println("Security configuration failed with the
following: " + kse.getCause());
} catch (NoSuchAlgorithmException nsa) {
System.out.println("Security configuration failed with the
following: " + nsa.getCause());
} catch (FileNotFoundException fnfe) {
System.out.println("Security configuration failed with the
following: " + fnfe.getCause());
} catch (UnrecoverableKeyException uke) {
System.out.println("Security configuration failed with the
following: " + uke.getCause());
} catch (CertificateException ce) {
System.out.println("Security configuration failed with the
following: " + ce.getCause());
} catch (GeneralSecurityException gse) {
System.out.println("Security configuration failed with the
following: " + gse.getCause());
} catch (IOException ioe) {
System.out.println("Security configuration failed with the
following: " + ioe.getCause());
}
return sf;
}
public static void main(String args[]) throws Exception {
System.out.println("The server's security configuration will be
done programatically.");
System.out.println();
new Server();
System.out.println("Server ready...");
Thread.sleep(5 * 60 * 1000);
System.out.println("Server exiting");
System.exit(0);
}
}
This all worked fine, but at some point our Jetty .jars were upgraded to
Jetty 7.5.4 and now I get things like this:
FAILED org.eclipse.jetty.http.ssl.SslContextFactory@4711581a#FAILED:
java.io.FileNotFoundException: C:\Users\<user>\.keystore (The system cannot
find the file specified)
java.io.FileNotFoundException: C:\Users\<user>\.keystore (The system cannot
find the file specified).
Clearly it is looking in the default keystore location. I copied my
keystore file to that location just to verify and it locates it fine but
then creates an error stating keystore password cannot be null.
Clearly it seems as though the TLS parameters are not being recognized by
the embedded Jetty server which is started using 7.5.4 instead of 7.2.2.
Does anyone have an idea where to start or how I might have to ammend my
code to make it work with Jetty 7.5.4 embedded version instead of 7.2.2?
Keep in mind I am not using Spring/configuration files of any kind. It is
all via code as shown.
Thanks,
Chris
