Hi Stefan,
I think you have two options here. The first is to combine spring + the
Dispatch API - just leave your TLS configuration in the spring
configuration + load this as normal. The TLS settings should get picked up
CXF when using the Dispatch API - I experimented with this and it appeared
to work.
The second alternative is to configure TLS programatically. I haven't tried
this with the Dispatch API so I'm not sure if it works.
Configure TLS, e.g.:
TLSClientParameters tlsParams = new TLSClientParameters();
X509TrustManager trustManager = new NoOpX509TrustManager();
TrustManager[] trustManagers = new TrustManager[1];
trustManagers[0] = trustManager;
tlsParams.setTrustManagers(trustManagers);
tlsParams.setDisableCNCheck(true);
Then set it on the Dispatch object:
Client client = ((DispatchImpl<SOAPMessage>) dispatch).getClient();
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
Colm.
On Tue, Aug 18, 2015 at 2:08 PM, Stefan Müller <[email protected]>
wrote:
> Hi,
>
> we are using the dispatch API to invoke a remote WebService. This works
> fine
> until the remoter service requires mutual authentication (aka 2Way SSL).
> This is our spring configuration:
>
>
> <jaxws:client id="{http://example.com}ws-dispatch";
> name="{http://example.com}ws-dispatch";
> createdFromAPI="true">
> <jaxws:outInterceptors>
> <ref bean="setPolicyOutInterceptor"/>
> </jaxws:outInterceptors>
> <jaxws:inInterceptors>
> <ref bean="setSignatureAlgorithmInInterceptor"/>
> </jaxws:inInterceptors>
> <jaxws:handlers>
> <bean class="com.example.FaultOutHandler"/>
> </jaxws:handlers>
> <jaxws:properties>
> <entry key="ws-security.signature.properties"
> value-ref="keystoreProperties"/>
> <entry key="ws-security.callback-handler"
> value-ref="keystorePasswordCallback"/>
> <entry key="ws-security.encryption.properties"
> value-ref="truststoreProperties"/>
> <entry key="faultStackTraceEnabled" value="false"/>
> <entry key="exceptionMessageCauseEnabled" value="false"/>
> </jaxws:properties>
> </jaxws:client>
>
> <http-conf:conduit name="{http://example.com
> }ws-dispatch.http-conduit">
> <http-conf:tlsClientParameters disableCNCheck="true"
> secureSocketProtocol="TLS">
> <security:trustManagers>
> <security:keyStore type="JKS" password="****"
> file="${config.location}/ssl_keys/truststore.jks"/>
> </security:trustManagers>
> <security:keyManagers keyPassword="****">
> <security:keyStore type="JKS" password="****"
> file="${config.location}/ssl_keys/keystore.jks"/>
> </security:keyManagers>
> </http-conf:tlsClientParameters>
> <http-conf:client AutoRedirect="true" Connection="Keep-Alive"/>
> </http-conf:conduit>
>
>
> THis is our Dispatch implementation:
>
> public SOAPMessage dispatch(final SOAPMessage soapMessage) {
> final QName serviceName = new QName("http://example.com";,
> "ws-dispatch-service");
> final QName portName = new QName("http://example.com";,
> "ws-dispatch");
> final javax.xml.ws.Service service =
> javax.xml.ws.Service.create(serviceName);
> service.addPort(portName, SOAPBinding.SOAP12HTTP_BINDING,
> getEndpoint());
> Dispatch<SOAPMessage> dispatch = service.createDispatch(portName,
> SOAPMessage.class, javax.xml.ws.Service.Mode.MESSAGE);
> dispatch.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE,
> getPolicy());
> dispatch.getRequestContext().put(ASYMMETRIC_SIG_ALGO_PROPERTY,
> getAlgorithm());
> SOAPMessage result = dispatch.invoke(soapMessage);
> return result;
> }
>
> This does not work and we do not get any useable exceptions. Any help is
> highly appreciated.
>
> Greets
> Stefan
>
>
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Mutual-authentication-with-Dispatch-API-tp5760231.html
> Sent from the cxf-user mailing list archive at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
