Colm - Thanx, it looks like that was exactly the problem - my endpoint configuration did not have a depends-on entry. I had scoured the doc at http://cxf.apache.org/docs/jetty-configuration.html, but didn't see anything obvious, so I assumed I was missing something elsewhere. I'm glad this was an easy one!
Thanx again, Stephen W. Chappell -----Original Message----- From: Colm O hEigeartaigh [mailto:[email protected]] Sent: Tuesday, November 04, 2014 5:45 AM To: [email protected] Subject: Re: CXF 2.7.12 protocol mismatch error in ported code What does your endpoint configuration look like? It is likely either using a different port to the jetty configuration, or else it is not referencing the jetty endpoint configuration via a "depends-on="tls-settings"", where "tls-settings" is the "id" of the "httpj:engine-factory". Here is an example: https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob_plain;f=systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/ut/server.xml;hb=HEAD Colm. Colm. On Mon, Nov 3, 2014 at 6:57 PM, <[email protected]> wrote: > I am migrating some (more) legacy code up to CXF 2.7 from 2.3. The > code used to build and run fine, but now I'm getting an exception > (trimmed to the relevant part) ... > > Caused by: java.io.IOException: JSSE Security Exception > at > gov.faa.swim.ctk.harness.wss.common.server.CtkJettyHTTPTransportFactory.createDestination(CtkJettyHTTPTransportFactory.java:136) > at > gov.faa.swim.ctk.harness.wss.common.server.CtkJettyHTTPTransportFactory.getDestination(CtkJettyHTTPTransportFactory.java:111) > at > org.apache.cxf.binding.soap.SoapTransportFactory.getDestination(SoapTransportFactory.java:142) > at > org.apache.cxf.endpoint.ServerImpl.initDestination(ServerImpl.java:83) > at > org.apache.cxf.endpoint.ServerImpl.<init>(ServerImpl.java:62) > at > org.apache.cxf.frontend.ServerFactoryBean.create(ServerFactoryBean.java:170) > ... 52 more > Caused by: java.lang.RuntimeException: Protocol mismatch for port 15443: > engine's protocol is http, the url protocol is https > at > org.apache.cxf.transport.http_jetty.JettyHTTPDestination.finalizeConfig(JettyHTTPDestination.java:162) > at > gov.faa.swim.ctk.harness.wss.common.server.CtkJettyHTTPTransportFactory.createDestination(CtkJettyHTTPTransportFactory.java:131) > ... 57 more > Caused by: java.io.IOException: Protocol mismatch for port 15443: > engine's protocol is http, the url protocol is https > at > org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory.createJettyHTTPServerEngine(JettyHTTPServerEngineFactory.java:271) > at > org.apache.cxf.transport.http_jetty.JettyHTTPDestination.retrieveEngine(JettyHTTPDestination.java:127) > at > org.apache.cxf.transport.http_jetty.JettyHTTPDestination.finalizeConfig(JettyHTTPDestination.java:160) > ... 58 more > > So it would seem that the server engine is not correctly configured > for TLS/HTTPS, but as far as I can tell it is. This is how the engine > factory is set up: > > <httpj:engine-factory bus="cxf"> > <httpj:identifiedTLSServerParameters id="secure"> > <httpj:tlsServerParameters> > <sec:keyManagers keyPassword="${tlsKeystorePassword}"> > <sec:keyStore type="JKS" password="${tlsKeyPassword}" > file="${tlsKeystore}"/> > </sec:keyManagers> > <sec:trustManagers> > <sec:keyStore type="JKS" password="${tlsTruststorePassword}" > file="${tlsTruststore}"/> > </sec:trustManagers> > <sec:cipherSuitesFilter> > <sec:include>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</sec:include> > <sec:include>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</sec:include> > <sec:include>TLS_RSA_WITH_AES_256_CBC_SHA</sec:include> > <sec:include>TLS_DH_DSS_WITH_AES_256_CBC_SHA</sec:include> > <sec:include>TLS_DH_RSA_WITH_AES_256_CBC_SHA</sec:include> > <sec:include>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</sec:include> > <sec:include>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</sec:include> > <sec:include>TLS_RSA_WITH_AES_128_CBC_SHA</sec:include> > <sec:include>TLS_DH_DSS_WITH_AES_128_CBC_SHA</sec:include> > <sec:include>TLS_DH_RSA_WITH_AES_128_CBC_SHA</sec:include> > <sec:include>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</sec:include> > <sec:include>TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA</sec:include> > <sec:include>TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA</sec:include> > <sec:include>TLS_RSA_WITH_3DES_EDE_CBC_SHA</sec:include> > <sec:include>TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA</sec:include> > <sec:include>TLS_DH_RSA_WITH_3DES_EDE_CBC_SH</sec:include> > </sec:cipherSuitesFilter> > </httpj:tlsServerParameters> > </httpj:identifiedTLSServerParameters> > <httpj:engine port="${port}"> > <httpj:tlsServerParametersRef id="secure" /> > <httpj:threadingParameters minThreads="5" maxThreads="15" /> > </httpj:engine> > </httpj:engine-factory> > > Does anyone know if there was a change somewhere along the line that > isn't accounted for in here? Any kicks in the right direction would be > appreciated, thanx! > > Stephen W. Chappell > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
