You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "Segal, Jeffrey" <Je...@solers.com> on 2007/11/30 22:40:50 UTC

SSL Enabling CXF Clients + Spring + Factory methods

Hello CXFers,
 
I need to SSL enable some CXF services and client code that uses said
services.  I found examples in the CXF sample area of SSL enabling a
client in code, but that's not really viable in an enterprise solution.
Doing some backward engineering of the code sample, I created the
following Spring configuration that did actually work (i.e., I was able
to successfully invoke methods over SSL):
 
    <bean id="fooServiceQName" class="javax.xml.namespace.QName">
        <constructor-arg value="http://foo.service.com"/>
        <constructor-arg value="FooService"/>
    </bean>
 
    <bean id="fooService" class="com.service.Foo" scope="prototype">
        <constructor-arg
value="https://localhost:8443/services/foo?WSDL"/>
        <constructor-arg ref="fooServiceQName"/>
    </bean>
 
    <http:conduit name="{http://foo.service.com
<http://foo.service.com"/> }FooServicePort.http-conduit">
        <http:tlsClientParameters secureSocketProtocol="TLS"/>
    </http:conduit>

Unfortunately, this is pretty ugly and also requires that the service be
available at the time the XML config file is loaded, or creation of the
fooService bean will fail.  There are of course work-arounds to that,
but they get ugly and unwieldy quickly.  The surprising thing (and the
ultimate source of the problem) is that the following configuration will
NOT work:
 
    <bean id="fooServiceClient" class="com.service.Foo"
          factory-bean="fooServiceClientFactory"
factory-method="create"/>
 
    <bean id="fooServiceClientFactory"
class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
        <property name="serviceClass" value="com.service.Foo"/>
        <property name="address"
value="https://localhost:8443/services/foo?WSDL
<https://localhost:8443/services/foo?WSDL"/> "/
<https://localhost:8443/sushi-services/services/AdministrationService?WS
DL"/> >
    </bean>

 
    <http:conduit name="{http://foo.service.com
<http://foo.service.com"/> }FooServicePort.http-conduit">
        <http:tlsClientParameters secureSocketProtocol="TLS"/>
    </http:conduit>

Instead, this error occurs: java.io.IOException: Illegal Protocol https
for HTTP URLConnection Factory.  Clearly, the HTTP Conduit is being
ignored.  However, it brings up the greater question of why such a
theoretically simple configuration change is so difficult.  With a large
set of services, it can become quite tedious to make sure all of the
Conduit names match perfectly with the template laid out at the bottom
of the "Configuring SSL Support" section at
http://cwiki.apache.org/confluence/display/CXF20DOC/Client+HTTP+Transpor
t.
 
Or am I doing something wrong here?  Please let me know if that is the
case or this is just a chunk of functionality that does not yet exist.
 
Thanks!
Jeff