You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by semecxf <di...@gmail.com> on 2012/06/27 15:49:17 UTC
CXF Rest and Certificate Authentication
I secured my rest services for certificate authentication and https for my
server
I was able to configure my rest client to send certificate along with my
request data.
However, cxf is trying to encrypt my return data and it is throwing an
exception.
Any idea?
Here is my http conduit
<http:conduit name="\{https://localhost\:.*\}WebClient\.http-conduit">
<http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
<http:tlsClientParameters disableCNCheck="true">
<sec:keyManagers keyPassword="client">
<sec:keyStore type="JKS" password="client"
file="src/test/resources/keys/client.jks"/>
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="mytrust"
file="src/test/resources/keys/truststore.jks"/>
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
2012-06-27 09:32:50,029 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain] -
<Invoking handleMessage on interceptor
org.apache.cxf.interceptor.LoggingOutInterceptor@
6d3285c8>
2012-06-27 09:32:50,030 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain] -
<Invoking handleMessage on interceptor
org.apache.cxf.rs.security.xml.XmlEncOutIntercept
or@5eba6f07>
2012-06-27 09:32:50,334 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain] -
<Invoking handleMessage on interceptor
org.apache.cxf.jaxrs.interceptor.JAXRSOutIntercep
tor@21cf6527>
2012-06-27 09:32:50,340 WARN
[org.apache.cxf.jaxrs.interceptor.JAXRSOutInterceptor] - <No message body
writer has been found for response class DOMSource.>
2012-06-27 09:32:50,341 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain] -
<Invoking handleMessage on interceptor
org.apache.cxf.interceptor.MessageSenderIntercept
or$MessageSenderEndingInterceptor@9300217>
2012-06-27 09:32:50,342 INFO
[org.apache.cxf.interceptor.LoggingOutInterceptor] - <Outbound Message
---------------------------
ID: 1
Response-Code: 500
Content-Type: text/plain
Headers: {Date=[Wed, 27 Jun 2012 13:32:50 GMT]}
Payload: No message body writer has been found for response class DOMSource.
-------------------------------------->
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-Rest-and-Certificate-Authentication-tp5710373.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: CXF Rest and Certificate Authentication
Posted by semecxf <di...@gmail.com>.
Sergey,
I don't need encryption again. After checking my config, I found
org.apache.cxf.rs.security.xml.XmlEncOutInterceptor was being used.
--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-Rest-and-Certificate-Authentication-tp5710373p5710379.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: CXF Rest and Certificate Authentication
Posted by Sergey Beryozkin <sb...@gmail.com>.
Hi
On 27/06/12 14:49, semecxf wrote:
> I secured my rest services for certificate authentication and https for my
> server
> I was able to configure my rest client to send certificate along with my
> request data.
> However, cxf is trying to encrypt my return data and it is throwing an
> exception.
>
> Any idea?
>
I can see org.apache.cxf.rs.security.xml.XmlEncOutInterceptor is
involved so it tries to encrypt. Why do you need the encryption if you
already have a two-way TLS ?
Cheers, Sergey
> Here is my http conduit
>
> <http:conduit name="\{https://localhost\:.*\}WebClient\.http-conduit">
> <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
> <http:tlsClientParameters disableCNCheck="true">
> <sec:keyManagers keyPassword="client">
> <sec:keyStore type="JKS" password="client"
> file="src/test/resources/keys/client.jks"/>
> </sec:keyManagers>
> <sec:trustManagers>
> <sec:keyStore type="JKS" password="mytrust"
> file="src/test/resources/keys/truststore.jks"/>
> </sec:trustManagers>
> </http:tlsClientParameters>
> </http:conduit>
>
>
>
> 2012-06-27 09:32:50,029 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain] -
> <Invoking handleMessage on interceptor
> org.apache.cxf.interceptor.LoggingOutInterceptor@
> 6d3285c8>
> 2012-06-27 09:32:50,030 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain] -
> <Invoking handleMessage on interceptor
> org.apache.cxf.rs.security.xml.XmlEncOutIntercept
> or@5eba6f07>
> 2012-06-27 09:32:50,334 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain] -
> <Invoking handleMessage on interceptor
> org.apache.cxf.jaxrs.interceptor.JAXRSOutIntercep
> tor@21cf6527>
> 2012-06-27 09:32:50,340 WARN
> [org.apache.cxf.jaxrs.interceptor.JAXRSOutInterceptor] -<No message body
> writer has been found for response class DOMSource.>
> 2012-06-27 09:32:50,341 DEBUG [org.apache.cxf.phase.PhaseInterceptorChain] -
> <Invoking handleMessage on interceptor
> org.apache.cxf.interceptor.MessageSenderIntercept
> or$MessageSenderEndingInterceptor@9300217>
> 2012-06-27 09:32:50,342 INFO
> [org.apache.cxf.interceptor.LoggingOutInterceptor] -<Outbound Message
> ---------------------------
> ID: 1
> Response-Code: 500
> Content-Type: text/plain
> Headers: {Date=[Wed, 27 Jun 2012 13:32:50 GMT]}
> Payload: No message body writer has been found for response class DOMSource.
> -------------------------------------->
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/CXF-Rest-and-Certificate-Authentication-tp5710373.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com