You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@servicemix.apache.org by Juan José Vázquez Delgado <ju...@gmail.com> on 2010/10/09 20:45:16 UTC
[SMX4] TLS configuration problem in an OSGi packaged CXF-BC bundle
Hi,
Currently, I´m developing an OSGi packaged CXF-BC bundle which has to
host several web service clients. The communication has to be secured
setting a TLS configuration based on PKCS#12 keystores. Everything is
ok when I use the 'file' parameter in the keystore configuration but
I´m not able to make it work using the 'resource' parameter.
I guess it´s a classloading problem but I can´t find out why my bundle
doesn´t resolve the resources. The keystores are embedded into the
bundle.
The main parts of my configuration files are the following:
* service-client.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0"
xmlns:ns="http://......"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://servicemix.apache.org/cxfbc/1.0
http://servicemix.apache.org/cxfbc/1.0/servicemix-cxf-bc.xsd">
<import resource="classpath:META-INF/cxf/cxf.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
<import resource="classpath:META-INF/cxf/cxf-extension-http.xml" />
<cxfbc:provider wsdl="classpath:wsdl/myws.wsdl"
locationURI="https://..../MyService"
service="ns:myservice" endpoint="myport"
interfaceName="ns:myporttype">
<cxfbc:providedBus>
<ref bean="cxf"/>
</cxfbc:providedBus>
</cxfbc:provider>
<bean class="org.apache.servicemix.common.osgi.EndpointExporter" />
</beans>
* sec.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
xsi:schemaLocation="http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<http:conduit name="{......}myport.http-conduit">
<http:tlsClientParameters>
<sec:trustManagers>
<sec:keyStore type="JKS" resource="security/mytruststore.jks" />
</sec:trustManagers>
<sec:keyManagers keyPassword="*******">
<sec:keyStore type="PKCS12" password="********"
resource="security/mykeystore.p12" />
</sec:keyManagers>
<sec:cipherSuitesFilter>
<!-- these filters ensure that a ciphersuite with
export-suitable or null encryption is used,
but exclude anonymous Diffie-Hellman key change as
this is vulnerable to man-in-the-middle attacks -->
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
<bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />
</beans>
* pom.xml
..........
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
<extensions>true</extensions>
<configuration>
<instructions>
<Import-Package>
javax.jws,
javax.wsdl,
javax.xml.bind,
javax.xml.bind.annotation,
javax.xml.namespace,
javax.xml.soap,
javax.xml.ws,
META-INF.cxf,
org.apache.cxf.bus,
org.apache.cxf.bus.spring,
org.apache.cxf.bus.resource,
org.apache.cxf.configuration.spring,
org.apache.cxf.resource,
org.apache.servicemix.cxfbc,
org.springframework.beans.factory.config,
org.apache.servicemix.common.osgi
</Import-Package>
<Require-Bundle>org.apache.cxf.bundle</Require-Bundle>
</instructions>
</configuration>
</plugin>
........
I would appreciate any help. Thanks in advance.
BR,
Juanjo.
Re: [SMX4] TLS configuration problem in an OSGi packaged CXF-BC bundle
Posted by Juan José Vázquez Delgado <ju...@gmail.com>.
Hi Freeman,
Finally, the fragment bundle approach has been sucessful :-).
Thank you for your help and useful support.
Keep up the good work!.
BR,
Juanjo.
Juan-José Vázquez
http://www.tecsisa.com
On Sun, Oct 10, 2010 at 4:01 PM, Freeman Fang <fr...@gmail.com> wrote:
> Hi Juanjo,
>
> I think you hit a problem that pass resource files between bundles at
> runtime, let's say the scenario is that you have
> bunde1 and bundle2, now you need pass a resource file from bundle2 to
> bundle1, but the resource file in bundle2 isn't available for bundle1, at
> the moment when you write bundle1, you don't know the package path of the
> resource from other bundles might pass in, so you can't add certain
> import-package for bundle1, or bundle1 is third party published bundle so
> you can't touch or change it.
>
> The solution for this scenario could be that create a fragment bundle, which
> contain the resource files, and attach this fragment bundle to the
> bundle(play the role as host bundle, all resource in fragment bundle is
> available for host bundle) you wanna pass resource in(for your case it
> should be cxf-bundle)
>
> Freeman
> On 2010-10-10, at 下午5:31, Juan José Vázquez Delgado wrote:
>
>> Juanjo
>
>
> --
> Freeman Fang
>
> ------------------------
> blog: http://freemanfang.blogspot.com
> twitter: http://twitter.com/freemanfang
> Open Source SOA: http://fusesource.com
> Apache Servicemix:http://servicemix.apache.org
> Apache Cxf: http://cxf.apache.org
> Apache Karaf: http://karaf.apache.org
> Apache Felix: http://felix.apache.org
>
>
Re: [SMX4] TLS configuration problem in an OSGi packaged CXF-BC bundle
Posted by Juan José Vázquez Delgado <ju...@gmail.com>.
Hi Freeman,
So, if I understand what you mean correctly, cxf-bundle needs my
resources in runtime but of course it can´t add an import-package to
do it, right?. In that case, the fragment bundle approach seems the
way to go. I´ll try!.
Thanks for your help :-).
BR,
Juanjo.
On Sun, Oct 10, 2010 at 4:01 PM, Freeman Fang <fr...@gmail.com> wrote:
> Hi Juanjo,
>
> I think you hit a problem that pass resource files between bundles at
> runtime, let's say the scenario is that you have
> bunde1 and bundle2, now you need pass a resource file from bundle2 to
> bundle1, but the resource file in bundle2 isn't available for bundle1, at
> the moment when you write bundle1, you don't know the package path of the
> resource from other bundles might pass in, so you can't add certain
> import-package for bundle1, or bundle1 is third party published bundle so
> you can't touch or change it.
>
> The solution for this scenario could be that create a fragment bundle, which
> contain the resource files, and attach this fragment bundle to the
> bundle(play the role as host bundle, all resource in fragment bundle is
> available for host bundle) you wanna pass resource in(for your case it
> should be cxf-bundle)
>
> Freeman
> On 2010-10-10, at 下午5:31, Juan José Vázquez Delgado wrote:
>
>> Juanjo
>
>
> --
> Freeman Fang
>
> ------------------------
> blog: http://freemanfang.blogspot.com
> twitter: http://twitter.com/freemanfang
> Open Source SOA: http://fusesource.com
> Apache Servicemix:http://servicemix.apache.org
> Apache Cxf: http://cxf.apache.org
> Apache Karaf: http://karaf.apache.org
> Apache Felix: http://felix.apache.org
>
>
Re: [SMX4] TLS configuration problem in an OSGi packaged CXF-BC bundle
Posted by Freeman Fang <fr...@gmail.com>.
Hi Juanjo,
I think you hit a problem that pass resource files between bundles at
runtime, let's say the scenario is that you have
bunde1 and bundle2, now you need pass a resource file from bundle2 to
bundle1, but the resource file in bundle2 isn't available for bundle1,
at the moment when you write bundle1, you don't know the package path
of the resource from other bundles might pass in, so you can't add
certain import-package for bundle1, or bundle1 is third party
published bundle so you can't touch or change it.
The solution for this scenario could be that create a fragment bundle,
which contain the resource files, and attach this fragment bundle to
the bundle(play the role as host bundle, all resource in fragment
bundle is available for host bundle) you wanna pass resource in(for
your case it should be cxf-bundle)
Freeman
On 2010-10-10, at 下午5:31, Juan José Vázquez Delgado wrote:
> Juanjo
--
Freeman Fang
------------------------
blog: http://freemanfang.blogspot.com
twitter: http://twitter.com/freemanfang
Open Source SOA: http://fusesource.com
Apache Servicemix:http://servicemix.apache.org
Apache Cxf: http://cxf.apache.org
Apache Karaf: http://karaf.apache.org
Apache Felix: http://felix.apache.org
Re: [SMX4] TLS configuration problem in an OSGi packaged CXF-BC bundle
Posted by Juan José Vázquez Delgado <ju...@gmail.com>.
Thanks Freeman for your answer.
My jks and p12 files are indeed in ./src/main/resources/security
folder and the sec.xml one is in src/main/resources/META-INF/spring/.
I´ve tried your proposed changes with no luck. In fact, since
'security' folder is already in bundle´s classpath, I can´t understand
why it´s mandatory to add explicitly the 'security' folder to the
'Private-Package' section. (However, from a security point of view can
be a great idea :-) ).
The stacktrace I get is:
Caused by: java.io.IOException: Could not load keystore resource
security/mykeystore.p12
at org.apache.cxf.configuration.jsse.spring.TLSParameterJaxBUtils.getKeyStore(TLSParameterJaxBUtils.java:123)
at org.apache.cxf.configuration.jsse.spring.TLSParameterJaxBUtils.getKeyManagers(TLSParameterJaxBUtils.java:204)
at org.apache.cxf.configuration.jsse.spring.TLSClientParametersConfig.createTLSClientParametersFromType(TLSClientParametersConfig.java:84)
at org.apache.cxf.configuration.jsse.spring.TLSClientParametersConfig.createTLSClientParameters(TLSClientParametersConfig.java:115)
... 65 more
Any ideas?.
Thanks in advance.
BR,
Juanjo.
On Sun, Oct 10, 2010 at 5:22 AM, Freeman Fang <fr...@gmail.com> wrote:
>
> On 2010-10-10, at 上午2:45, Juan José Vázquez Delgado wrote:
>
>> Hi,
>>
>> Currently, I´m developing an OSGi packaged CXF-BC bundle which has to
>> host several web service clients. The communication has to be secured
>> setting a TLS configuration based on PKCS#12 keystores. Everything is
>> ok when I use the 'file' parameter in the keystore configuration but
>> I´m not able to make it work using the 'resource' parameter.
>>
>> I guess it´s a classloading problem but I can´t find out why my bundle
>> doesn´t resolve the resources. The keystores are embedded into the
>> bundle.
>>
>> The main parts of my configuration files are the following:
>>
>> * service-client.xml
>>
>> <beans xmlns="http://www.springframework.org/schema/beans"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0"
>> xmlns:ns="http://......"
>> xsi:schemaLocation="http://www.springframework.org/schema/beans
>> http://www.springframework.org/schema/beans/spring-beans.xsd
>>
>> http://servicemix.apache.org/cxfbc/1.0
>> http://servicemix.apache.org/cxfbc/1.0/servicemix-cxf-bc.xsd">
>>
>> <import resource="classpath:META-INF/cxf/cxf.xml" />
>> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
>> <import resource="classpath:META-INF/cxf/cxf-extension-http.xml" />
>>
> Also, here I think you should add
> <import resource="classpath:META-INF/spring/sec.xml" />
> I assume you put both service-client.xml and sec.xml in
> src/main/resources/META-INF/spring/ folder of your project.
>
> Freeman
>>
>> <cxfbc:provider wsdl="classpath:wsdl/myws.wsdl"
>> locationURI="https://..../MyService"
>> service="ns:myservice" endpoint="myport"
>> interfaceName="ns:myporttype">
>> <cxfbc:providedBus>
>> <ref bean="cxf"/>
>> </cxfbc:providedBus>
>> </cxfbc:provider>
>>
>> <bean class="org.apache.servicemix.common.osgi.EndpointExporter" />
>>
>> </beans>
>>
>> * sec.xml
>>
>> <beans xmlns="http://www.springframework.org/schema/beans"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xmlns:sec="http://cxf.apache.org/configuration/security"
>> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
>> xsi:schemaLocation="http://cxf.apache.org/configuration/security
>>
>> http://cxf.apache.org/schemas/configuration/security.xsd
>>
>> http://cxf.apache.org/transports/http/configuration
>>
>> http://cxf.apache.org/schemas/configuration/http-conf.xsd
>>
>> http://www.springframework.org/schema/beans
>>
>> http://www.springframework.org/schema/beans/spring-beans.xsd">
>>
>> <http:conduit name="{......}myport.http-conduit">
>> <http:tlsClientParameters>
>> <sec:trustManagers>
>> <sec:keyStore type="JKS"
>> resource="security/mytruststore.jks" />
>> </sec:trustManagers>
>> <sec:keyManagers keyPassword="*******">
>> <sec:keyStore type="PKCS12"
>> password="********"
>> resource="security/mykeystore.p12" />
>> </sec:keyManagers>
>> <sec:cipherSuitesFilter>
>> <!-- these filters ensure that a ciphersuite with
>> export-suitable or null encryption is used,
>> but exclude anonymous Diffie-Hellman key change
>> as
>> this is vulnerable to man-in-the-middle attacks
>> -->
>> <sec:include>.*_EXPORT_.*</sec:include>
>> <sec:include>.*_EXPORT1024_.*</sec:include>
>> <sec:include>.*_WITH_DES_.*</sec:include>
>> <sec:include>.*_WITH_NULL_.*</sec:include>
>> <sec:exclude>.*_DH_anon_.*</sec:exclude>
>> </sec:cipherSuitesFilter>
>> </http:tlsClientParameters>
>> </http:conduit>
>>
>> <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />
>>
>> </beans>
>>
>> * pom.xml
>>
>> ..........
>> <plugin>
>> <groupId>org.apache.felix</groupId>
>> <artifactId>maven-bundle-plugin</artifactId>
>> <extensions>true</extensions>
>> <configuration>
>> <instructions>
>> <Import-Package>
>> javax.jws,
>> javax.wsdl,
>> javax.xml.bind,
>> javax.xml.bind.annotation,
>> javax.xml.namespace,
>> javax.xml.soap,
>> javax.xml.ws,
>> META-INF.cxf,
>> org.apache.cxf.bus,
>> org.apache.cxf.bus.spring,
>> org.apache.cxf.bus.resource,
>> org.apache.cxf.configuration.spring,
>> org.apache.cxf.resource,
>> org.apache.servicemix.cxfbc,
>> org.springframework.beans.factory.config,
>> org.apache.servicemix.common.osgi
>> </Import-Package>
>>
>> <Require-Bundle>org.apache.cxf.bundle</Require-Bundle>
>> </instructions>
>> </configuration>
>> </plugin>
>> ........
>>
>>
>> I would appreciate any help. Thanks in advance.
>>
>> BR,
>>
>> Juanjo.
>
>
> --
> Freeman Fang
>
> ------------------------
> blog: http://freemanfang.blogspot.com
> twitter: http://twitter.com/freemanfang
> Open Source SOA: http://fusesource.com
> Apache Servicemix:http://servicemix.apache.org
> Apache Cxf: http://cxf.apache.org
> Apache Karaf: http://karaf.apache.org
> Apache Felix: http://felix.apache.org
>
>
Re: [SMX4] TLS configuration problem in an OSGi packaged CXF-BC bundle
Posted by Freeman Fang <fr...@gmail.com>.
On 2010-10-10, at 上午2:45, Juan José Vázquez Delgado wrote:
> Hi,
>
> Currently, I´m developing an OSGi packaged CXF-BC bundle which has to
> host several web service clients. The communication has to be secured
> setting a TLS configuration based on PKCS#12 keystores. Everything is
> ok when I use the 'file' parameter in the keystore configuration but
> I´m not able to make it work using the 'resource' parameter.
>
> I guess it´s a classloading problem but I can´t find out why my
> bundle
> doesn´t resolve the resources. The keystores are embedded into the
> bundle.
>
> The main parts of my configuration files are the following:
>
> * service-client.xml
>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0"
> xmlns:ns="http://......"
> xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> http://servicemix.apache.org/cxfbc/1.0
> http://servicemix.apache.org/cxfbc/1.0/servicemix-cxf-bc.xsd">
>
> <import resource="classpath:META-INF/cxf/cxf.xml" />
> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
> <import resource="classpath:META-INF/cxf/cxf-extension-http.xml" />
>
Also, here I think you should add
<import resource="classpath:META-INF/spring/sec.xml" />
I assume you put both service-client.xml and sec.xml in src/main/
resources/META-INF/spring/ folder of your project.
Freeman
> <cxfbc:provider wsdl="classpath:wsdl/myws.wsdl"
> locationURI="https://..../MyService"
> service="ns:myservice" endpoint="myport"
> interfaceName="ns:myporttype">
> <cxfbc:providedBus>
> <ref bean="cxf"/>
> </cxfbc:providedBus>
> </cxfbc:provider>
>
> <bean class="org.apache.servicemix.common.osgi.EndpointExporter" /
> >
>
> </beans>
>
> * sec.xml
>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/
> configuration"
> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
> xsi:schemaLocation="http://cxf.apache.org/configuration/
> security
> http://cxf.apache.org/schemas/configuration/security.xsd
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> ">
>
> <http:conduit name="{......}myport.http-conduit">
> <http:tlsClientParameters>
> <sec:trustManagers>
> <sec:keyStore type="JKS" resource="security/mytruststore.jks" />
> </sec:trustManagers>
> <sec:keyManagers keyPassword="*******">
> <sec:keyStore type="PKCS12" password="********"
> resource="security/mykeystore.p12" />
> </sec:keyManagers>
> <sec:cipherSuitesFilter>
> <!-- these filters ensure that a ciphersuite with
> export-suitable or null encryption is used,
> but exclude anonymous Diffie-Hellman key change as
> this is vulnerable to man-in-the-middle attacks -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> </http:conduit>
>
> <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />
>
> </beans>
>
> * pom.xml
>
> ..........
> <plugin>
> <groupId>org.apache.felix</groupId>
> <artifactId>maven-bundle-plugin</artifactId>
> <extensions>true</extensions>
> <configuration>
> <instructions>
> <Import-Package>
> javax.jws,
> javax.wsdl,
> javax.xml.bind,
> javax.xml.bind.annotation,
> javax.xml.namespace,
> javax.xml.soap,
> javax.xml.ws,
> META-INF.cxf,
> org.apache.cxf.bus,
> org.apache.cxf.bus.spring,
> org.apache.cxf.bus.resource,
> org.apache.cxf.configuration.spring,
> org.apache.cxf.resource,
> org.apache.servicemix.cxfbc,
>
> org.springframework.beans.factory.config,
> org.apache.servicemix.common.osgi
> </Import-Package>
> <Require-Bundle>org.apache.cxf.bundle</Require-Bundle>
> </instructions>
> </configuration>
> </plugin>
> ........
>
>
> I would appreciate any help. Thanks in advance.
>
> BR,
>
> Juanjo.
--
Freeman Fang
------------------------
blog: http://freemanfang.blogspot.com
twitter: http://twitter.com/freemanfang
Open Source SOA: http://fusesource.com
Apache Servicemix:http://servicemix.apache.org
Apache Cxf: http://cxf.apache.org
Apache Karaf: http://karaf.apache.org
Apache Felix: http://felix.apache.org
Re: [SMX4] TLS configuration problem in an OSGi packaged CXF-BC bundle
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
Could you add
<Private-Package>security</Private-Package>
to your pom.xml to see if this helps?
I assume the jks files are already in ./src/main/resources/security
folder of your project.
Freeman
On 2010-10-10, at 上午2:45, Juan José Vázquez Delgado wrote:
> Hi,
>
> Currently, I´m developing an OSGi packaged CXF-BC bundle which has to
> host several web service clients. The communication has to be secured
> setting a TLS configuration based on PKCS#12 keystores. Everything is
> ok when I use the 'file' parameter in the keystore configuration but
> I´m not able to make it work using the 'resource' parameter.
>
> I guess it´s a classloading problem but I can´t find out why my
> bundle
> doesn´t resolve the resources. The keystores are embedded into the
> bundle.
>
> The main parts of my configuration files are the following:
>
> * service-client.xml
>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:cxfbc="http://servicemix.apache.org/cxfbc/1.0"
> xmlns:ns="http://......"
> xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> http://servicemix.apache.org/cxfbc/1.0
> http://servicemix.apache.org/cxfbc/1.0/servicemix-cxf-bc.xsd">
>
> <import resource="classpath:META-INF/cxf/cxf.xml" />
> <import resource="classpath:META-INF/cxf/cxf-extension-soap.xml" />
> <import resource="classpath:META-INF/cxf/cxf-extension-http.xml" />
>
> <cxfbc:provider wsdl="classpath:wsdl/myws.wsdl"
> locationURI="https://..../MyService"
> service="ns:myservice" endpoint="myport"
> interfaceName="ns:myporttype">
> <cxfbc:providedBus>
> <ref bean="cxf"/>
> </cxfbc:providedBus>
> </cxfbc:provider>
>
> <bean class="org.apache.servicemix.common.osgi.EndpointExporter" /
> >
>
> </beans>
>
> * sec.xml
>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:http="http://cxf.apache.org/transports/http/
> configuration"
> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
> xsi:schemaLocation="http://cxf.apache.org/configuration/
> security
> http://cxf.apache.org/schemas/configuration/security.xsd
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans.xsd
> ">
>
> <http:conduit name="{......}myport.http-conduit">
> <http:tlsClientParameters>
> <sec:trustManagers>
> <sec:keyStore type="JKS" resource="security/mytruststore.jks" />
> </sec:trustManagers>
> <sec:keyManagers keyPassword="*******">
> <sec:keyStore type="PKCS12" password="********"
> resource="security/mykeystore.p12" />
> </sec:keyManagers>
> <sec:cipherSuitesFilter>
> <!-- these filters ensure that a ciphersuite with
> export-suitable or null encryption is used,
> but exclude anonymous Diffie-Hellman key change as
> this is vulnerable to man-in-the-middle attacks -->
> <sec:include>.*_EXPORT_.*</sec:include>
> <sec:include>.*_EXPORT1024_.*</sec:include>
> <sec:include>.*_WITH_DES_.*</sec:include>
> <sec:include>.*_WITH_NULL_.*</sec:include>
> <sec:exclude>.*_DH_anon_.*</sec:exclude>
> </sec:cipherSuitesFilter>
> </http:tlsClientParameters>
> </http:conduit>
>
> <bean id="cxf" class="org.apache.cxf.bus.CXFBusImpl" />
>
> </beans>
>
> * pom.xml
>
> ..........
> <plugin>
> <groupId>org.apache.felix</groupId>
> <artifactId>maven-bundle-plugin</artifactId>
> <extensions>true</extensions>
> <configuration>
> <instructions>
> <Import-Package>
> javax.jws,
> javax.wsdl,
> javax.xml.bind,
> javax.xml.bind.annotation,
> javax.xml.namespace,
> javax.xml.soap,
> javax.xml.ws,
> META-INF.cxf,
> org.apache.cxf.bus,
> org.apache.cxf.bus.spring,
> org.apache.cxf.bus.resource,
> org.apache.cxf.configuration.spring,
> org.apache.cxf.resource,
> org.apache.servicemix.cxfbc,
>
> org.springframework.beans.factory.config,
> org.apache.servicemix.common.osgi
> </Import-Package>
> <Require-Bundle>org.apache.cxf.bundle</Require-Bundle>
> </instructions>
> </configuration>
> </plugin>
> ........
>
>
> I would appreciate any help. Thanks in advance.
>
> BR,
>
> Juanjo.
--
Freeman Fang
------------------------
blog: http://freemanfang.blogspot.com
twitter: http://twitter.com/freemanfang
Open Source SOA: http://fusesource.com
Apache Servicemix:http://servicemix.apache.org
Apache Cxf: http://cxf.apache.org
Apache Karaf: http://karaf.apache.org
Apache Felix: http://felix.apache.org