On 2010-10-10, at 上午2:45, Juan José Vázquez Delgado wrote:
Hi,
Currently, I´m developing an OSGi packaged CXF-BC bundle which has to
host several web service clients. The communication has to be secured
setting a TLS configuration based on PKCS#12 keystores. Everything is
ok when I use the 'file' parameter in the keystore configuration but
I´m not able to make it work using the 'resource' parameter.
I guess it´s a classloading problem but I can´t find out why my
bundle
doesn´t resolve the resources. The keystores are embedded into the
bundle.
The main parts of my configuration files are the following:
* service-client.xml
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0";
xmlns:ns="http://......";
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://servicemix.apache.org/cxfbc/1.0
http://servicemix.apache.org/cxfbc/1.0/servicemix-cxf-bc.xsd";>
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-http.xml" />
Also, here I think you should add
<import resource="classpath:META-INF/spring/sec.xml" />
I assume you put both service-client.xml and sec.xml in src/main/
resources/META-INF/spring/ folder of your project.
Freeman
<cxfbc:provider wsdl="classpath:wsdl/myws.wsdl"
locationURI="https://..../MyService";
service="ns:myservice" endpoint="myport"
interfaceName="ns:myporttype">
<cxfbc:providedBus>
<ref bean="cxf"/>
</cxfbc:providedBus>
</cxfbc:provider>
<bean class="org.apache.servicemix.common.osgi.EndpointExporter" /
>
</beans>
* sec.xml
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:sec="http://cxf.apache.org/configuration/security";
xmlns:http="http://cxf.apache.org/transports/http/
configuration"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws";
xsi:schemaLocation="http://cxf.apache.org/configuration/
security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
">
<http:conduit name="{......}myport.http-conduit">
<http:tlsClientParameters>
<sec:trustManagers>
<sec:keyStore type="JKS"
resource="security/mytruststore.jks" />
</sec:trustManagers>
<sec:keyManagers keyPassword="*******">
<sec:keyStore type="PKCS12" password="********"
resource="security/mykeystore.p12" />
</sec:keyManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with
export-suitable or null encryption is used,
but exclude anonymous Diffie-Hellman key change as
this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
<bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />
</beans>
* pom.xml
..........
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<instructions>
<Import-Package>
javax.jws,
javax.wsdl,
javax.xml.bind,
javax.xml.bind.annotation,
javax.xml.namespace,
javax.xml.soap,
javax.xml.ws,
META-INF.cxf,
org.apache.cxf.bus,
org.apache.cxf.bus.spring,
org.apache.cxf.bus.resource,
org.apache.cxf.configuration.spring,
org.apache.cxf.resource,
org.apache.servicemix.cxfbc,
org.springframework.beans.factory.config,
org.apache.servicemix.common.osgi
</Import-Package>
<Require-Bundle>org.apache.cxf.bundle</Require-Bundle>
</instructions>
</configuration>
</plugin>
........
I would appreciate any help. Thanks in advance.
BR,
Juanjo.
--
Freeman Fang
------------------------
blog: http://freemanfang.blogspot.com
twitter: http://twitter.com/freemanfang
Open Source SOA: http://fusesource.com
Apache Servicemix:http://servicemix.apache.org
Apache Cxf: http://cxf.apache.org
Apache Karaf: http://karaf.apache.org
Apache Felix: http://felix.apache.org
