You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@servicemix.apache.org by ning_sunrise <ni...@gmail.com> on 2009/06/11 16:06:51 UTC
customize cxf provider to support customize Trust Manager
Hi:
I try do some flow like following soap-->servicemix cxf bc (with ws
security) -->servicemix cxf-se->servicmeix cxf-bc-provider --> external web
service.
The connection between servicmeix cxf-bc-provider --> external web
service is ssl.
My problem is we can not handle the ssl by using java
keystore/truststore file. We have to write our customize TrustManager, we
want to add code like following before we sent out soap request to external
ws.
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(com.mycompany.Service.class);
factory.setAddress(external ws url);
Session.service = (com.mycompany.Service) factory.create();
Client client = ClientProxy.getClient(Session.adc);
HTTPConduit http = (HTTPConduit) client.getConduit();
TLSClientParameters tls = new TLSClientParameters();
tls.setDisableCNCheck(true);
tls.setTrustManagers(new TrustManager[]{new MyCustomTrustManager()});
http.setTlsClientParameters(tls);
............
I can make the code work outside servicemix.
Does anyone know how to do it in servicemix BC or a working around?
Thanks
Ning
--
View this message in context: http://www.nabble.com/customize-cxf-provider-to-support--customize-Trust-Manager-tp23982015p23982015.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: customize cxf provider to support customize Trust Manager
Posted by ning_sunrise <ni...@gmail.com>.
Hi Freeman:
I did not try smx 3.3.1 as other people in team and product manager again
upgrade smx.
I did try download the two java files to fix socket problem from Dan ,
build on my machine, use out put classes and configure <classpath
inverse="true"> .... . It looks I overcome the socket problem, but I get
another problem say "PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target", I think this new problem
caused by I did not set trust store/keystore. But our cert store in
database not in JKS file. So, we can not use standard configuration.
Now I think I have to create my own BC, but my maven do not have the
plugins in servicemix tutorial need and my company did not want upgrade the
maven plugin. So, I will try to call my external web service from cxf se or
jsr181 se and see what happen.
Thank very much. You are so good.
Ning
ning_sunrise wrote:
>
> Hi:
> I try do some flow like following soap-->servicemix cxf bc (with ws
> security) -->servicemix cxf-se->servicmeix cxf-bc-provider --> external
> web service.
>
> The connection between servicmeix cxf-bc-provider --> external web
> service is ssl.
> My problem is we can not handle the ssl by using java
> keystore/truststore file. We have to write our customize TrustManager, we
> want to add code like following before we sent out soap request to
> external ws.
>
> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
> factory.setServiceClass(com.mycompany.Service.class);
> factory.setAddress(external ws url);
>
> Session.service = (com.mycompany.Service) factory.create();
>
> Client client = ClientProxy.getClient(Session.adc);
>
> HTTPConduit http = (HTTPConduit) client.getConduit();
>
> TLSClientParameters tls = new TLSClientParameters();
>
> tls.setDisableCNCheck(true);
>
> tls.setTrustManagers(new TrustManager[]{new MyCustomTrustManager()});
>
> http.setTlsClientParameters(tls);
>
> ............
>
> I can make the code work outside servicemix.
> Does anyone know how to do it in servicemix BC or a working around?
>
> Thanks
> Ning
>
>
>
--
View this message in context: http://www.nabble.com/customize-cxf-provider-to-support--customize-Trust-Manager-tp23982015p24091901.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: customize cxf provider to support customize Trust Manager
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
I'm confused with your question. What's your current problem? The
conduit is always null or you still see "Unconnected sockets not
implemented"?
What's your cxf bc provider configuration? And could you set your
inteceptor phase as PRE_LOGICAL and try again?
Freeman
ning_sunrise wrote:
> Hi Freeman:
> I update cxf to 2.1.5 but I have same problem. To test this, I do like
> following
> soap -> servicemix cxf bc(with ws security + ssl) -> servicemix camel
> -> servicemix cxf-bc- provider( ssl to external web service + Outbound
> Interceptor) --> external web service.
> In the Outbound Interceptor, I changed the conduit like this
>
> public OutboundSslInterceptor() {
> super(Phase.PRE_STREAM);
> }
>
> public void handleMessage(Message message) throws Fault {
>
> System.out.println("start setting in ssl");
>
> System.out.println(message.size());
>
> MessageExchange me = message.get(MessageExchange.class);
>
> HTTPConduit conduit = (org.apache.cxf.transport.http.HTTPConduit)
> message
> .getExchange().getConduit(message);
>
> if (conduit != null) {
>
> System.out.println("Setting conduit");
>
> TLSClientParameters sslParams = new TLSClientParameters();
>
> sslParams.setDisableCNCheck(Boolean.TRUE);
> sslParams
> .setTrustManagers(new TrustManager[] { new My509TrustManager() });
> conduit.setTlsClientParameters(sslParams);
> return;
> }
> System.out.println("Setting in ssl conduit is null");
> }
>
>
>
> From the debug information, I saw the camel send the soap message to
> cxf provider, but I can not get conduit, it always null.
>
> What is wrong? Did I set the interceptor in correct Phase?
>
> Thanks
> Ning
>
>
>
>
>
>
> ning_sunrise wrote:
>
>> Hi:
>> I try do some flow like following soap-->servicemix cxf bc (with ws
>> security) -->servicemix cxf-se->servicmeix cxf-bc-provider --> external
>> web service.
>>
>> The connection between servicmeix cxf-bc-provider --> external web
>> service is ssl.
>> My problem is we can not handle the ssl by using java
>> keystore/truststore file. We have to write our customize TrustManager, we
>> want to add code like following before we sent out soap request to
>> external ws.
>>
>> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>> factory.setServiceClass(com.mycompany.Service.class);
>> factory.setAddress(external ws url);
>>
>> Session.service = (com.mycompany.Service) factory.create();
>>
>> Client client = ClientProxy.getClient(Session.adc);
>>
>> HTTPConduit http = (HTTPConduit) client.getConduit();
>>
>> TLSClientParameters tls = new TLSClientParameters();
>>
>> tls.setDisableCNCheck(true);
>>
>> tls.setTrustManagers(new TrustManager[]{new MyCustomTrustManager()});
>>
>> http.setTlsClientParameters(tls);
>>
>> ............
>>
>> I can make the code work outside servicemix.
>> Does anyone know how to do it in servicemix BC or a working around?
>>
>> Thanks
>> Ning
>>
>>
>>
>>
>
>
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
Re: customize cxf provider to support customize Trust Manager
Posted by ning_sunrise <ni...@gmail.com>.
Hi Freeman:
I update cxf to 2.1.5 but I have same problem. To test this, I do like
following
soap -> servicemix cxf bc(with ws security + ssl) -> servicemix camel
-> servicemix cxf-bc- provider( ssl to external web service + Outbound
Interceptor) --> external web service.
In the Outbound Interceptor, I changed the conduit like this
public OutboundSslInterceptor() {
super(Phase.PRE_STREAM);
}
public void handleMessage(Message message) throws Fault {
System.out.println("start setting in ssl");
System.out.println(message.size());
MessageExchange me = message.get(MessageExchange.class);
HTTPConduit conduit = (org.apache.cxf.transport.http.HTTPConduit)
message
.getExchange().getConduit(message);
if (conduit != null) {
System.out.println("Setting conduit");
TLSClientParameters sslParams = new TLSClientParameters();
sslParams.setDisableCNCheck(Boolean.TRUE);
sslParams
.setTrustManagers(new TrustManager[] { new My509TrustManager() });
conduit.setTlsClientParameters(sslParams);
return;
}
System.out.println("Setting in ssl conduit is null");
}
From the debug information, I saw the camel send the soap message to
cxf provider, but I can not get conduit, it always null.
What is wrong? Did I set the interceptor in correct Phase?
Thanks
Ning
ning_sunrise wrote:
>
> Hi:
> I try do some flow like following soap-->servicemix cxf bc (with ws
> security) -->servicemix cxf-se->servicmeix cxf-bc-provider --> external
> web service.
>
> The connection between servicmeix cxf-bc-provider --> external web
> service is ssl.
> My problem is we can not handle the ssl by using java
> keystore/truststore file. We have to write our customize TrustManager, we
> want to add code like following before we sent out soap request to
> external ws.
>
> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
> factory.setServiceClass(com.mycompany.Service.class);
> factory.setAddress(external ws url);
>
> Session.service = (com.mycompany.Service) factory.create();
>
> Client client = ClientProxy.getClient(Session.adc);
>
> HTTPConduit http = (HTTPConduit) client.getConduit();
>
> TLSClientParameters tls = new TLSClientParameters();
>
> tls.setDisableCNCheck(true);
>
> tls.setTrustManagers(new TrustManager[]{new MyCustomTrustManager()});
>
> http.setTlsClientParameters(tls);
>
> ............
>
> I can make the code work outside servicemix.
> Does anyone know how to do it in servicemix BC or a working around?
>
> Thanks
> Ning
>
>
>
--
View this message in context: http://www.nabble.com/customize-cxf-provider-to-support--customize-Trust-Manager-tp23982015p24054562.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: customize cxf provider to support customize Trust Manager
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
What's your current problem then?
Always get the null conduit or something else?
Did you try my suggestion? What's the smx version you are using? the 3.3.1?
Freeman
ning_sunrise wrote:
> Freeman:
> My bad. I think we are using cxf 2.1.4 as I put servicemix-cxf-bc
> 2009.01 in servicemix lib. But it cause other people problem , so they
> rollback to servicemix-cxf-bc 2008.01 inside is cxf 2.1.2. So, i have
> JDK6_10 create socket which already fixed by dan like you point out. So,
> what do you think? I did play classpath but too many dependence so I
> still can not figure it out.
> Thank you very much for help
> Ning
>
> ning_sunrise wrote:
>
>> Hi:
>> I try do some flow like following soap-->servicemix cxf bc (with ws
>> security) -->servicemix cxf-se->servicmeix cxf-bc-provider --> external
>> web service.
>>
>> The connection between servicmeix cxf-bc-provider --> external web
>> service is ssl.
>> My problem is we can not handle the ssl by using java
>> keystore/truststore file. We have to write our customize TrustManager, we
>> want to add code like following before we sent out soap request to
>> external ws.
>>
>> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>> factory.setServiceClass(com.mycompany.Service.class);
>> factory.setAddress(external ws url);
>>
>> Session.service = (com.mycompany.Service) factory.create();
>>
>> Client client = ClientProxy.getClient(Session.adc);
>>
>> HTTPConduit http = (HTTPConduit) client.getConduit();
>>
>> TLSClientParameters tls = new TLSClientParameters();
>>
>> tls.setDisableCNCheck(true);
>>
>> tls.setTrustManagers(new TrustManager[]{new MyCustomTrustManager()});
>>
>> http.setTlsClientParameters(tls);
>>
>> ............
>>
>> I can make the code work outside servicemix.
>> Does anyone know how to do it in servicemix BC or a working around?
>>
>> Thanks
>> Ning
>>
>>
>>
>>
>
>
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
Re: customize cxf provider to support customize Trust Manager
Posted by ning_sunrise <ni...@gmail.com>.
Freeman:
My bad. I think we are using cxf 2.1.4 as I put servicemix-cxf-bc
2009.01 in servicemix lib. But it cause other people problem , so they
rollback to servicemix-cxf-bc 2008.01 inside is cxf 2.1.2. So, i have
JDK6_10 create socket which already fixed by dan like you point out. So,
what do you think? I did play classpath but too many dependence so I
still can not figure it out.
Thank you very much for help
Ning
ning_sunrise wrote:
>
> Hi:
> I try do some flow like following soap-->servicemix cxf bc (with ws
> security) -->servicemix cxf-se->servicmeix cxf-bc-provider --> external
> web service.
>
> The connection between servicmeix cxf-bc-provider --> external web
> service is ssl.
> My problem is we can not handle the ssl by using java
> keystore/truststore file. We have to write our customize TrustManager, we
> want to add code like following before we sent out soap request to
> external ws.
>
> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
> factory.setServiceClass(com.mycompany.Service.class);
> factory.setAddress(external ws url);
>
> Session.service = (com.mycompany.Service) factory.create();
>
> Client client = ClientProxy.getClient(Session.adc);
>
> HTTPConduit http = (HTTPConduit) client.getConduit();
>
> TLSClientParameters tls = new TLSClientParameters();
>
> tls.setDisableCNCheck(true);
>
> tls.setTrustManagers(new TrustManager[]{new MyCustomTrustManager()});
>
> http.setTlsClientParameters(tls);
>
> ............
>
> I can make the code work outside servicemix.
> Does anyone know how to do it in servicemix BC or a working around?
>
> Thanks
> Ning
>
>
>
--
View this message in context: http://www.nabble.com/customize-cxf-provider-to-support--customize-Trust-Manager-tp23982015p24074166.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: customize cxf provider to support customize Trust Manager
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
I guess it should be related to the discussion [1] if you are using jdk
6 update 10.
And what's the smx version are you using?
Since this problem already get fixed in cxf so if you use latest smx
snapshot , you should also pick up this fix.
[1]http://www.nabble.com/CXF-and-Java-6-Update-10-td19463818.html
Freeman
ning_sunrise wrote:
> Hi Freeman:
> I try use Interceptors but I get "Unconnected sockets not
> implemented" exception. Any idea?
> I try do more test later. Tahnks
> Ning
>
>
>
>
>
> Freeman Fang wrote:
>
>> Hi,
>> I believe you can do it by adding an interceptor to cxf bc provider's
>> outInterceptors list.
>> in this interceptor, you can get conduit from the outbound message, then
>> next should be same as your code...
>> Freeman
>> ning_sunrise wrote:
>>
>>> Hi:
>>> I try do some flow like following soap-->servicemix cxf bc (with
>>> ws
>>> security) -->servicemix cxf-se->servicmeix cxf-bc-provider --> external
>>> web
>>> service.
>>>
>>> The connection between servicmeix cxf-bc-provider --> external web
>>> service is ssl.
>>> My problem is we can not handle the ssl by using java
>>> keystore/truststore file. We have to write our customize TrustManager, we
>>> want to add code like following before we sent out soap request to
>>> external
>>> ws.
>>>
>>> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>>> factory.setServiceClass(com.mycompany.Service.class);
>>> factory.setAddress(external ws url);
>>>
>>> Session.service = (com.mycompany.Service) factory.create();
>>>
>>> Client client = ClientProxy.getClient(Session.adc);
>>>
>>> HTTPConduit http = (HTTPConduit) client.getConduit();
>>>
>>> TLSClientParameters tls = new TLSClientParameters();
>>>
>>> tls.setDisableCNCheck(true);
>>>
>>> tls.setTrustManagers(new TrustManager[]{new
>>> MyCustomTrustManager()});
>>>
>>> http.setTlsClientParameters(tls);
>>>
>>> ............
>>>
>>> I can make the code work outside servicemix.
>>> Does anyone know how to do it in servicemix BC or a working around?
>>>
>>> Thanks
>>> Ning
>>>
>>>
>>>
>>>
>> --
>> Freeman Fang
>> ------------------------
>> Open Source SOA: http://fusesource.com
>>
>>
>>
>>
>
>
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com
Re: customize cxf provider to support customize Trust Manager
Posted by ning_sunrise <ni...@gmail.com>.
Hi Freeman:
I try use Interceptors but I get "Unconnected sockets not
implemented" exception. Any idea?
I try do more test later. Tahnks
Ning
Freeman Fang wrote:
>
> Hi,
> I believe you can do it by adding an interceptor to cxf bc provider's
> outInterceptors list.
> in this interceptor, you can get conduit from the outbound message, then
> next should be same as your code...
> Freeman
> ning_sunrise wrote:
>> Hi:
>> I try do some flow like following soap-->servicemix cxf bc (with
>> ws
>> security) -->servicemix cxf-se->servicmeix cxf-bc-provider --> external
>> web
>> service.
>>
>> The connection between servicmeix cxf-bc-provider --> external web
>> service is ssl.
>> My problem is we can not handle the ssl by using java
>> keystore/truststore file. We have to write our customize TrustManager, we
>> want to add code like following before we sent out soap request to
>> external
>> ws.
>>
>> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
>> factory.setServiceClass(com.mycompany.Service.class);
>> factory.setAddress(external ws url);
>>
>> Session.service = (com.mycompany.Service) factory.create();
>>
>> Client client = ClientProxy.getClient(Session.adc);
>>
>> HTTPConduit http = (HTTPConduit) client.getConduit();
>>
>> TLSClientParameters tls = new TLSClientParameters();
>>
>> tls.setDisableCNCheck(true);
>>
>> tls.setTrustManagers(new TrustManager[]{new
>> MyCustomTrustManager()});
>>
>> http.setTlsClientParameters(tls);
>>
>> ............
>>
>> I can make the code work outside servicemix.
>> Does anyone know how to do it in servicemix BC or a working around?
>>
>> Thanks
>> Ning
>>
>>
>>
>
>
> --
> Freeman Fang
> ------------------------
> Open Source SOA: http://fusesource.com
>
>
>
--
View this message in context: http://www.nabble.com/customize-cxf-provider-to-support--customize-Trust-Manager-tp23982015p23985780.html
Sent from the ServiceMix - User mailing list archive at Nabble.com.
Re: customize cxf provider to support customize Trust Manager
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
I believe you can do it by adding an interceptor to cxf bc provider's
outInterceptors list.
in this interceptor, you can get conduit from the outbound message, then
next should be same as your code...
Freeman
ning_sunrise wrote:
> Hi:
> I try do some flow like following soap-->servicemix cxf bc (with ws
> security) -->servicemix cxf-se->servicmeix cxf-bc-provider --> external web
> service.
>
> The connection between servicmeix cxf-bc-provider --> external web
> service is ssl.
> My problem is we can not handle the ssl by using java
> keystore/truststore file. We have to write our customize TrustManager, we
> want to add code like following before we sent out soap request to external
> ws.
>
> JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
> factory.setServiceClass(com.mycompany.Service.class);
> factory.setAddress(external ws url);
>
> Session.service = (com.mycompany.Service) factory.create();
>
> Client client = ClientProxy.getClient(Session.adc);
>
> HTTPConduit http = (HTTPConduit) client.getConduit();
>
> TLSClientParameters tls = new TLSClientParameters();
>
> tls.setDisableCNCheck(true);
>
> tls.setTrustManagers(new TrustManager[]{new MyCustomTrustManager()});
>
> http.setTlsClientParameters(tls);
>
> ............
>
> I can make the code work outside servicemix.
> Does anyone know how to do it in servicemix BC or a working around?
>
> Thanks
> Ning
>
>
>
--
Freeman Fang
------------------------
Open Source SOA: http://fusesource.com