You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by James Carman <ja...@carmanconsulting.com> on 2015/08/07 18:35:20 UTC
HTTPS and WADL URLs...
Our CXF services sit behind an ELB which terminates SSL for us, then
forwards the request to our CXF services over HTTP. When we look at the
WADL for the service through the ELB URLs, all of the links in the WADL
have the "http" scheme, not "https". Is there something special we need to
do in order to get that working properly?
James
Re: HTTPS and WADL URLs...
Posted by James Carman <ja...@carmanconsulting.com>.
Okay, found the setting. So, in our systems, can you think of any reason
we wouldn't want our default Karaf setup to have that feature turned on?
Is there a downside to turning it on? Will it break systems which aren't
behind proxies?
On Fri, Aug 7, 2015 at 12:58 PM James Carman <ja...@carmanconsulting.com>
wrote:
> Hrmmm. We're using CXF inside Karaf. Gotta find where to set that up...
>
>
> On Fri, Aug 7, 2015 at 12:46 PM Sergey Beryozkin <sb...@gmail.com>
> wrote:
>
>> CXFServlet has a "use-x-forwarded-headers" boolean parameter, if it is
>> set to true then CXFServlet will check X-FORWARDED-PROTO, I recall
>> adding the code to support something similar, can you try it, I think
>> ELB should have these headers set when forwarding
>>
>> let us know if it works
>> Cheers, Sergey
>> On 07/08/15 17:35, James Carman wrote:
>> > Our CXF services sit behind an ELB which terminates SSL for us, then
>> > forwards the request to our CXF services over HTTP. When we look at the
>> > WADL for the service through the ELB URLs, all of the links in the WADL
>> > have the "http" scheme, not "https". Is there something special we
>> need to
>> > do in order to get that working properly?
>> >
>> > James
>> >
>>
>>
Re: HTTPS and WADL URLs...
Posted by James Carman <ja...@carmanconsulting.com>.
Hrmmm. We're using CXF inside Karaf. Gotta find where to set that up...
On Fri, Aug 7, 2015 at 12:46 PM Sergey Beryozkin <sb...@gmail.com>
wrote:
> CXFServlet has a "use-x-forwarded-headers" boolean parameter, if it is
> set to true then CXFServlet will check X-FORWARDED-PROTO, I recall
> adding the code to support something similar, can you try it, I think
> ELB should have these headers set when forwarding
>
> let us know if it works
> Cheers, Sergey
> On 07/08/15 17:35, James Carman wrote:
> > Our CXF services sit behind an ELB which terminates SSL for us, then
> > forwards the request to our CXF services over HTTP. When we look at the
> > WADL for the service through the ELB URLs, all of the links in the WADL
> > have the "http" scheme, not "https". Is there something special we need
> to
> > do in order to get that working properly?
> >
> > James
> >
>
>
Re: HTTPS and WADL URLs...
Posted by Sergey Beryozkin <sb...@gmail.com>.
I recall now that one of the thoughts I had that if it is supported OOB
then the servers that are not protected by the secure LB system can
become affected by those headers, example, it can be HTTP but the
headers can make the server believe it is HTTPS...
Sergey
On 18/08/15 21:24, Sergey Beryozkin wrote:
> perhaps others think it should be defaulted to true, obviously it is not
> written in stone (false). My thinking was, this is more likely to cause
> a surprise, hence it is disabled by default. It is an advanced case, so
> enabling supporting X-Forwarded-* is probably reasonable.
> if Aki, others, have some prefs then it can be reviewed of course
> thanks, Sergey
> On 18/08/15 17:20, Sergey Beryozkin wrote:
>> No idea about a downside. This is a rare case, talking about 80% vs 20%
>> here, it is also a non-standard HTTP header, hence IMHO having it
>> affecting what the application code sees (request URI, etc) is disabled
>> by default.
>>
>> Cheers, Sergey
>> On 18/08/15 17:16, James Carman wrote:
>>> Any reason we don't default that forwarded proto setting to true? Is
>>> there
>>> a downside?
>>> On Tue, Aug 18, 2015 at 5:05 AM Sergey Beryozkin <sb...@gmail.com>
>>> wrote:
>>>
>>>> Hi James
>>>>
>>>> Thanks for spotting it, I recall now we fixed it by supporting the init
>>>> prefix property which should be recognized by pax-*:
>>>>
>>>> https://issues.apache.org/jira/browse/CXF-6292
>>>>
>>>> and
>>>>
>>>>
>>>> https://git1-us-west.apache.org/repos/asf?p=cxf.git;a=blobdiff;f=rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml;h=99481fc7e18a05d179cc42035717adbdd89dbdae;hp=b08dbd5209f3a550188887f34e9c235780c0c121;hb=ed2196b4;hpb=566787ec5cc6b9519e575df6434e212ff384c85a
>>>>
>>>>
>>>>
>>>> Setting it to "init." will likely affect CXF OSGI users who are not
>>>> depending on pax web components which expect the init prefixes.
>>>>
>>>> Can you try the configurable init prefix property and close the pull if
>>>> it works for you ?
>>>>
>>>> Thanks, Sergey
>>>>
>>>> On 18/08/15 04:38, James Carman wrote:
>>>>> Oh, and I created a JIRA also:
>>>>>
>>>>> https://issues.apache.org/jira/browse/CXF-6547
>>>>>
>>>>>
>>>>>
>>>>> On Mon, Aug 17, 2015 at 11:37 PM James Carman <
>>>> james@carmanconsulting.com>
>>>>> wrote:
>>>>>
>>>>>> Sergey,
>>>>>>
>>>>>> I have created a pull request to fix this issue in OSGi:
>>>>>>
>>>>>> https://github.com/apache/cxf/pull/82
>>>>>>
>>>>>> The issue is that PAX Web changed the init-param detection so that
>>>> service
>>>>>> properties must include a prefix in order to be considered to be an
>>>>>> init-param (ask Achim, he did it :). Anyway, merely adding "init."
>>>> before
>>>>>> all the params makes them show up.
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> James
>>>>>>
>>>>>> On Sun, Aug 9, 2015 at 2:33 PM Sergey Beryozkin
>>>>>> <sb...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Hi
>>>>>>>
>>>>>>> I signed off after the 1st reply...
>>>>>>> Is there a chance you can set a breakpoint in
>>>>>>>
>>>>>>>
>>>>>>>
>>>> https://fisheye6.atlassian.com/browse/cxf/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java?r=f5655d81ea6a880cf6b8b1cdcabddf1cd4dbe869#to297
>>>>
>>>>
>>>>>>>
>>>>>>> ?
>>>>>>>
>>>>>>> I can try a basic test a bit later on too,
>>>>>>>
>>>>>>> Cheers, Sergey
>>>>>>> On 07/08/15 18:40, James Carman wrote:
>>>>>>>> On Fri, Aug 7, 2015 at 12:46 PM Sergey Beryozkin <
>>>> sberyozkin@gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> CXFServlet has a "use-x-forwarded-headers" boolean parameter,
>>>>>>>>> if it
>>>> is
>>>>>>>>> set to true then CXFServlet will check X-FORWARDED-PROTO, I recall
>>>>>>>>> adding the code to support something similar, can you try it, I
>>>>>>>>> think
>>>>>>>>> ELB should have these headers set when forwarding
>>>>>>>>>
>>>>>>>>
>>>>>>>> Sergey,
>>>>>>>>
>>>>>>>> Thanks for the tip! I'm setting it up in Karaf and have verified
>>>>>>>> that
>>>>>>> the
>>>>>>>> config is there:
>>>>>>>>
>>>>>>>> config:list "(service.pid=org.apache.cxf.osgi)"
>>>>>>>> ----------------------------------------------------------------
>>>>>>>> Pid: org.apache.cxf.osgi
>>>>>>>> BundleLocation: mvn:org.apache.cxf/cxf-rt-transports-http/3.0.5
>>>>>>>> Properties:
>>>>>>>> felix.fileinstall.filename =
>>>>>>>> file:/opt/aetos/etc/org.apache.cxf.osgi.cfg
>>>>>>>> org.apache.cxf.servlet.context = /services
>>>>>>>> org.apache.cxf.servlet.use-x-forwarded-headers = true
>>>>>>>> service.pid = org.apache.cxf.osgi
>>>>>>>>
>>>>>>>> My WADL still has "http" links in it, even though I see these
>>>>>>>> headers
>>>>>>> when
>>>>>>>> I request the WADL:
>>>>>>>>
>>>>>>>> X-Forwarded-For=[X.X.X.X], X-Forwarded-Port=[443],
>>>>>>> X-Forwarded-Proto=[https]
>>>>>>>>
>>>>>>>> Can you think of anything I'm missing? Could it be that just the
>>>>>>>> WADL
>>>>>>> is
>>>>>>>> borked, but usage of UrlInfo in my JAX-RS resources will work fine?
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Sergey Beryozkin
>>>>>>>
>>>>>>> Talend Community Coders
>>>>>>> http://coders.talend.com/
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Sergey Beryozkin
>>>>
>>>> Talend Community Coders
>>>> http://coders.talend.com/
>>>>
>>>
>>
>>
>
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Re: HTTPS and WADL URLs...
Posted by Sergey Beryozkin <sb...@gmail.com>.
perhaps others think it should be defaulted to true, obviously it is not
written in stone (false). My thinking was, this is more likely to cause
a surprise, hence it is disabled by default. It is an advanced case, so
enabling supporting X-Forwarded-* is probably reasonable.
if Aki, others, have some prefs then it can be reviewed of course
thanks, Sergey
On 18/08/15 17:20, Sergey Beryozkin wrote:
> No idea about a downside. This is a rare case, talking about 80% vs 20%
> here, it is also a non-standard HTTP header, hence IMHO having it
> affecting what the application code sees (request URI, etc) is disabled
> by default.
>
> Cheers, Sergey
> On 18/08/15 17:16, James Carman wrote:
>> Any reason we don't default that forwarded proto setting to true? Is
>> there
>> a downside?
>> On Tue, Aug 18, 2015 at 5:05 AM Sergey Beryozkin <sb...@gmail.com>
>> wrote:
>>
>>> Hi James
>>>
>>> Thanks for spotting it, I recall now we fixed it by supporting the init
>>> prefix property which should be recognized by pax-*:
>>>
>>> https://issues.apache.org/jira/browse/CXF-6292
>>>
>>> and
>>>
>>>
>>> https://git1-us-west.apache.org/repos/asf?p=cxf.git;a=blobdiff;f=rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml;h=99481fc7e18a05d179cc42035717adbdd89dbdae;hp=b08dbd5209f3a550188887f34e9c235780c0c121;hb=ed2196b4;hpb=566787ec5cc6b9519e575df6434e212ff384c85a
>>>
>>>
>>> Setting it to "init." will likely affect CXF OSGI users who are not
>>> depending on pax web components which expect the init prefixes.
>>>
>>> Can you try the configurable init prefix property and close the pull if
>>> it works for you ?
>>>
>>> Thanks, Sergey
>>>
>>> On 18/08/15 04:38, James Carman wrote:
>>>> Oh, and I created a JIRA also:
>>>>
>>>> https://issues.apache.org/jira/browse/CXF-6547
>>>>
>>>>
>>>>
>>>> On Mon, Aug 17, 2015 at 11:37 PM James Carman <
>>> james@carmanconsulting.com>
>>>> wrote:
>>>>
>>>>> Sergey,
>>>>>
>>>>> I have created a pull request to fix this issue in OSGi:
>>>>>
>>>>> https://github.com/apache/cxf/pull/82
>>>>>
>>>>> The issue is that PAX Web changed the init-param detection so that
>>> service
>>>>> properties must include a prefix in order to be considered to be an
>>>>> init-param (ask Achim, he did it :). Anyway, merely adding "init."
>>> before
>>>>> all the params makes them show up.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> James
>>>>>
>>>>> On Sun, Aug 9, 2015 at 2:33 PM Sergey Beryozkin <sb...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi
>>>>>>
>>>>>> I signed off after the 1st reply...
>>>>>> Is there a chance you can set a breakpoint in
>>>>>>
>>>>>>
>>>>>>
>>> https://fisheye6.atlassian.com/browse/cxf/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java?r=f5655d81ea6a880cf6b8b1cdcabddf1cd4dbe869#to297
>>>
>>>>>>
>>>>>> ?
>>>>>>
>>>>>> I can try a basic test a bit later on too,
>>>>>>
>>>>>> Cheers, Sergey
>>>>>> On 07/08/15 18:40, James Carman wrote:
>>>>>>> On Fri, Aug 7, 2015 at 12:46 PM Sergey Beryozkin <
>>> sberyozkin@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> CXFServlet has a "use-x-forwarded-headers" boolean parameter, if it
>>> is
>>>>>>>> set to true then CXFServlet will check X-FORWARDED-PROTO, I recall
>>>>>>>> adding the code to support something similar, can you try it, I
>>>>>>>> think
>>>>>>>> ELB should have these headers set when forwarding
>>>>>>>>
>>>>>>>
>>>>>>> Sergey,
>>>>>>>
>>>>>>> Thanks for the tip! I'm setting it up in Karaf and have verified
>>>>>>> that
>>>>>> the
>>>>>>> config is there:
>>>>>>>
>>>>>>> config:list "(service.pid=org.apache.cxf.osgi)"
>>>>>>> ----------------------------------------------------------------
>>>>>>> Pid: org.apache.cxf.osgi
>>>>>>> BundleLocation: mvn:org.apache.cxf/cxf-rt-transports-http/3.0.5
>>>>>>> Properties:
>>>>>>> felix.fileinstall.filename =
>>>>>>> file:/opt/aetos/etc/org.apache.cxf.osgi.cfg
>>>>>>> org.apache.cxf.servlet.context = /services
>>>>>>> org.apache.cxf.servlet.use-x-forwarded-headers = true
>>>>>>> service.pid = org.apache.cxf.osgi
>>>>>>>
>>>>>>> My WADL still has "http" links in it, even though I see these
>>>>>>> headers
>>>>>> when
>>>>>>> I request the WADL:
>>>>>>>
>>>>>>> X-Forwarded-For=[X.X.X.X], X-Forwarded-Port=[443],
>>>>>> X-Forwarded-Proto=[https]
>>>>>>>
>>>>>>> Can you think of anything I'm missing? Could it be that just the
>>>>>>> WADL
>>>>>> is
>>>>>>> borked, but usage of UrlInfo in my JAX-RS resources will work fine?
>>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Sergey Beryozkin
>>>>>>
>>>>>> Talend Community Coders
>>>>>> http://coders.talend.com/
>>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Sergey Beryozkin
>>>
>>> Talend Community Coders
>>> http://coders.talend.com/
>>>
>>
>
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Re: HTTPS and WADL URLs...
Posted by Sergey Beryozkin <sb...@gmail.com>.
No idea about a downside. This is a rare case, talking about 80% vs 20%
here, it is also a non-standard HTTP header, hence IMHO having it
affecting what the application code sees (request URI, etc) is disabled
by default.
Cheers, Sergey
On 18/08/15 17:16, James Carman wrote:
> Any reason we don't default that forwarded proto setting to true? Is there
> a downside?
> On Tue, Aug 18, 2015 at 5:05 AM Sergey Beryozkin <sb...@gmail.com>
> wrote:
>
>> Hi James
>>
>> Thanks for spotting it, I recall now we fixed it by supporting the init
>> prefix property which should be recognized by pax-*:
>>
>> https://issues.apache.org/jira/browse/CXF-6292
>>
>> and
>>
>>
>> https://git1-us-west.apache.org/repos/asf?p=cxf.git;a=blobdiff;f=rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml;h=99481fc7e18a05d179cc42035717adbdd89dbdae;hp=b08dbd5209f3a550188887f34e9c235780c0c121;hb=ed2196b4;hpb=566787ec5cc6b9519e575df6434e212ff384c85a
>>
>> Setting it to "init." will likely affect CXF OSGI users who are not
>> depending on pax web components which expect the init prefixes.
>>
>> Can you try the configurable init prefix property and close the pull if
>> it works for you ?
>>
>> Thanks, Sergey
>>
>> On 18/08/15 04:38, James Carman wrote:
>>> Oh, and I created a JIRA also:
>>>
>>> https://issues.apache.org/jira/browse/CXF-6547
>>>
>>>
>>>
>>> On Mon, Aug 17, 2015 at 11:37 PM James Carman <
>> james@carmanconsulting.com>
>>> wrote:
>>>
>>>> Sergey,
>>>>
>>>> I have created a pull request to fix this issue in OSGi:
>>>>
>>>> https://github.com/apache/cxf/pull/82
>>>>
>>>> The issue is that PAX Web changed the init-param detection so that
>> service
>>>> properties must include a prefix in order to be considered to be an
>>>> init-param (ask Achim, he did it :). Anyway, merely adding "init."
>> before
>>>> all the params makes them show up.
>>>>
>>>> Thanks,
>>>>
>>>> James
>>>>
>>>> On Sun, Aug 9, 2015 at 2:33 PM Sergey Beryozkin <sb...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi
>>>>>
>>>>> I signed off after the 1st reply...
>>>>> Is there a chance you can set a breakpoint in
>>>>>
>>>>>
>>>>>
>> https://fisheye6.atlassian.com/browse/cxf/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java?r=f5655d81ea6a880cf6b8b1cdcabddf1cd4dbe869#to297
>>>>>
>>>>> ?
>>>>>
>>>>> I can try a basic test a bit later on too,
>>>>>
>>>>> Cheers, Sergey
>>>>> On 07/08/15 18:40, James Carman wrote:
>>>>>> On Fri, Aug 7, 2015 at 12:46 PM Sergey Beryozkin <
>> sberyozkin@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> CXFServlet has a "use-x-forwarded-headers" boolean parameter, if it
>> is
>>>>>>> set to true then CXFServlet will check X-FORWARDED-PROTO, I recall
>>>>>>> adding the code to support something similar, can you try it, I think
>>>>>>> ELB should have these headers set when forwarding
>>>>>>>
>>>>>>
>>>>>> Sergey,
>>>>>>
>>>>>> Thanks for the tip! I'm setting it up in Karaf and have verified that
>>>>> the
>>>>>> config is there:
>>>>>>
>>>>>> config:list "(service.pid=org.apache.cxf.osgi)"
>>>>>> ----------------------------------------------------------------
>>>>>> Pid: org.apache.cxf.osgi
>>>>>> BundleLocation: mvn:org.apache.cxf/cxf-rt-transports-http/3.0.5
>>>>>> Properties:
>>>>>> felix.fileinstall.filename =
>>>>>> file:/opt/aetos/etc/org.apache.cxf.osgi.cfg
>>>>>> org.apache.cxf.servlet.context = /services
>>>>>> org.apache.cxf.servlet.use-x-forwarded-headers = true
>>>>>> service.pid = org.apache.cxf.osgi
>>>>>>
>>>>>> My WADL still has "http" links in it, even though I see these headers
>>>>> when
>>>>>> I request the WADL:
>>>>>>
>>>>>> X-Forwarded-For=[X.X.X.X], X-Forwarded-Port=[443],
>>>>> X-Forwarded-Proto=[https]
>>>>>>
>>>>>> Can you think of anything I'm missing? Could it be that just the WADL
>>>>> is
>>>>>> borked, but usage of UrlInfo in my JAX-RS resources will work fine?
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Sergey Beryozkin
>>>>>
>>>>> Talend Community Coders
>>>>> http://coders.talend.com/
>>>>>
>>>>
>>>
>>
>>
>> --
>> Sergey Beryozkin
>>
>> Talend Community Coders
>> http://coders.talend.com/
>>
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Re: HTTPS and WADL URLs...
Posted by James Carman <ja...@carmanconsulting.com>.
Any reason we don't default that forwarded proto setting to true? Is there
a downside?
On Tue, Aug 18, 2015 at 5:05 AM Sergey Beryozkin <sb...@gmail.com>
wrote:
> Hi James
>
> Thanks for spotting it, I recall now we fixed it by supporting the init
> prefix property which should be recognized by pax-*:
>
> https://issues.apache.org/jira/browse/CXF-6292
>
> and
>
>
> https://git1-us-west.apache.org/repos/asf?p=cxf.git;a=blobdiff;f=rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml;h=99481fc7e18a05d179cc42035717adbdd89dbdae;hp=b08dbd5209f3a550188887f34e9c235780c0c121;hb=ed2196b4;hpb=566787ec5cc6b9519e575df6434e212ff384c85a
>
> Setting it to "init." will likely affect CXF OSGI users who are not
> depending on pax web components which expect the init prefixes.
>
> Can you try the configurable init prefix property and close the pull if
> it works for you ?
>
> Thanks, Sergey
>
> On 18/08/15 04:38, James Carman wrote:
> > Oh, and I created a JIRA also:
> >
> > https://issues.apache.org/jira/browse/CXF-6547
> >
> >
> >
> > On Mon, Aug 17, 2015 at 11:37 PM James Carman <
> james@carmanconsulting.com>
> > wrote:
> >
> >> Sergey,
> >>
> >> I have created a pull request to fix this issue in OSGi:
> >>
> >> https://github.com/apache/cxf/pull/82
> >>
> >> The issue is that PAX Web changed the init-param detection so that
> service
> >> properties must include a prefix in order to be considered to be an
> >> init-param (ask Achim, he did it :). Anyway, merely adding "init."
> before
> >> all the params makes them show up.
> >>
> >> Thanks,
> >>
> >> James
> >>
> >> On Sun, Aug 9, 2015 at 2:33 PM Sergey Beryozkin <sb...@gmail.com>
> >> wrote:
> >>
> >>> Hi
> >>>
> >>> I signed off after the 1st reply...
> >>> Is there a chance you can set a breakpoint in
> >>>
> >>>
> >>>
> https://fisheye6.atlassian.com/browse/cxf/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java?r=f5655d81ea6a880cf6b8b1cdcabddf1cd4dbe869#to297
> >>>
> >>> ?
> >>>
> >>> I can try a basic test a bit later on too,
> >>>
> >>> Cheers, Sergey
> >>> On 07/08/15 18:40, James Carman wrote:
> >>>> On Fri, Aug 7, 2015 at 12:46 PM Sergey Beryozkin <
> sberyozkin@gmail.com>
> >>>> wrote:
> >>>>
> >>>>> CXFServlet has a "use-x-forwarded-headers" boolean parameter, if it
> is
> >>>>> set to true then CXFServlet will check X-FORWARDED-PROTO, I recall
> >>>>> adding the code to support something similar, can you try it, I think
> >>>>> ELB should have these headers set when forwarding
> >>>>>
> >>>>
> >>>> Sergey,
> >>>>
> >>>> Thanks for the tip! I'm setting it up in Karaf and have verified that
> >>> the
> >>>> config is there:
> >>>>
> >>>> config:list "(service.pid=org.apache.cxf.osgi)"
> >>>> ----------------------------------------------------------------
> >>>> Pid: org.apache.cxf.osgi
> >>>> BundleLocation: mvn:org.apache.cxf/cxf-rt-transports-http/3.0.5
> >>>> Properties:
> >>>> felix.fileinstall.filename =
> >>>> file:/opt/aetos/etc/org.apache.cxf.osgi.cfg
> >>>> org.apache.cxf.servlet.context = /services
> >>>> org.apache.cxf.servlet.use-x-forwarded-headers = true
> >>>> service.pid = org.apache.cxf.osgi
> >>>>
> >>>> My WADL still has "http" links in it, even though I see these headers
> >>> when
> >>>> I request the WADL:
> >>>>
> >>>> X-Forwarded-For=[X.X.X.X], X-Forwarded-Port=[443],
> >>> X-Forwarded-Proto=[https]
> >>>>
> >>>> Can you think of anything I'm missing? Could it be that just the WADL
> >>> is
> >>>> borked, but usage of UrlInfo in my JAX-RS resources will work fine?
> >>>>
> >>>
> >>>
> >>> --
> >>> Sergey Beryozkin
> >>>
> >>> Talend Community Coders
> >>> http://coders.talend.com/
> >>>
> >>
> >
>
>
> --
> Sergey Beryozkin
>
> Talend Community Coders
> http://coders.talend.com/
>
Re: HTTPS and WADL URLs...
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi James
Thanks for spotting it, I recall now we fixed it by supporting the init
prefix property which should be recognized by pax-*:
https://issues.apache.org/jira/browse/CXF-6292
and
https://git1-us-west.apache.org/repos/asf?p=cxf.git;a=blobdiff;f=rt/transports/http/src/main/resources/OSGI-INF/blueprint/osgiservlet.xml;h=99481fc7e18a05d179cc42035717adbdd89dbdae;hp=b08dbd5209f3a550188887f34e9c235780c0c121;hb=ed2196b4;hpb=566787ec5cc6b9519e575df6434e212ff384c85a
Setting it to "init." will likely affect CXF OSGI users who are not
depending on pax web components which expect the init prefixes.
Can you try the configurable init prefix property and close the pull if
it works for you ?
Thanks, Sergey
On 18/08/15 04:38, James Carman wrote:
> Oh, and I created a JIRA also:
>
> https://issues.apache.org/jira/browse/CXF-6547
>
>
>
> On Mon, Aug 17, 2015 at 11:37 PM James Carman <ja...@carmanconsulting.com>
> wrote:
>
>> Sergey,
>>
>> I have created a pull request to fix this issue in OSGi:
>>
>> https://github.com/apache/cxf/pull/82
>>
>> The issue is that PAX Web changed the init-param detection so that service
>> properties must include a prefix in order to be considered to be an
>> init-param (ask Achim, he did it :). Anyway, merely adding "init." before
>> all the params makes them show up.
>>
>> Thanks,
>>
>> James
>>
>> On Sun, Aug 9, 2015 at 2:33 PM Sergey Beryozkin <sb...@gmail.com>
>> wrote:
>>
>>> Hi
>>>
>>> I signed off after the 1st reply...
>>> Is there a chance you can set a breakpoint in
>>>
>>>
>>> https://fisheye6.atlassian.com/browse/cxf/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java?r=f5655d81ea6a880cf6b8b1cdcabddf1cd4dbe869#to297
>>>
>>> ?
>>>
>>> I can try a basic test a bit later on too,
>>>
>>> Cheers, Sergey
>>> On 07/08/15 18:40, James Carman wrote:
>>>> On Fri, Aug 7, 2015 at 12:46 PM Sergey Beryozkin <sb...@gmail.com>
>>>> wrote:
>>>>
>>>>> CXFServlet has a "use-x-forwarded-headers" boolean parameter, if it is
>>>>> set to true then CXFServlet will check X-FORWARDED-PROTO, I recall
>>>>> adding the code to support something similar, can you try it, I think
>>>>> ELB should have these headers set when forwarding
>>>>>
>>>>
>>>> Sergey,
>>>>
>>>> Thanks for the tip! I'm setting it up in Karaf and have verified that
>>> the
>>>> config is there:
>>>>
>>>> config:list "(service.pid=org.apache.cxf.osgi)"
>>>> ----------------------------------------------------------------
>>>> Pid: org.apache.cxf.osgi
>>>> BundleLocation: mvn:org.apache.cxf/cxf-rt-transports-http/3.0.5
>>>> Properties:
>>>> felix.fileinstall.filename =
>>>> file:/opt/aetos/etc/org.apache.cxf.osgi.cfg
>>>> org.apache.cxf.servlet.context = /services
>>>> org.apache.cxf.servlet.use-x-forwarded-headers = true
>>>> service.pid = org.apache.cxf.osgi
>>>>
>>>> My WADL still has "http" links in it, even though I see these headers
>>> when
>>>> I request the WADL:
>>>>
>>>> X-Forwarded-For=[X.X.X.X], X-Forwarded-Port=[443],
>>> X-Forwarded-Proto=[https]
>>>>
>>>> Can you think of anything I'm missing? Could it be that just the WADL
>>> is
>>>> borked, but usage of UrlInfo in my JAX-RS resources will work fine?
>>>>
>>>
>>>
>>> --
>>> Sergey Beryozkin
>>>
>>> Talend Community Coders
>>> http://coders.talend.com/
>>>
>>
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Re: HTTPS and WADL URLs...
Posted by James Carman <ja...@carmanconsulting.com>.
Oh, and I created a JIRA also:
https://issues.apache.org/jira/browse/CXF-6547
On Mon, Aug 17, 2015 at 11:37 PM James Carman <ja...@carmanconsulting.com>
wrote:
> Sergey,
>
> I have created a pull request to fix this issue in OSGi:
>
> https://github.com/apache/cxf/pull/82
>
> The issue is that PAX Web changed the init-param detection so that service
> properties must include a prefix in order to be considered to be an
> init-param (ask Achim, he did it :). Anyway, merely adding "init." before
> all the params makes them show up.
>
> Thanks,
>
> James
>
> On Sun, Aug 9, 2015 at 2:33 PM Sergey Beryozkin <sb...@gmail.com>
> wrote:
>
>> Hi
>>
>> I signed off after the 1st reply...
>> Is there a chance you can set a breakpoint in
>>
>>
>> https://fisheye6.atlassian.com/browse/cxf/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java?r=f5655d81ea6a880cf6b8b1cdcabddf1cd4dbe869#to297
>>
>> ?
>>
>> I can try a basic test a bit later on too,
>>
>> Cheers, Sergey
>> On 07/08/15 18:40, James Carman wrote:
>> > On Fri, Aug 7, 2015 at 12:46 PM Sergey Beryozkin <sb...@gmail.com>
>> > wrote:
>> >
>> >> CXFServlet has a "use-x-forwarded-headers" boolean parameter, if it is
>> >> set to true then CXFServlet will check X-FORWARDED-PROTO, I recall
>> >> adding the code to support something similar, can you try it, I think
>> >> ELB should have these headers set when forwarding
>> >>
>> >
>> > Sergey,
>> >
>> > Thanks for the tip! I'm setting it up in Karaf and have verified that
>> the
>> > config is there:
>> >
>> > config:list "(service.pid=org.apache.cxf.osgi)"
>> > ----------------------------------------------------------------
>> > Pid: org.apache.cxf.osgi
>> > BundleLocation: mvn:org.apache.cxf/cxf-rt-transports-http/3.0.5
>> > Properties:
>> > felix.fileinstall.filename =
>> > file:/opt/aetos/etc/org.apache.cxf.osgi.cfg
>> > org.apache.cxf.servlet.context = /services
>> > org.apache.cxf.servlet.use-x-forwarded-headers = true
>> > service.pid = org.apache.cxf.osgi
>> >
>> > My WADL still has "http" links in it, even though I see these headers
>> when
>> > I request the WADL:
>> >
>> > X-Forwarded-For=[X.X.X.X], X-Forwarded-Port=[443],
>> X-Forwarded-Proto=[https]
>> >
>> > Can you think of anything I'm missing? Could it be that just the WADL
>> is
>> > borked, but usage of UrlInfo in my JAX-RS resources will work fine?
>> >
>>
>>
>> --
>> Sergey Beryozkin
>>
>> Talend Community Coders
>> http://coders.talend.com/
>>
>
Re: HTTPS and WADL URLs...
Posted by James Carman <ja...@carmanconsulting.com>.
Sergey,
I have created a pull request to fix this issue in OSGi:
https://github.com/apache/cxf/pull/82
The issue is that PAX Web changed the init-param detection so that service
properties must include a prefix in order to be considered to be an
init-param (ask Achim, he did it :). Anyway, merely adding "init." before
all the params makes them show up.
Thanks,
James
On Sun, Aug 9, 2015 at 2:33 PM Sergey Beryozkin <sb...@gmail.com>
wrote:
> Hi
>
> I signed off after the 1st reply...
> Is there a chance you can set a breakpoint in
>
>
> https://fisheye6.atlassian.com/browse/cxf/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java?r=f5655d81ea6a880cf6b8b1cdcabddf1cd4dbe869#to297
>
> ?
>
> I can try a basic test a bit later on too,
>
> Cheers, Sergey
> On 07/08/15 18:40, James Carman wrote:
> > On Fri, Aug 7, 2015 at 12:46 PM Sergey Beryozkin <sb...@gmail.com>
> > wrote:
> >
> >> CXFServlet has a "use-x-forwarded-headers" boolean parameter, if it is
> >> set to true then CXFServlet will check X-FORWARDED-PROTO, I recall
> >> adding the code to support something similar, can you try it, I think
> >> ELB should have these headers set when forwarding
> >>
> >
> > Sergey,
> >
> > Thanks for the tip! I'm setting it up in Karaf and have verified that
> the
> > config is there:
> >
> > config:list "(service.pid=org.apache.cxf.osgi)"
> > ----------------------------------------------------------------
> > Pid: org.apache.cxf.osgi
> > BundleLocation: mvn:org.apache.cxf/cxf-rt-transports-http/3.0.5
> > Properties:
> > felix.fileinstall.filename =
> > file:/opt/aetos/etc/org.apache.cxf.osgi.cfg
> > org.apache.cxf.servlet.context = /services
> > org.apache.cxf.servlet.use-x-forwarded-headers = true
> > service.pid = org.apache.cxf.osgi
> >
> > My WADL still has "http" links in it, even though I see these headers
> when
> > I request the WADL:
> >
> > X-Forwarded-For=[X.X.X.X], X-Forwarded-Port=[443],
> X-Forwarded-Proto=[https]
> >
> > Can you think of anything I'm missing? Could it be that just the WADL is
> > borked, but usage of UrlInfo in my JAX-RS resources will work fine?
> >
>
>
> --
> Sergey Beryozkin
>
> Talend Community Coders
> http://coders.talend.com/
>
Re: HTTPS and WADL URLs...
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
I signed off after the 1st reply...
Is there a chance you can set a breakpoint in
https://fisheye6.atlassian.com/browse/cxf/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java?r=f5655d81ea6a880cf6b8b1cdcabddf1cd4dbe869#to297
?
I can try a basic test a bit later on too,
Cheers, Sergey
On 07/08/15 18:40, James Carman wrote:
> On Fri, Aug 7, 2015 at 12:46 PM Sergey Beryozkin <sb...@gmail.com>
> wrote:
>
>> CXFServlet has a "use-x-forwarded-headers" boolean parameter, if it is
>> set to true then CXFServlet will check X-FORWARDED-PROTO, I recall
>> adding the code to support something similar, can you try it, I think
>> ELB should have these headers set when forwarding
>>
>
> Sergey,
>
> Thanks for the tip! I'm setting it up in Karaf and have verified that the
> config is there:
>
> config:list "(service.pid=org.apache.cxf.osgi)"
> ----------------------------------------------------------------
> Pid: org.apache.cxf.osgi
> BundleLocation: mvn:org.apache.cxf/cxf-rt-transports-http/3.0.5
> Properties:
> felix.fileinstall.filename =
> file:/opt/aetos/etc/org.apache.cxf.osgi.cfg
> org.apache.cxf.servlet.context = /services
> org.apache.cxf.servlet.use-x-forwarded-headers = true
> service.pid = org.apache.cxf.osgi
>
> My WADL still has "http" links in it, even though I see these headers when
> I request the WADL:
>
> X-Forwarded-For=[X.X.X.X], X-Forwarded-Port=[443], X-Forwarded-Proto=[https]
>
> Can you think of anything I'm missing? Could it be that just the WADL is
> borked, but usage of UrlInfo in my JAX-RS resources will work fine?
>
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Re: HTTPS and WADL URLs...
Posted by James Carman <ja...@carmanconsulting.com>.
On Fri, Aug 7, 2015 at 12:46 PM Sergey Beryozkin <sb...@gmail.com>
wrote:
> CXFServlet has a "use-x-forwarded-headers" boolean parameter, if it is
> set to true then CXFServlet will check X-FORWARDED-PROTO, I recall
> adding the code to support something similar, can you try it, I think
> ELB should have these headers set when forwarding
>
Sergey,
Thanks for the tip! I'm setting it up in Karaf and have verified that the
config is there:
config:list "(service.pid=org.apache.cxf.osgi)"
----------------------------------------------------------------
Pid: org.apache.cxf.osgi
BundleLocation: mvn:org.apache.cxf/cxf-rt-transports-http/3.0.5
Properties:
felix.fileinstall.filename =
file:/opt/aetos/etc/org.apache.cxf.osgi.cfg
org.apache.cxf.servlet.context = /services
org.apache.cxf.servlet.use-x-forwarded-headers = true
service.pid = org.apache.cxf.osgi
My WADL still has "http" links in it, even though I see these headers when
I request the WADL:
X-Forwarded-For=[X.X.X.X], X-Forwarded-Port=[443], X-Forwarded-Proto=[https]
Can you think of anything I'm missing? Could it be that just the WADL is
borked, but usage of UrlInfo in my JAX-RS resources will work fine?
Re: HTTPS and WADL URLs...
Posted by Sergey Beryozkin <sb...@gmail.com>.
CXFServlet has a "use-x-forwarded-headers" boolean parameter, if it is
set to true then CXFServlet will check X-FORWARDED-PROTO, I recall
adding the code to support something similar, can you try it, I think
ELB should have these headers set when forwarding
let us know if it works
Cheers, Sergey
On 07/08/15 17:35, James Carman wrote:
> Our CXF services sit behind an ELB which terminates SSL for us, then
> forwards the request to our CXF services over HTTP. When we look at the
> WADL for the service through the ELB URLs, all of the links in the WADL
> have the "http" scheme, not "https". Is there something special we need to
> do in order to get that working properly?
>
> James
>