You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by helander <le...@gmail.com> on 2012/07/18 20:07:42 UTC
cxfEndpoints and different transports (http, https) using PAX Web
I am using cxfEndpoints with Pax Web in a Karaf container (and Camel routes
consuming from these endpoints).
I like the way that I only have to specificy the address relative to the
http://cxf context in my endpoints, but I would like to limit the available
transport for the endpoint to https. Can I do that on the endpoint?
Can I have 2 different Pax Web instances serving on different port sets
(http and/or https) and specify which one that the cxfEndpoints hook up to?
If so, could you specify this per cxfEndpoint, per cxf-bus or do all
cxfEndpoints in the same container connect to the same Pax Web instance?
For various reasons I would like the cxfEndpoints be served by some other
port (Pax Web instance) than the port where user interfaces, e.g.
webconsole, are served, so any information about being able to associate cxf
with a secondary Pax web instance would be most helpful.
/Lars
--
View this message in context: http://camel.465427.n5.nabble.com/cxfEndpoints-and-different-transports-http-https-using-PAX-Web-tp5716216.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: cxfEndpoints and different transports (http, https) using PAX
Web
Posted by helander <le...@gmail.com>.
Willem, thanks for the clarification regarding the registration of the cxf
servlet.
May I propose to add a configuration parameter to cxf that defines a service
lookup filter to be used when cxf finds the http service. This should be
fairly simple to introduce, if the filter config is defined then just supply
it to the service lookup (should not break any existing code).
No, I am not able to use an additional container since the webconsole and
other web applications need to operate on the same container as my cxf
endpoints / camel routes.
When managed service factories were introduced (along with the CM Admin
service) in OSGi (over ten years ago) on typical example that was brought up
was to instantiate multiple http services from the same service bundle, and
where each instance had its own configuration parameter set. I have seen no
traces of Pax Web being designed to be capable of this, but if someone knows
more about this I would be happy to receive some information.
Thanks
Lars
--
View this message in context: http://camel.465427.n5.nabble.com/cxfEndpoints-and-different-transports-http-https-using-PAX-Web-tp5716216p5716233.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: cxfEndpoints and different transports (http, https) using PAX Web
Posted by Scott England-Sullivan <su...@gmail.com>.
Hi Lars,
There is a bug currently that prevents the component from resolving a
"match any" consumer endpoint with a bridged producer. I have opened
a ticket a provided a patch. You can follow the details here:
https://issues.apache.org/jira/browse/CAMEL-5458
Until then, I believe you can configure your base external endpoint
with a context path and then match off of that. I believe this will
work as you are expecting.
sully6768
On Jul 21, 2012, at 11:03 AM, helander <le...@gmail.com> wrote:
> Hi Sully and thanks for the input.
>
> Now I think I know how it works, but I have an additional question:
>
> Both entries in the config file specifies "http://localhost:8181", is it
> possible do something like:
>
> "http://localhost:8181/system/console" on one and
> "http://localhost:8181/cxf" on the other
>
> in order to filter what gets received from the respective jetty port? Or
> could you do that kind of filtering
> in some other way?
>
> /Lars
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/cxfEndpoints-and-different-transports-http-https-using-PAX-Web-tp5716216p5716310.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
Re: cxfEndpoints and different transports (http, https) using PAX
Web
Posted by helander <le...@gmail.com>.
Hi Sully and thanks for the input.
Now I think I know how it works, but I have an additional question:
Both entries in the config file specifies "http://localhost:8181", is it
possible do something like:
"http://localhost:8181/system/console" on one and
"http://localhost:8181/cxf" on the other
in order to filter what gets received from the respective jetty port? Or
could you do that kind of filtering
in some other way?
/Lars
--
View this message in context: http://camel.465427.n5.nabble.com/cxfEndpoints-and-different-transports-http-https-using-PAX-Web-tp5716216p5716310.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: cxfEndpoints and different transports (http, https) using PAX Web
Posted by Scott England-Sullivan <su...@gmail.com>.
Lars,
I created an example project that can be reviewed here:
https://github.com/sully6768/camel-sandbox/tree/trunk/examples. It uses
the latest Fuse ESB 4.4.1 if you want to try it out. There is a small
write up under the proxy project. Both projects are required though if you
want to actually deploy it and test it. Otherwise glean what you can from
it.
Regards,
Scott ES
On Thu, Jul 19, 2012 at 2:07 PM, helander <le...@gmail.com> wrote:
> Hi Scott, and thank you very much for the information you provided so far.
> I am looking forward for the additional details you so kindly intended to
> provide.
>
> However at this point I do not understand how this will going to solve my
> "requirements", but maybe that will be totally clear when you provide some
> more details
>
> Thanks
>
> Lars
>
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/cxfEndpoints-and-different-transports-http-https-using-PAX-Web-tp5716216p5716263.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
--
--
Scott England-Sullivan
----------------------------------
FuseSource
Web: http://www.fusesource.com
Blog: http://sully6768.blogspot.com
Twitter: sully6768
Re: cxfEndpoints and different transports (http, https) using PAX
Web
Posted by helander <le...@gmail.com>.
Hi Scott, and thank you very much for the information you provided so far.
I am looking forward for the additional details you so kindly intended to
provide.
However at this point I do not understand how this will going to solve my
"requirements", but maybe that will be totally clear when you provide some
more details
Thanks
Lars
--
View this message in context: http://camel.465427.n5.nabble.com/cxfEndpoints-and-different-transports-http-https-using-PAX-Web-tp5716216p5716263.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: cxfEndpoints and different transports (http, https) using PAX Web
Posted by Scott England-Sullivan <su...@gmail.com>.
As Christian suggested earlier, if you are using ServiceMix uncomment the
${SMX_HOME}/etc/org.ops4j.pax.web.cfg.empty.stub file. If you are using
Karaf create the ${KARAF_HOME}/etc/org.ops4j.pax.web.cfg file.
Using the SMX provided property file as the example enable the following:
org.osgi.service.http.port=8181
org.ops4j.pax.web.config.file=etc/jetty.xml
javax.servlet.context.tempdir=data/pax-web-jsp
org.osgi.service.http.secure.enabled=true
org.ops4j.pax.web.ssl.keystore=etc/servicemix.jks
org.ops4j.pax.web.ssl.password=password
org.ops4j.pax.web.ssl.keypassword=password
org.osgi.service.http.port.secure=8443
Now add the following property to specify the bind address:
org.ops4j.pax.web.listening.addresses = 127.0.0.1
This will configure the containers HTTP and HTTPS service to listen on
localhost only.
More configuration options and details are available here:
http://team.ops4j.org/wiki/display/paxweb/Basic+Configuration
You then use your Camel bundle to listen on an external port that proxies
to the Localhost:Port/URI.
I will do a quick write up and send out a note later today.
Regards,
Scott ES
--
--
Scott England-Sullivan
----------------------------------
FuseSource
Web: http://www.fusesource.com
Blog: http://sully6768.blogspot.com
Twitter: sully6768
On Thu, Jul 19, 2012 at 9:20 AM, helander <le...@gmail.com> wrote:
> Hi Scott,
>
> I need to look more into your suggested solutions. Can I find more detailed
> information about them somewhere?
>
> Could you elaborate a bit more on what this means?
>
>
> > locking Karaf's HTTP Service to local host
> >
>
> Thanks
>
> Lars
>
>
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/cxfEndpoints-and-different-transports-http-https-using-PAX-Web-tp5716216p5716251.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
Re: cxfEndpoints and different transports (http, https) using PAX
Web
Posted by helander <le...@gmail.com>.
Hi Scott,
I need to look more into your suggested solutions. Can I find more detailed
information about them somewhere?
Could you elaborate a bit more on what this means?
> locking Karaf's HTTP Service to local host
>
Thanks
Lars
--
View this message in context: http://camel.465427.n5.nabble.com/cxfEndpoints-and-different-transports-http-https-using-PAX-Web-tp5716216p5716251.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: cxfEndpoints and different transports (http, https) using PAX Web
Posted by Scott England-Sullivan <su...@gmail.com>.
Hi Lars,
I have found that the easiest approach to your issue is to use Camel as an
HTTP/S proxy and locking Karaf's HTTP Service to local host. You gain
greater flexibility and an additional filter layer if needed. Write it
with CM service configuration support to add a dynamic producer driven by
request path properties (/my/web/service becomes my.web.service=<internal
host>).
Another alternative would be to us the Camel CXF Transport. I have found
it to be the most fine grained of all options since you can expose your CXF
Service using any type of transport on any port you like.
Regards,
Scott ES
--
--
Scott England-Sullivan
----------------------------------
FuseSource
Web: http://www.fusesource.com
Blog: http://sully6768.blogspot.com
Twitter: sully6768
On Thu, Jul 19, 2012 at 2:56 AM, helander <le...@gmail.com> wrote:
> I just realized from your description that CXF does not explicitly register
> with the http services, but rely on the Pax Web Whiteboard extender to
> perfom the registration. This means that it would not be possible to use a
> service filter between CXF and the http service (the whiteboard extender
> would also have to beware of this filter). I do not think that this is
> something that PAX Web whiteboard supports.
>
> /Lars
>
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/cxfEndpoints-and-different-transports-http-https-using-PAX-Web-tp5716216p5716236.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
Re: cxfEndpoints and different transports (http, https) using PAX
Web
Posted by helander <le...@gmail.com>.
I just realized from your description that CXF does not explicitly register
with the http services, but rely on the Pax Web Whiteboard extender to
perfom the registration. This means that it would not be possible to use a
service filter between CXF and the http service (the whiteboard extender
would also have to beware of this filter). I do not think that this is
something that PAX Web whiteboard supports.
/Lars
--
View this message in context: http://camel.465427.n5.nabble.com/cxfEndpoints-and-different-transports-http-https-using-PAX-Web-tp5716216p5716236.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: cxfEndpoints and different transports (http, https) using PAX
Web
Posted by Willem Jiang <wi...@gmail.com>.
Hi,
Please checkout my comments in the below email.
On Thu Jul 19 05:35:55 2012, helander wrote:
> Hi Christian,
>
> I am using Karaf 2.2.8.
>
> I wanted to create a setup where I had two separate web servers (two Pax Web
> instances) each with its own set of configuration parameters (port numbers,
> security settings etc). Access to my cxf endpoints should only be possible
> via one of these web servers.
>
> How do cxf endpoints connect to Pax Web? Do they listen on all osgi http
> service instances found in the service registry or could you limit this
> based on some service property or other method?
CXF will try to exports cxf servlet as OSGi service, the the PaxWeb
will pick it up when loading the CXF bundle.
I'm not sure if you can create more than one instance of PaxWeb in
Karaf,
But current CXF bundle doesn't provide addition property for the cxf
servlet.
>
> Another way to achieve my most important requirement (to only allow access
> via https to the cxf endpoints, while being able to access webconsole etc
> via http) could possibly to use an interceptor on the endpoints that would
> check if the transport is https or http and only allow access for https
> requests? Or perform the same type of check in the route "immediately"
> (=early in the route) after the message is consumed from the endpoint?
Not sure what kind of web console are you using?
Maybe you can consider to create another Karaf instance to hold the
different configuraiton of PaxWeb, if the console has nothing to do
with the camel-cxf endpoints that you want to expose.
>
> /Lars
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/cxfEndpoints-and-different-transports-http-https-using-PAX-Web-tp5716216p5716219.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
--
Willem
----------------------------------
FuseSource
Web: http://www.fusesource.com
Blog: http://willemjiang.blogspot.com (English)
http://jnn.javaeye.com (Chinese)
Twitter: willemjiang
Weibo: willemjiang
Re: cxfEndpoints and different transports (http, https) using PAX
Web
Posted by helander <le...@gmail.com>.
Hi Christian,
I am using Karaf 2.2.8.
I wanted to create a setup where I had two separate web servers (two Pax Web
instances) each with its own set of configuration parameters (port numbers,
security settings etc). Access to my cxf endpoints should only be possible
via one of these web servers.
How do cxf endpoints connect to Pax Web? Do they listen on all osgi http
service instances found in the service registry or could you limit this
based on some service property or other method?
Another way to achieve my most important requirement (to only allow access
via https to the cxf endpoints, while being able to access webconsole etc
via http) could possibly to use an interceptor on the endpoints that would
check if the transport is https or http and only allow access for https
requests? Or perform the same type of check in the route "immediately"
(=early in the route) after the message is consumed from the endpoint?
/Lars
--
View this message in context: http://camel.465427.n5.nabble.com/cxfEndpoints-and-different-transports-http-https-using-PAX-Web-tp5716216p5716219.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: cxfEndpoints and different transports (http, https) using PAX Web
Posted by Christian Müller <ch...@gmail.com>.
Hello Lars!
Which version of Karaf do you use?
Find my comments inline.
Best,
Christian
On Wed, Jul 18, 2012 at 8:07 PM, helander <le...@gmail.com> wrote:
> I am using cxfEndpoints with Pax Web in a Karaf container (and Camel routes
> consuming from these endpoints).
>
> I like the way that I only have to specificy the address relative to the
> http://cxf context in my endpoints, but I would like to limit the
> available
> transport for the endpoint to https. Can I do that on the endpoint?
>
Yes. See
http://team.ops4j.org/wiki/display/paxweb/Configuration#Configuration-configViaConfigAdmin
If you are considering to use ServiceMix, there is already a file
${SMX_HOME}/etc/org.ops4j.pax.web.cfg.empty.stub. Simply rename it to
org.ops4j.pax.web.cfg and change the properties you want
(org.osgi.service.http.secure.enabled=true and so on ...).
>
> Can I have 2 different Pax Web instances serving on different port sets
> (http and/or https) and specify which one that the cxfEndpoints hook up to?
> If so, could you specify this per cxfEndpoint, per cxf-bus or do all
> cxfEndpoints in the same container connect to the same Pax Web instance?
>
What do you mean with "2 different Pax Web instances"? There is one jetty
running which you have to configure for your needs. This could be done by
providing a jetty.xml file in the same directory. There you can configure
multiple ports and protocols (HTTP, HTTPS).
But it's not possible to bind a particular CXF service to a particular
port. See my question a few weeks ago:
http://cxf.547215.n5.nabble.com/changing-context-path-in-OSGI-from-quot-cxf-quot-to-quot-quot-td5530551.html#a5709011
> For various reasons I would like the cxfEndpoints be served by some other
> port (Pax Web instance) than the port where user interfaces, e.g.
> webconsole, are served, so any information about being able to associate
> cxf
> with a secondary Pax web instance would be most helpful.
>
Change "org.osgi.service.http.port=8181" or
"org.osgi.service.http.port.secure=8443" in your
${HOME}/etc/org.ops4j.pax.web.cfg file or provide a custom jetty.xml file.
>
> /Lars
>
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/cxfEndpoints-and-different-transports-http-https-using-PAX-Web-tp5716216.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>