You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Alex <de...@gmail.com> on 2010/03/09 10:38:46 UTC
spring ssl client authentication
Hi,
I have configured my Client via Spring but it seems that now client
authentication is done.
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
xsi:schemaLocation="
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<http:conduit name="{ns://localhost/tls}Service.http-conduit">
<http:client ConnectionTimeout="30000" ReceiveTimeout="300000" />
<http:tlsClientParameters
secureSocketProtocol="SSL" disableCNCheck="true">
<sec:keyManagers keyPassword="password01">
<sec:keyStore type="JKS" password="password01" file="keystore.jks" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="changeit" file="truststore.jks" />
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
<bean id="client2Service" class="tls.client.Client"
factory-bean="clientFactory" factory-method="create" />
<bean id="clientFactory" class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean">
<property name="serviceClass" value="tls.svc.ServicePort" />
<property name="address" value="https://localhost:443/tls/service" />
</bean>
</beans>
but when I write all the configuration into a java-class it works:
public void init() throws Exception {
try {
ClassLoader cl = UVStClassLoaderContext.getContext();
WSDLLOCATION = cl.getResource(strPath2wsdl);
SERVICENAME = new QName(ns, srv_name);
Service service = new Service(WSDLLOCATION, SERVICENAME);
svcport = service.getService();
Client client = ClientProxy.getClient(svcport);
Map<String, Object> requestContext =
((BindingProvider)svcport).getRequestContext();
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
ENDPOINTADDRESS);
HTTPConduit http = (HTTPConduit) client.getConduit();
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setSecureSocketProtocol("SSL");
tlsParams.setDisableCNCheck(true);
KeyStore keyStoreCC = KeyStore.getInstance("JKS");
String keypassCC = "password01";
File keyFile = new File("keystore.jks");
keyStoreCC.load(new FileInputStream(keyFile),
keypassCC.toCharArray());
KeyStore keyStoreTC = KeyStore.getInstance("JKS");
String trustpassTC = "changeit";
File trustFile = new File("truststore.jks");
keyStoreTC.load(new FileInputStream(trustFile),
trustpassTC.toCharArray());
TrustManagerFactory trustFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(keyStoreTC);
TrustManager[] tm = trustFactory.getTrustManagers();
tlsParams.setTrustManagers(tm);
KeyManagerFactory keyFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStoreCC, keypassCC.toCharArray());
KeyManager[] km = keyFactory.getKeyManagers();
tlsParams.setKeyManagers(km);
tlsParams.setCipherSuitesFilter(null);
HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
httpClientPolicy.setConnectionTimeout(connectionTimeout);
httpClientPolicy.setReceiveTimeout(receiveTimeout);
http.setTlsClientParameters(tlsParams);
http.setClient(httpClientPolicy);
if (cfxLog) {
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new
LoggingOutInterceptor());
}
}
catch (Exception e) {
throw e;
}
}
do you have any hints, thanks Alex
Re: spring ssl client authentication
Posted by Daniel Kulp <dk...@apache.org>.
Usually, this is due to the bean name not being correct for the http:conduit.
Make sure it's the port name (not the service name) from the wsdl in your
case. Alternatively, use the URL as it appears in the wsdl (config is loaded
before the BindingProvider.ENDPOINT_ADRESS thing is used) or with a regex like
so:
<http:conduit name="http://localhost:9000/.*">
.....
Dan
On Tuesday 09 March 2010 4:38:46 am Alex wrote:
> Hi,
>
> I have configured my Client via Spring but it seems that now client
> authentication is done.
>
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
> xsi:schemaLocation="
> http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://www.springframework.org/schema/beans
>
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
>
> <http:conduit name="{ns://localhost/tls}Service.http-conduit">
> <http:client ConnectionTimeout="30000" ReceiveTimeout="300000" />
> <http:tlsClientParameters
> secureSocketProtocol="SSL" disableCNCheck="true">
> <sec:keyManagers keyPassword="password01">
> <sec:keyStore type="JKS" password="password01" file="keystore.jks" />
> </sec:keyManagers>
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="changeit" file="truststore.jks" />
> </sec:trustManagers>
> </http:tlsClientParameters>
> </http:conduit>
>
> <bean id="client2Service" class="tls.client.Client"
> factory-bean="clientFactory" factory-method="create" />
> <bean id="clientFactory"
> class="org.apache.cxf.jaxws.JaxWsProxyFactoryBean"> <property
> name="serviceClass" value="tls.svc.ServicePort" />
> <property name="address" value="https://localhost:443/tls/service" />
> </bean>
> </beans>
>
> but when I write all the configuration into a java-class it works:
>
> public void init() throws Exception {
> try {
> ClassLoader cl = UVStClassLoaderContext.getContext();
> WSDLLOCATION = cl.getResource(strPath2wsdl);
> SERVICENAME = new QName(ns, srv_name);
> Service service = new Service(WSDLLOCATION, SERVICENAME);
>
> svcport = service.getService();
> Client client = ClientProxy.getClient(svcport);
>
> Map<String, Object> requestContext =
> ((BindingProvider)svcport).getRequestContext();
>
> requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
> ENDPOINTADDRESS);
>
> HTTPConduit http = (HTTPConduit) client.getConduit();
>
> TLSClientParameters tlsParams = new TLSClientParameters();
> tlsParams.setSecureSocketProtocol("SSL");
> tlsParams.setDisableCNCheck(true);
>
> KeyStore keyStoreCC = KeyStore.getInstance("JKS");
> String keypassCC = "password01";
> File keyFile = new File("keystore.jks");
> keyStoreCC.load(new FileInputStream(keyFile),
> keypassCC.toCharArray());
>
> KeyStore keyStoreTC = KeyStore.getInstance("JKS");
> String trustpassTC = "changeit";
> File trustFile = new File("truststore.jks");
> keyStoreTC.load(new FileInputStream(trustFile),
> trustpassTC.toCharArray());
>
> TrustManagerFactory trustFactory =
> TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
> trustFactory.init(keyStoreTC);
> TrustManager[] tm = trustFactory.getTrustManagers();
> tlsParams.setTrustManagers(tm);
>
> KeyManagerFactory keyFactory =
> KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
> keyFactory.init(keyStoreCC, keypassCC.toCharArray());
> KeyManager[] km = keyFactory.getKeyManagers();
> tlsParams.setKeyManagers(km);
> tlsParams.setCipherSuitesFilter(null);
>
>
> HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
> httpClientPolicy.setConnectionTimeout(connectionTimeout);
> httpClientPolicy.setReceiveTimeout(receiveTimeout);
>
> http.setTlsClientParameters(tlsParams);
> http.setClient(httpClientPolicy);
> if (cfxLog) {
> client.getInInterceptors().add(new
> LoggingInInterceptor()); client.getOutInterceptors().add(new
> LoggingOutInterceptor());
> }
> }
> catch (Exception e) {
> throw e;
> }
> }
>
> do you have any hints, thanks Alex
--
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog