You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@cxf.apache.org by Jerome Revillard <jr...@maatg.fr> on 2013/03/14 12:58:47 UTC

Howto update TLSClientParameters after the the first WScall

Hi,

We have some functions of  a services which require user certificate
authentication and some no. What I would like is to update the
TLSClientParameters according to the function that I call without having to
create another Client.

Here is a sample of what I want:

-------------------------------------------------------------------
JaxWsProxyFactoryBean proxyFactory = new JaxWsProxyFactoryBean();
proxyFactory.setServiceClass(CommandServicePortType.class);
proxyFactory.setAddress("https://localhost:8443/pandora-gateway-sal-command/command");
//proxyFactory.getFeatures().add(new LoggingFeature());
CommandServicePortType commandServicePortType = (CommandServicePortType)
proxyFactory.create();
		
System.out.print("Setup the trustmanager: ");
org.apache.cxf.endpoint.Client client = ClientProxy.getClient(connection);
HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
TLSClientParameters tlsClientParameters =
httpConduit.getTlsClientParameters();
if(tlsClientParameters == null){
         tlsClientParameters = new TLSClientParameters();
}
tlsClientParameters.setTrustManagers(XXXX);
httpConduit.setTlsClientParameters(tlsClientParameters);
System.out.println("OK");

		
System.out.print("Echo String in a non secured way: ");
String output = commandServicePortType.echoStringNotSecured("It works!");
System.out.println(output);
		
System.out.print("Setup the KeyManager: ");
tlsClientParameters = httpConduit.getTlsClientParameters();
if(tlsClientParameters == null){
         tlsClientParameters = new TLSClientParameters();
}
tlsClientParameters.setKeyManagers(YYYY);
httpConduit.setTlsClientParameters(tlsClientParameters);
System.out.println("OK");

System.out.println("echo ok");
output = commandServicePortType.executeAndReturnString("echo ok");
System.out.println(output);
----------------------------------------------------------------------

I'm stuck at the "executeAndReturnString" call as it require the user
authentication and it seems not using it. If I recreate the client from
scratch for the second call with all the needed parameters then it work.

What should I do so that the new TLSParamaters are taken into account ?




--
View this message in context: http://cxf.547215.n5.nabble.com/Howto-update-TLSClientParameters-after-the-the-first-WScall-tp5724549.html
Sent from the cxf-user mailing list archive at Nabble.com.

Re: Howto update TLSClientParameters after the the first WScall

Posted by Jérôme Revillard <jr...@gnubila.fr>.

Thanks a lot Dan for the quick fix.

I will try it as soon as it will be available in the daily maven
snapshot repo.

Best,
Jerome



Le 14/03/2013 19:48, Daniel Kulp a écrit :
> I just created an issue for this:  https://issues.apache.org/jira/browse/CXF-4895
>
> The AsyncClient based HTTPConduit uses the hashCode of the tlsClientParams to determine when to reuse various connection things.  However, the HttpURLConnection base conduit doesn't.   The socketFactory is cached on first hit and always used after that.
>
> Testing a fix now.
>
> Dan
>
>
>
> On Mar 14, 2013, at 7:58 AM, Jerome Revillard <jr...@maatg.fr> wrote:
>
>> Hi,
>>
>> We have some functions of  a services which require user certificate
>> authentication and some no. What I would like is to update the
>> TLSClientParameters according to the function that I call without having to
>> create another Client.
>>
>> Here is a sample of what I want:
>>
>> -------------------------------------------------------------------
>> JaxWsProxyFactoryBean proxyFactory = new JaxWsProxyFactoryBean();
>> proxyFactory.setServiceClass(CommandServicePortType.class);
>> proxyFactory.setAddress("https://localhost:8443/pandora-gateway-sal-command/command");
>> //proxyFactory.getFeatures().add(new LoggingFeature());
>> CommandServicePortType commandServicePortType = (CommandServicePortType)
>> proxyFactory.create();
>> 		
>> System.out.print("Setup the trustmanager: ");
>> org.apache.cxf.endpoint.Client client = ClientProxy.getClient(connection);
>> HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
>> TLSClientParameters tlsClientParameters =
>> httpConduit.getTlsClientParameters();
>> if(tlsClientParameters == null){
>>         tlsClientParameters = new TLSClientParameters();
>> }
>> tlsClientParameters.setTrustManagers(XXXX);
>> httpConduit.setTlsClientParameters(tlsClientParameters);
>> System.out.println("OK");
>>
>> 		
>> System.out.print("Echo String in a non secured way: ");
>> String output = commandServicePortType.echoStringNotSecured("It works!");
>> System.out.println(output);
>> 		
>> System.out.print("Setup the KeyManager: ");
>> tlsClientParameters = httpConduit.getTlsClientParameters();
>> if(tlsClientParameters == null){
>>         tlsClientParameters = new TLSClientParameters();
>> }
>> tlsClientParameters.setKeyManagers(YYYY);
>> httpConduit.setTlsClientParameters(tlsClientParameters);
>> System.out.println("OK");
>>
>> System.out.println("echo ok");
>> output = commandServicePortType.executeAndReturnString("echo ok");
>> System.out.println(output);
>> ----------------------------------------------------------------------
>>
>> I'm stuck at the "executeAndReturnString" call as it require the user
>> authentication and it seems not using it. If I recreate the client from
>> scratch for the second call with all the needed parameters then it work.
>>
>> What should I do so that the new TLSParamaters are taken into account ?
>>
>>
>>
>>
>> --
>> View this message in context: http://cxf.547215.n5.nabble.com/Howto-update-TLSClientParameters-after-the-the-first-WScall-tp5724549.html
>> Sent from the cxf-user mailing list archive at Nabble.com.

Re: Howto update TLSClientParameters after the the first WScall

Posted by Daniel Kulp <dk...@apache.org>.

I just created an issue for this:  https://issues.apache.org/jira/browse/CXF-4895

The AsyncClient based HTTPConduit uses the hashCode of the tlsClientParams to determine when to reuse various connection things.  However, the HttpURLConnection base conduit doesn't.   The socketFactory is cached on first hit and always used after that.

Testing a fix now.

Dan



On Mar 14, 2013, at 7:58 AM, Jerome Revillard <jr...@maatg.fr> wrote:

> Hi,
> 
> We have some functions of  a services which require user certificate
> authentication and some no. What I would like is to update the
> TLSClientParameters according to the function that I call without having to
> create another Client.
> 
> Here is a sample of what I want:
> 
> -------------------------------------------------------------------
> JaxWsProxyFactoryBean proxyFactory = new JaxWsProxyFactoryBean();
> proxyFactory.setServiceClass(CommandServicePortType.class);
> proxyFactory.setAddress("https://localhost:8443/pandora-gateway-sal-command/command");
> //proxyFactory.getFeatures().add(new LoggingFeature());
> CommandServicePortType commandServicePortType = (CommandServicePortType)
> proxyFactory.create();
> 		
> System.out.print("Setup the trustmanager: ");
> org.apache.cxf.endpoint.Client client = ClientProxy.getClient(connection);
> HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
> TLSClientParameters tlsClientParameters =
> httpConduit.getTlsClientParameters();
> if(tlsClientParameters == null){
>         tlsClientParameters = new TLSClientParameters();
> }
> tlsClientParameters.setTrustManagers(XXXX);
> httpConduit.setTlsClientParameters(tlsClientParameters);
> System.out.println("OK");
> 
> 		
> System.out.print("Echo String in a non secured way: ");
> String output = commandServicePortType.echoStringNotSecured("It works!");
> System.out.println(output);
> 		
> System.out.print("Setup the KeyManager: ");
> tlsClientParameters = httpConduit.getTlsClientParameters();
> if(tlsClientParameters == null){
>         tlsClientParameters = new TLSClientParameters();
> }
> tlsClientParameters.setKeyManagers(YYYY);
> httpConduit.setTlsClientParameters(tlsClientParameters);
> System.out.println("OK");
> 
> System.out.println("echo ok");
> output = commandServicePortType.executeAndReturnString("echo ok");
> System.out.println(output);
> ----------------------------------------------------------------------
> 
> I'm stuck at the "executeAndReturnString" call as it require the user
> authentication and it seems not using it. If I recreate the client from
> scratch for the second call with all the needed parameters then it work.
> 
> What should I do so that the new TLSParamaters are taken into account ?
> 
> 
> 
> 
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Howto-update-TLSClientParameters-after-the-the-first-WScall-tp5724549.html
> Sent from the cxf-user mailing list archive at Nabble.com.

-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com