You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@camel.apache.org by boriss <bs...@eunet.rs> on 2008/11/05 11:37:52 UTC

CxfProducer + SSL

Hi,

I'm trying to use a CxfProducer as a Client for the external WS and I had no
luck finding a documentation about the way of how to configure a cxf-bus on
a Camel cxf-endpoint with additional SSL properties (http:conduit). 

Cheers,
Boris
-- 
View this message in context: http://www.nabble.com/CxfProducer-%2B-SSL-tp20339349s22882p20339349.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Re: CxfProducer + SSL

Posted by boriss <bs...@eunet.rs>.

Hi,



> BTW, I don't see any @Resource annotation in the HttpConduit source code.
> 

we are obviously looking at the two different versions of HTTPConduit. Mine
was, as I’ve mentioned before, 2.1.1 and I can definitely see some
annotations inside of it.

And that’s why I needed them all…



> I don't think you need to add the elements of
> <http-conf:authorization/>
> <http-conf:proxyAuthorization/>
> <http-conf:client/> in your httpconduit configuration.
> 

Camel 1.5 and Cxf 2.1.3 looks better -> no @Resource indeed 

Cheers,
Boris

-- 
View this message in context: http://www.nabble.com/CxfProducer-%2B-SSL-tp20339349s22882p20370260.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Re: CxfProducer + SSL

Posted by Willem Jiang <wi...@gmail.com>.

Hi ,

I don't think you need to add the elements of
<http-conf:authorization/>
<http-conf:proxyAuthorization/>
<http-conf:client/> in your httpconduit configuration.

For the second question, CXF Endpoint's HttpConduit instance will be
configured with the endpoint Qname + "conduit" postfix. You can find
that the HttpConduit implements the Configurable interface.

BTW, I don't see any @Resource annotation in the HttpConduit source code.

Willem

boriss wrote:
> Hi Wiliam,
> 
> thanks for your reply. Yes, I did take a look at this example before, but
> still couldn’t figure out how to do it :-(. Finally, yesterday I’ve looked a
> bit through the source code and here is the practical solution for those who
> don’t want to spend the half day trying like I did =^D:
> 
> <cxf:cxfEndpoint id="serviceEndpoint"
> address="https://localhost:443/SoapContext/SoapPort" 
>    		serviceClass="org.apache.hello_world_soap_http.Greeter"
>     		endpointName="s:SoapPort"
>     	xmlns:s="http://apache.org/hello_world_soap_http" />
> 
> 
> <http-conf:conduit name="{
> http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
> 	    <http-conf:tlsClientParameters secureSocketProtocol="SSL">
> 	    	  <sec:keyManagers keyPassword="changeit">
> 		          <sec:keyStore type="JKS" password="changeit"
> 		               resource="conf/cert/keystore.jks"/>
> 		      </sec:keyManagers>
> 		      <sec:trustManagers>
> 		          <sec:keyStore type="JKS" password="changeit"
> 		               resource="conf/cert/truststore.jks"/>
> 		      </sec:trustManagers>
> 	           <sec:cipherSuitesFilter>
> 	                <sec:include>.*.*</sec:include>
> 	            </sec:cipherSuitesFilter>
> 	    </http-conf:tlsClientParameters>
> 	    <http-conf:authorization/>
> 	    <http-conf:proxyAuthorization/>
> 	    <http-conf:trustDecider class="foo.MessageTrustDecider"/>
> 	    <http-conf:client/>
> 	    <http-conf:basicAuthSupplier class="foo.AuthSupplier"/>	
> </http-conf:conduit>
> 
> So, the solution is ugly because the HTTPConduit (cxf 2.1.1) has the couple
> of @Resource annotations inside which could/should be removed; don’t you
> think?!; which makes the “conduit” element unnecessary large. Actually I
> needed only to define the <keyManagers> element .
> 
> Another thing to look for is inside of the <cxfEndpoint> definition, and
> that is the attribute “elementName” -> it has to correlate to the “name”
> attribute of the <conduit> Element.
> 
> So, hope that helps… :drunk:
> 
> Cheers,
> Boris
> 
> 
> 
> William Tam wrote:
>> You may want to take a look at the https sample in CXF.
>>
>> http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/
>>
>> Then, try to put your cxf endpoint configuration into the camel cxf
>> endpoint.   Hope that helps.
>>
>> - William
>>
>> On Wed, Nov 5, 2008 at 5:37 AM, boriss <bs...@eunet.rs> wrote:
>>
>

Re: CxfProducer + SSL

Posted by boriss <bs...@eunet.rs>.

Hi Wiliam,

thanks for your reply. Yes, I did take a look at this example before, but
still couldn’t figure out how to do it :-(. Finally, yesterday I’ve looked a
bit through the source code and here is the practical solution for those who
don’t want to spend the half day trying like I did =^D:

<cxf:cxfEndpoint id="serviceEndpoint"
address="https://localhost:443/SoapContext/SoapPort" 
   		serviceClass="org.apache.hello_world_soap_http.Greeter"
    		endpointName="s:SoapPort"
    	xmlns:s="http://apache.org/hello_world_soap_http" />

<http-conf:conduit name="{
http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
	    <http-conf:tlsClientParameters secureSocketProtocol="SSL">
	    	  <sec:keyManagers keyPassword="changeit">
		          <sec:keyStore type="JKS" password="changeit"
		               resource="conf/cert/keystore.jks"/>
		      </sec:keyManagers>
		      <sec:trustManagers>
		          <sec:keyStore type="JKS" password="changeit"
		               resource="conf/cert/truststore.jks"/>
		      </sec:trustManagers>
	           <sec:cipherSuitesFilter>
	                <sec:include>.*.*</sec:include>
	            </sec:cipherSuitesFilter>
	    </http-conf:tlsClientParameters>
	    <http-conf:authorization/>
	    <http-conf:proxyAuthorization/>
	    <http-conf:trustDecider class="foo.MessageTrustDecider"/>
	    <http-conf:client/>
	    <http-conf:basicAuthSupplier class="foo.AuthSupplier"/>	
</http-conf:conduit>

So, the solution is ugly because the HTTPConduit (cxf 2.1.1) has the couple
of @Resource annotations inside which could/should be removed; don’t you
think?!; which makes the “conduit” element unnecessary large. Actually I
needed only to define the <keyManagers> element .

Another thing to look for is inside of the <cxfEndpoint> definition, and
that is the attribute “elementName” -> it has to correlate to the “name”
attribute of the <conduit> Element.

So, hope that helps… :drunk:

Cheers,
Boris

William Tam wrote:
> 
> You may want to take a look at the https sample in CXF.
> 
> http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/
> 
> Then, try to put your cxf endpoint configuration into the camel cxf
> endpoint.   Hope that helps.
> 
> - William
> 
> On Wed, Nov 5, 2008 at 5:37 AM, boriss <bs...@eunet.rs> wrote:
> 

-- 
View this message in context: http://www.nabble.com/CxfProducer-%2B-SSL-tp20339349s22882p20358022.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Re: CxfProducer + SSL

Posted by William Tam <em...@gmail.com>.

You may want to take a look at the https sample in CXF.

http://svn.apache.org/repos/asf/cxf/trunk/distribution/src/main/release/samples/wsdl_first_https/

Then, try to put your cxf endpoint configuration into the camel cxf
endpoint.   Hope that helps.

- William

On Wed, Nov 5, 2008 at 5:37 AM, boriss <bs...@eunet.rs> wrote:
>
> Hi,
>
> I'm trying to use a CxfProducer as a Client for the external WS and I had no
> luck finding a documentation about the way of how to configure a cxf-bus on
> a Camel cxf-endpoint with additional SSL properties (http:conduit).
>
> Cheers,
> Boris
> --
> View this message in context: http://www.nabble.com/CxfProducer-%2B-SSL-tp20339349s22882p20339349.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
>