You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cxf.apache.org by "Daniel Kulp (JIRA)" <ji...@apache.org> on 2013/02/05 21:19:13 UTC

[jira] [Resolved] (CXF-4806) When using Spring, cannot set Jetty engine connector to an instance of SslSelectChannelConnector

     [ https://issues.apache.org/jira/browse/CXF-4806?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Daniel Kulp resolved CXF-4806.
------------------------------

       Resolution: Fixed
    Fix Version/s: 2.6.7
                   2.7.4
         Assignee: Daniel Kulp
    
> When using Spring, cannot set Jetty engine connector to an instance of SslSelectChannelConnector
> ------------------------------------------------------------------------------------------------
>
>                 Key: CXF-4806
>                 URL: https://issues.apache.org/jira/browse/CXF-4806
>             Project: CXF
>          Issue Type: Bug
>    Affects Versions: 2.7.2
>         Environment: Mac OS X, Karaf container, Spring 3.1.2
>            Reporter: Dario Amiri
>            Assignee: Daniel Kulp
>             Fix For: 2.7.4, 2.6.7
>
>
> When using spring it is not possible to set a connector of type SslSelectChannelConnector. Below is a sample Spring configuration that does not work:
> {code:xml}
>     <httpj:engine-factory bus="cxf">
>         <httpj:engine port="${webservice.https.port}">
>             <httpj:tlsServerParameters>
>                 <sec:keyManagers keyPassword="${webservice.https.keyManagerPwd}">
>                     <sec:keyStore
>                         url="${webservice.https.serviceKeyStoreUrl}"
>                         password="${webservice.https.serviceKeyStorePwd}"
>                         type="JKS" />
>                 </sec:keyManagers>
>                 <sec:trustManagers>
>                     <sec:keyStore
>                         url="${webservice.https.trustKeyStoreUrl}"
>                         password="${webservice.https.trustKeyStorePwd}"
>                         type="JKS" />
>                 </sec:trustManagers>
>                 <sec:cipherSuitesFilter>
>                     <sec:include>.*_WITH_3DES_.*</sec:include>
>                     <sec:include>.*_WITH_AES_128_.*</sec:include>
>                     <sec:include>.*_WITH_AES_256_.*</sec:include>
>                     <sec:include>.*_EXPORT_.*</sec:include>
>                     <sec:include>.*_EXPORT1024_.*</sec:include>
>                     <sec:include>.*_WITH_DES_.*</sec:include>
>                     <sec:include>.*_WITH_AES_.*</sec:include>
>                     <sec:include>.*_WITH_NULL_.*</sec:include>
>                     <sec:exclude>.*_DH_anon_.*</sec:exclude>
>                 </sec:cipherSuitesFilter>
>                 <sec:clientAuthentication want="false"
>                     required="false" />
>                 <sec:certAlias>${webservice.https.certAlias}</sec:certAlias>
>             </httpj:tlsServerParameters>
>             <httpj:threadingParameters
>                 minThreads="${webservice.minThreads}" maxThreads="${webservice.maxThreads}" />
>             <httpj:connector>
>                 <bean class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
>                     <beans:constructor-arg ref="sslContextFactory" />
>                     <property name="port"
>                         value="${webservice.https.port}" />
>                     <property name="acceptors"
>                         value="${webservice.acceptors}" />
>                 </bean>
>             </httpj:connector>
>         </httpj:engine>
>     </httpj:engine-factory>
> {code}
> The problem is code in JettHTTPServerEngine.java at line 607 and 617:
> {code:java}
>     protected void retrieveListenerFactory() {
>         if (tlsServerParameters != null) {
>             if (null != connector && !(connector instanceof SslSocketConnector)) {
>                 LOG.warning("Connector " + connector + " for JettyServerEngine Port "
>                         + port + " does not support SSL connections.");
>                 return;
>             }
>             connectorFactory =
>                 getHTTPSConnectorFactory(tlsServerParameters);            
>             protocol = "https";
>            
>         } else {
>             if (connector instanceof SslSocketConnector) {
>                 throw new RuntimeException("Connector " + connector + " for JettyServerEngine Port "
>                       + port + " does not support non-SSL connections.");
>             }
>             connectorFactory = getHTTPConnectorFactory();            
>             protocol = "http";
>         }
>         LOG.fine("Configured port " + port + " for \"" + protocol + "\".");
>     }
> {code}
> As the code is right now it does not allow the use of SslSelectChannelConnector only SslSocketConnector. Furthermore, the error checking for a plain HTTP engine is incorrect since the logic will not throw an exception for using SslSelectChannelConnector for a plain HTTP engine.
> Instead, the code should check if the instance is of a type that implements SslConnector. SslConnector is an interface which both SslSocketConnector and SslSelectChannelConnector implement and no non Ssl connector should implement.
> For discussion on this issue see:
> http://cxf.547215.n5.nabble.com/Bug-in-2-7-2-td5722635.html#a5722736

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira