You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Jana Weschenfelder <ja...@student.HTW-Berlin.de> on 2014/06/12 23:45:24 UTC
Problems with configuring the Jetty Runtime (SSL)
Dear Ladies and Gentlemen,
I have exactly the problem of
http://mail-archives.apache.org/mod_mbox/cxf-users/201403.mbox/%3C5316440E.4020709@serotoninsoftware.com%3E.
I don't know if there existed a solution already.
I followed the instructions of
http://cxf.apache.org/docs/jetty-configuration.html and I don't have any
success by using org.eclipse.jetty.server.bio.SocketConnector here. I
receive the error message then that the port (HTTP) wouldn't be configured
for HTTPS.
Regarding to Eclipse, org.eclipse.jetty.server.bio.SocketConnector is
configured for HTTP and is not a SSLConnector, and it also doesn't accept
any SSL Configuration if I look into the code there.
If I read the instructions of
http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty,
org.eclipse.jetty.server.ssl.SslSelectChannelConnector should be used as
SSLConnector instead. But if I just replace
org.eclipse.jetty.server.bio.SocketConnector in the example of
http://cxf.apache.org/docs/jetty-configuration.html, I receive the error
message "java.io.FileNotFoundException: /home/user/.keystore" as described
in
http://mail-archives.apache.org/mod_mbox/cxf-users/201403.mbox/%3C5316440E.4020709@serotoninsoftware.com%3E.
I would think that something like this would be more correct, regarding to
Eclipse:
<httpj:engine-factory id="https" bus="cxf">
<httpj:engine port="${cdmi.net.ssl.port}">
<httpj:threadingParameters minThreads="5" maxThreads="15" />
<httpj:connector>
<bean
class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<property name = "port" value="9001"/>
<bean class="org.eclipse.jetty.http.ssl.SslContextFactory">
<property name="keyStore" value="..."/>
<property name="keystoreType" value="..."/>
<property name="keyStorePassword" value="..."/>
...
<property name="excludeCipherSuites" ref="..."/>
</bean>
</bean>
</httpj:connector>
<httpj:handlers>
<bean class="org.eclipse.jetty.server.handler.DefaultHandler"/>
</httpj:handlers>
<httpj:sessionSupport>true</httpj:sessionSupport>
</httpj:engine>
</httpj:engine-factory>
But it doesn't work. It doesn't accept the part <bean
class="org.eclipse.jetty.http.ssl.SslContextFactory">...</bean> within of
<bean
class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">...</bean>.
The error message is "Invalid content was found starting with element
'bean'.".
A similar configuration was found here:
http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory
But I need it for httpj:engine-factory.
What is the right way to configure the Jetty Runtime with SSLConnector?
Is Jetty still supported by Apache CXF? Btw, HTTP works fine, but I need
HTTPS because of certificates.
Many thanks in advance!!!
Jana
Re: Problems with configuring the Jetty Runtime (SSL)
Posted by Jana Weschenfelder <ja...@student.HTW-Berlin.de>.
Me again.
This configuration seems to work as well... shortened a bit...
<beans ...>
<httpj:engine-factory id="https" bus="cxf">
<httpj:identifiedTLSServerParameters id="secure">
<httpj:tlsServerParameters>
</httpj:tlsServerParameters>
</httpj:identifiedTLSServerParameters>
<httpj:engine port="9001">
<httpj:tlsServerParametersRef id="secure"/>
<httpj:threadingParameters minThreads="5" maxThreads="15"/>
<httpj:connector>
<bean
class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<property name="port" value="9001"/>
<constructor-arg>
<bean
class="org.eclipse.jetty.http.ssl.SslContextFactory">
<property name="keyStore" value=""/>
<property name="keyStoreType" value="..."/>
<property name="keyStorePassword" value="..."/>
<property name="trustStore" value="..."/>
<property name="trustStoreType" value="..."/>
<property name="trustStorePassword" value="..."/>
<property name="wantClientAuth" value="..."/>
<property name="needClientAuth" value="..."/>
<property name="excludeCipherSuites" ref="banned"/>
</bean>
</constructor-arg>
</bean>
</httpj:connector>
<httpj:handlers>
<bean class="org.eclipse.jetty.server.handler.DefaultHandler"/>
</httpj:handlers>
<httpj:sessionSupport>true</httpj:sessionSupport>
</httpj:engine>
</httpj:engine-factory>
<bean id="banned" class="..." factory-method="...">
<constructor-arg value="..."/>
</bean>
</beans>
And again, I repeat:
More/other properties can be set as specified in
http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty.
Not sure if the keyPassword for keyManagers is really needed, more info
here:
http://stackoverflow.com/questions/10847983/what-is-the-difference-between-keystorepassword-and-keymanagerpassword-in-jetty.
And I believe, instead of
org.eclipse.jetty.server.ssl.SslSelectChannelConnector, the class
org.eclipse.jetty.server.ssl.SslSocketConnector can be used as well...
looked very similar and worked, too.
Jana
Am Fr, 13.06.2014, 01:47 schrieb Jana Weschenfelder:
> I forgot something:
> More info:
> http://cxf.apache.org/docs/secure-jax-rs-services.html#SecureJAX-RSServices-Configuringendpoints
> (till the end of the page)
>
> And:
> <bean id="banned" class="..." factory-method="...">
> <constructor-arg value="...">
> </bean>
>
> Should be:
> <bean id="banned" class="..." factory-method="...">
> <constructor-arg value="..."/>
> </bean>
>
> I just forgot a slash there. ;-)
>
> Jana
>
>
> Am Fr, 13.06.2014, 01:30 schrieb Jana Weschenfelder:
>> Hello, I think I got it working...
>>
>> With the following configuration, it seems to work... I haven't found
>> online references for it, and it looks twice configured, but it seems to
>> work correctly... I have invented it right now, thanks to the Spring IoC
>> documentation.
>>
>> <beans ...>
>>
>> <httpj:engine-factory id="https" bus="cxf">
>> <httpj:identifiedTLSServerParameters id="secure">
>> <httpj:tlsServerParameters>
>> <sec:keyManagers>
>> <sec:keyStore type="..." password="..." file="..."/>
>> </sec:keyManagers>
>> <sec:trustManagers>
>> <sec:keyStore type="..." password="..." file="..."/>
>> </sec:trustManagers>
>> <sec:cipherSuitesFilter>
>> <sec:include>.*_EXPORT_.*</sec:include>
>> <sec:include>.*_EXPORT1024_.*</sec:include>
>> <sec:include>.*_WITH_DES_.*</sec:include>
>> <sec:include>.*_WITH_NULL_.*</sec:include>
>> <sec:exclude>.*_DH_anon_.*</sec:exclude>
>> </sec:cipherSuitesFilter>
>> </httpj:tlsServerParameters>
>> </httpj:identifiedTLSServerParameters>
>> <httpj:engine port="9001">
>> <httpj:tlsServerParametersRef id="secure"/>
>> <httpj:threadingParameters minThreads="5" maxThreads="15"/>
>> <httpj:connector>
>> <bean
>> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
>> <property name="port" value="9001"/>
>> <constructor-arg>
>> <bean
>> class="org.eclipse.jetty.http.ssl.SslContextFactory">
>> <property name="keyStore" value=""/>
>> <property name="keyStoreType" value="..."/>
>> <property name="keyStorePassword" value="..."/>
>> <property name="trustStore" value="..."/>
>> <property name="trustStoreType" value="..."/>
>> <property name="trustStorePassword"
>> value="..."/>
>> <property name="wantClientAuth" value="..."/>
>> <property name="needClientAuth" value="..."/>
>> <property name="excludeCipherSuites"
>> ref="banned"/>
>> </bean>
>> </constructor-arg>
>> </bean>
>> </httpj:connector>
>> <httpj:handlers>
>> <bean
>> class="org.eclipse.jetty.server.handler.DefaultHandler"/>
>> </httpj:handlers>
>> <httpj:sessionSupport>true</httpj:sessionSupport>
>> </httpj:engine>
>> </httpj:engine-factory>
>>
>> <bean id="banned" class="..." factory-method="...">
>> <constructor-arg value="...">
>> </bean>
>>
>> </beans>
>>
>> The configuration looks really twice now... but without the lower
>> configuration, you will get an error message that a .keystore file is
>> missing. And without the upper configuration, you will get the error
>> message "java.lang.RuntimeException: Connector
>> SslSelectChannelConnector@0.0.0.0:9001 for JettyServerEngine Port 9001
>> does not support non-SSL connections.".
>>
>> If you configure it twice as above, it seems to work without any
>> problems.
>> I can connect to the service after I confirmed that I trust the web
>> site,
>> as it should be. It will need more tests to be very sure.
>>
>> More/other properties can be set as specified in
>> http://cxf.apache.org/docs/jetty-configuration.html and
>> http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty. I
>> think the configuration needs to be done twice at the moment so that it
>> works, on CXF side and on Jetty side (the Jetty side uses Spring IoC).
>>
>> Not sure if the keyPassword for keyManagers is really needed, more info
>> here:
>> http://stackoverflow.com/questions/10847983/what-is-the-difference-between-keystorepassword-and-keymanagerpassword-in-jetty.
>>
>> If the configuration above is correct, either Apache or Eclipse will
>> have
>> to update their documentation. I would think that Eclipse made a change
>> sometime and Apache still doesn't know about it. As I said, I also have
>> to
>> test the configuration first. It looks very good so far, but it still
>> can
>> be wrong somewhere.
>>
>> I believe, instead of
>> org.eclipse.jetty.server.ssl.SslSelectChannelConnector, the class
>> org.eclipse.jetty.server.ssl.SslSocketConnector can be used as well...
>> looked very similar and worked, too.
>>
>> Thanks, Jana
>>
>>
>> Am Do, 12.06.2014, 23:45 schrieb Jana Weschenfelder:
>>> Dear Ladies and Gentlemen,
>>>
>>> I have exactly the problem of
>>> http://mail-archives.apache.org/mod_mbox/cxf-users/201403.mbox/%3C5316440E.4020709@serotoninsoftware.com%3E.
>>> I don't know if there existed a solution already.
>>>
>>> I followed the instructions of
>>> http://cxf.apache.org/docs/jetty-configuration.html and I don't have
>>> any
>>> success by using org.eclipse.jetty.server.bio.SocketConnector here. I
>>> receive the error message then that the port (HTTP) wouldn't be
>>> configured
>>> for HTTPS.
>>>
>>> Regarding to Eclipse, org.eclipse.jetty.server.bio.SocketConnector is
>>> configured for HTTP and is not a SSLConnector, and it also doesn't
>>> accept
>>> any SSL Configuration if I look into the code there.
>>>
>>> If I read the instructions of
>>> http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty,
>>> org.eclipse.jetty.server.ssl.SslSelectChannelConnector should be used
>>> as
>>> SSLConnector instead. But if I just replace
>>> org.eclipse.jetty.server.bio.SocketConnector in the example of
>>> http://cxf.apache.org/docs/jetty-configuration.html, I receive the
>>> error
>>> message "java.io.FileNotFoundException: /home/user/.keystore" as
>>> described
>>> in
>>> http://mail-archives.apache.org/mod_mbox/cxf-users/201403.mbox/%3C5316440E.4020709@serotoninsoftware.com%3E.
>>>
>>> I would think that something like this would be more correct, regarding
>>> to
>>> Eclipse:
>>> <httpj:engine-factory id="https" bus="cxf">
>>> <httpj:engine port="${cdmi.net.ssl.port}">
>>> <httpj:threadingParameters minThreads="5" maxThreads="15" />
>>> <httpj:connector>
>>> <bean
>>> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
>>> <property name = "port" value="9001"/>
>>> <bean
>>> class="org.eclipse.jetty.http.ssl.SslContextFactory">
>>> <property name="keyStore" value="..."/>
>>> <property name="keystoreType" value="..."/>
>>> <property name="keyStorePassword" value="..."/>
>>> ...
>>> <property name="excludeCipherSuites" ref="..."/>
>>> </bean>
>>> </bean>
>>> </httpj:connector>
>>> <httpj:handlers>
>>> <bean
>>> class="org.eclipse.jetty.server.handler.DefaultHandler"/>
>>> </httpj:handlers>
>>> <httpj:sessionSupport>true</httpj:sessionSupport>
>>> </httpj:engine>
>>> </httpj:engine-factory>
>>>
>>> But it doesn't work. It doesn't accept the part <bean
>>> class="org.eclipse.jetty.http.ssl.SslContextFactory">...</bean> within
>>> of
>>> <bean
>>> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">...</bean>.
>>> The error message is "Invalid content was found starting with element
>>> 'bean'.".
>>>
>>> A similar configuration was found here:
>>> http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory
>>>
>>> But I need it for httpj:engine-factory.
>>>
>>> What is the right way to configure the Jetty Runtime with SSLConnector?
>>> Is Jetty still supported by Apache CXF? Btw, HTTP works fine, but I
>>> need
>>> HTTPS because of certificates.
>>>
>>> Many thanks in advance!!!
>>>
>>> Jana
>>>
>>>
>>
>>
>>
>
>
>
Re: Problems with configuring the Jetty Runtime (SSL)
Posted by Jana Weschenfelder <ja...@student.HTW-Berlin.de>.
I forgot something:
More info:
http://cxf.apache.org/docs/secure-jax-rs-services.html#SecureJAX-RSServices-Configuringendpoints
(till the end of the page)
And:
<bean id="banned" class="..." factory-method="...">
<constructor-arg value="...">
</bean>
Should be:
<bean id="banned" class="..." factory-method="...">
<constructor-arg value="..."/>
</bean>
I just forgot a slash there. ;-)
Jana
Am Fr, 13.06.2014, 01:30 schrieb Jana Weschenfelder:
> Hello, I think I got it working...
>
> With the following configuration, it seems to work... I haven't found
> online references for it, and it looks twice configured, but it seems to
> work correctly... I have invented it right now, thanks to the Spring IoC
> documentation.
>
> <beans ...>
>
> <httpj:engine-factory id="https" bus="cxf">
> <httpj:identifiedTLSServerParameters id="secure">
> <httpj:tlsServerParameters>
> <sec:keyManagers>
> <sec:keyStore type="..." password="..." file="..."/>
> </sec:keyManagers>
> <sec:trustManagers>
> <sec:keyStore type="..." password="..." file="..."/>
> </sec:trustManagers>
> <sec:cipherSuitesFilter>
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </httpj:tlsServerParameters>
> </httpj:identifiedTLSServerParameters>
> <httpj:engine port="9001">
> <httpj:tlsServerParametersRef id="secure"/>
> <httpj:threadingParameters minThreads="5" maxThreads="15"/>
> <httpj:connector>
> <bean
> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
> <property name="port" value="9001"/>
> <constructor-arg>
> <bean
> class="org.eclipse.jetty.http.ssl.SslContextFactory">
> <property name="keyStore" value=""/>
> <property name="keyStoreType" value="..."/>
> <property name="keyStorePassword" value="..."/>
> <property name="trustStore" value="..."/>
> <property name="trustStoreType" value="..."/>
> <property name="trustStorePassword" value="..."/>
> <property name="wantClientAuth" value="..."/>
> <property name="needClientAuth" value="..."/>
> <property name="excludeCipherSuites"
> ref="banned"/>
> </bean>
> </constructor-arg>
> </bean>
> </httpj:connector>
> <httpj:handlers>
> <bean
> class="org.eclipse.jetty.server.handler.DefaultHandler"/>
> </httpj:handlers>
> <httpj:sessionSupport>true</httpj:sessionSupport>
> </httpj:engine>
> </httpj:engine-factory>
>
> <bean id="banned" class="..." factory-method="...">
> <constructor-arg value="...">
> </bean>
>
> </beans>
>
> The configuration looks really twice now... but without the lower
> configuration, you will get an error message that a .keystore file is
> missing. And without the upper configuration, you will get the error
> message "java.lang.RuntimeException: Connector
> SslSelectChannelConnector@0.0.0.0:9001 for JettyServerEngine Port 9001
> does not support non-SSL connections.".
>
> If you configure it twice as above, it seems to work without any problems.
> I can connect to the service after I confirmed that I trust the web site,
> as it should be. It will need more tests to be very sure.
>
> More/other properties can be set as specified in
> http://cxf.apache.org/docs/jetty-configuration.html and
> http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty. I
> think the configuration needs to be done twice at the moment so that it
> works, on CXF side and on Jetty side (the Jetty side uses Spring IoC).
>
> Not sure if the keyPassword for keyManagers is really needed, more info
> here:
> http://stackoverflow.com/questions/10847983/what-is-the-difference-between-keystorepassword-and-keymanagerpassword-in-jetty.
>
> If the configuration above is correct, either Apache or Eclipse will have
> to update their documentation. I would think that Eclipse made a change
> sometime and Apache still doesn't know about it. As I said, I also have to
> test the configuration first. It looks very good so far, but it still can
> be wrong somewhere.
>
> I believe, instead of
> org.eclipse.jetty.server.ssl.SslSelectChannelConnector, the class
> org.eclipse.jetty.server.ssl.SslSocketConnector can be used as well...
> looked very similar and worked, too.
>
> Thanks, Jana
>
>
> Am Do, 12.06.2014, 23:45 schrieb Jana Weschenfelder:
>> Dear Ladies and Gentlemen,
>>
>> I have exactly the problem of
>> http://mail-archives.apache.org/mod_mbox/cxf-users/201403.mbox/%3C5316440E.4020709@serotoninsoftware.com%3E.
>> I don't know if there existed a solution already.
>>
>> I followed the instructions of
>> http://cxf.apache.org/docs/jetty-configuration.html and I don't have any
>> success by using org.eclipse.jetty.server.bio.SocketConnector here. I
>> receive the error message then that the port (HTTP) wouldn't be
>> configured
>> for HTTPS.
>>
>> Regarding to Eclipse, org.eclipse.jetty.server.bio.SocketConnector is
>> configured for HTTP and is not a SSLConnector, and it also doesn't
>> accept
>> any SSL Configuration if I look into the code there.
>>
>> If I read the instructions of
>> http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty,
>> org.eclipse.jetty.server.ssl.SslSelectChannelConnector should be used as
>> SSLConnector instead. But if I just replace
>> org.eclipse.jetty.server.bio.SocketConnector in the example of
>> http://cxf.apache.org/docs/jetty-configuration.html, I receive the error
>> message "java.io.FileNotFoundException: /home/user/.keystore" as
>> described
>> in
>> http://mail-archives.apache.org/mod_mbox/cxf-users/201403.mbox/%3C5316440E.4020709@serotoninsoftware.com%3E.
>>
>> I would think that something like this would be more correct, regarding
>> to
>> Eclipse:
>> <httpj:engine-factory id="https" bus="cxf">
>> <httpj:engine port="${cdmi.net.ssl.port}">
>> <httpj:threadingParameters minThreads="5" maxThreads="15" />
>> <httpj:connector>
>> <bean
>> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
>> <property name = "port" value="9001"/>
>> <bean
>> class="org.eclipse.jetty.http.ssl.SslContextFactory">
>> <property name="keyStore" value="..."/>
>> <property name="keystoreType" value="..."/>
>> <property name="keyStorePassword" value="..."/>
>> ...
>> <property name="excludeCipherSuites" ref="..."/>
>> </bean>
>> </bean>
>> </httpj:connector>
>> <httpj:handlers>
>> <bean
>> class="org.eclipse.jetty.server.handler.DefaultHandler"/>
>> </httpj:handlers>
>> <httpj:sessionSupport>true</httpj:sessionSupport>
>> </httpj:engine>
>> </httpj:engine-factory>
>>
>> But it doesn't work. It doesn't accept the part <bean
>> class="org.eclipse.jetty.http.ssl.SslContextFactory">...</bean> within
>> of
>> <bean
>> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">...</bean>.
>> The error message is "Invalid content was found starting with element
>> 'bean'.".
>>
>> A similar configuration was found here:
>> http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory
>>
>> But I need it for httpj:engine-factory.
>>
>> What is the right way to configure the Jetty Runtime with SSLConnector?
>> Is Jetty still supported by Apache CXF? Btw, HTTP works fine, but I need
>> HTTPS because of certificates.
>>
>> Many thanks in advance!!!
>>
>> Jana
>>
>>
>
>
>
Re: Problems with configuring the Jetty Runtime (SSL)
Posted by Jana Weschenfelder <ja...@student.HTW-Berlin.de>.
Hello, I think I got it working...
With the following configuration, it seems to work... I haven't found
online references for it, and it looks twice configured, but it seems to
work correctly... I have invented it right now, thanks to the Spring IoC
documentation.
<beans ...>
<httpj:engine-factory id="https" bus="cxf">
<httpj:identifiedTLSServerParameters id="secure">
<httpj:tlsServerParameters>
<sec:keyManagers>
<sec:keyStore type="..." password="..." file="..."/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="..." password="..." file="..."/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:identifiedTLSServerParameters>
<httpj:engine port="9001">
<httpj:tlsServerParametersRef id="secure"/>
<httpj:threadingParameters minThreads="5" maxThreads="15"/>
<httpj:connector>
<bean
class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<property name="port" value="9001"/>
<constructor-arg>
<bean
class="org.eclipse.jetty.http.ssl.SslContextFactory">
<property name="keyStore" value=""/>
<property name="keyStoreType" value="..."/>
<property name="keyStorePassword" value="..."/>
<property name="trustStore" value="..."/>
<property name="trustStoreType" value="..."/>
<property name="trustStorePassword" value="..."/>
<property name="wantClientAuth" value="..."/>
<property name="needClientAuth" value="..."/>
<property name="excludeCipherSuites" ref="banned"/>
</bean>
</constructor-arg>
</bean>
</httpj:connector>
<httpj:handlers>
<bean class="org.eclipse.jetty.server.handler.DefaultHandler"/>
</httpj:handlers>
<httpj:sessionSupport>true</httpj:sessionSupport>
</httpj:engine>
</httpj:engine-factory>
<bean id="banned" class="..." factory-method="...">
<constructor-arg value="...">
</bean>
</beans>
The configuration looks really twice now... but without the lower
configuration, you will get an error message that a .keystore file is
missing. And without the upper configuration, you will get the error
message "java.lang.RuntimeException: Connector
SslSelectChannelConnector@0.0.0.0:9001 for JettyServerEngine Port 9001
does not support non-SSL connections.".
If you configure it twice as above, it seems to work without any problems.
I can connect to the service after I confirmed that I trust the web site,
as it should be. It will need more tests to be very sure.
More/other properties can be set as specified in
http://cxf.apache.org/docs/jetty-configuration.html and
http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty. I
think the configuration needs to be done twice at the moment so that it
works, on CXF side and on Jetty side (the Jetty side uses Spring IoC).
Not sure if the keyPassword for keyManagers is really needed, more info
here:
http://stackoverflow.com/questions/10847983/what-is-the-difference-between-keystorepassword-and-keymanagerpassword-in-jetty.
If the configuration above is correct, either Apache or Eclipse will have
to update their documentation. I would think that Eclipse made a change
sometime and Apache still doesn't know about it. As I said, I also have to
test the configuration first. It looks very good so far, but it still can
be wrong somewhere.
I believe, instead of
org.eclipse.jetty.server.ssl.SslSelectChannelConnector, the class
org.eclipse.jetty.server.ssl.SslSocketConnector can be used as well...
looked very similar and worked, too.
Thanks, Jana
Am Do, 12.06.2014, 23:45 schrieb Jana Weschenfelder:
> Dear Ladies and Gentlemen,
>
> I have exactly the problem of
> http://mail-archives.apache.org/mod_mbox/cxf-users/201403.mbox/%3C5316440E.4020709@serotoninsoftware.com%3E.
> I don't know if there existed a solution already.
>
> I followed the instructions of
> http://cxf.apache.org/docs/jetty-configuration.html and I don't have any
> success by using org.eclipse.jetty.server.bio.SocketConnector here. I
> receive the error message then that the port (HTTP) wouldn't be configured
> for HTTPS.
>
> Regarding to Eclipse, org.eclipse.jetty.server.bio.SocketConnector is
> configured for HTTP and is not a SSLConnector, and it also doesn't accept
> any SSL Configuration if I look into the code there.
>
> If I read the instructions of
> http://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Configuring_Jetty,
> org.eclipse.jetty.server.ssl.SslSelectChannelConnector should be used as
> SSLConnector instead. But if I just replace
> org.eclipse.jetty.server.bio.SocketConnector in the example of
> http://cxf.apache.org/docs/jetty-configuration.html, I receive the error
> message "java.io.FileNotFoundException: /home/user/.keystore" as described
> in
> http://mail-archives.apache.org/mod_mbox/cxf-users/201403.mbox/%3C5316440E.4020709@serotoninsoftware.com%3E.
>
> I would think that something like this would be more correct, regarding to
> Eclipse:
> <httpj:engine-factory id="https" bus="cxf">
> <httpj:engine port="${cdmi.net.ssl.port}">
> <httpj:threadingParameters minThreads="5" maxThreads="15" />
> <httpj:connector>
> <bean
> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
> <property name = "port" value="9001"/>
> <bean
> class="org.eclipse.jetty.http.ssl.SslContextFactory">
> <property name="keyStore" value="..."/>
> <property name="keystoreType" value="..."/>
> <property name="keyStorePassword" value="..."/>
> ...
> <property name="excludeCipherSuites" ref="..."/>
> </bean>
> </bean>
> </httpj:connector>
> <httpj:handlers>
> <bean
> class="org.eclipse.jetty.server.handler.DefaultHandler"/>
> </httpj:handlers>
> <httpj:sessionSupport>true</httpj:sessionSupport>
> </httpj:engine>
> </httpj:engine-factory>
>
> But it doesn't work. It doesn't accept the part <bean
> class="org.eclipse.jetty.http.ssl.SslContextFactory">...</bean> within of
> <bean
> class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">...</bean>.
> The error message is "Invalid content was found starting with element
> 'bean'.".
>
> A similar configuration was found here:
> http://www.eclipse.org/jetty/documentation/current/configuring-ssl.html#configuring-sslcontextfactory
>
> But I need it for httpj:engine-factory.
>
> What is the right way to configure the Jetty Runtime with SSLConnector?
> Is Jetty still supported by Apache CXF? Btw, HTTP works fine, but I need
> HTTPS because of certificates.
>
> Many thanks in advance!!!
>
> Jana
>
>