You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2010/08/20 20:57:25 UTC
svn commit: r987603 - in /cxf/trunk:
rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/
rt/transports/http/src/main/java/org/apache/cxf/transport/https/
systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/conti...
Author: dkulp
Date: Fri Aug 20 18:57:25 2010
New Revision: 987603
URL: http://svn.apache.org/viewvc?rev=987603&view=rev
Log:
[CXF-1913] Implement asynchronous support for HTTPS transport in CXF Server
Change to using the new Channel SSL stuff in Jetty 7
Added:
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/cxf_https.xml (with props)
Modified:
cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/ClientServerWrappedContinuationTest.java
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/jaxws-server.xml
Modified: cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java?rev=987603&r1=987602&r2=987603&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java (original)
+++ cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java Fri Aug 20 18:57:25 2010
@@ -19,25 +19,19 @@
package org.apache.cxf.transport.https_jetty;
-import java.io.IOException;
-import java.net.ServerSocket;
import java.security.SecureRandom;
-import java.util.Arrays;
import java.util.List;
-import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLServerSocket;
-import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManager;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.configuration.security.ClientAuthentication;
import org.apache.cxf.configuration.security.FiltersType;
import org.apache.cxf.transport.https.SSLUtils;
-import org.eclipse.jetty.server.ssl.SslSocketConnector;
+import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
/**
* This class extends the Jetty SslSocketConnector, which allows
@@ -45,7 +39,7 @@ import org.eclipse.jetty.server.ssl.SslS
* and TrustManagers. Also, Jetty version 6.1.3 has a bug where
* the Trust store needs a password.
*/
-public class CXFJettySslSocketConnector extends SslSocketConnector {
+public class CXFJettySslSocketConnector extends SslSelectChannelConnector {
private static final Logger LOG = LogUtils.getL7dLogger(CXFJettySslSocketConnector.class);
protected KeyManager[] keyManagers;
@@ -104,27 +98,17 @@ public class CXFJettySslSocketConnector
}
}
}
-
- /**
- * We create our own socket factory.
- */
- @Override
- protected SSLServerSocketFactory createFactory()
- throws Exception {
-
+ protected SSLContext createSSLContext() throws Exception {
String proto = getProtocol() == null
- ? "TLS"
- : getProtocol();
-
+ ? "TLS"
+ : getProtocol();
+
SSLContext context = getProvider() == null
- ? SSLContext.getInstance(proto)
- : SSLContext.getInstance(proto, getProvider());
-
+ ? SSLContext.getInstance(proto)
+ : SSLContext.getInstance(proto, getProvider());
+
context.init(keyManagers, trustManagers, secureRandom);
- SSLServerSocketFactory con = context.getServerSocketFactory();
-
-
String[] cs =
SSLUtils.getCiphersuites(
cipherSuites,
@@ -133,15 +117,7 @@ public class CXFJettySslSocketConnector
LOG, true);
setExcludeCipherSuites(cs);
- return con;
- }
- protected ServerSocket newServerSocket(String host, int port, int backlog) throws IOException {
- ServerSocket sock = super.newServerSocket(host, port, backlog);
- if (sock instanceof SSLServerSocket && LOG.isLoggable(Level.INFO)) {
- SSLServerSocket sslSock = (SSLServerSocket)sock;
- LOG.log(Level.INFO, "CIPHERSUITES_SET", Arrays.asList(sslSock.getEnabledCipherSuites()));
- }
- return sock;
+
+ return context;
}
-
}
Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java?rev=987603&r1=987602&r2=987603&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java Fri Aug 20 18:57:25 2010
@@ -153,7 +153,7 @@ public final class SSLUtils {
kmf.init(ks, keyStorePassword.toCharArray());
keystoreManagers = kmf.getKeyManagers();
LogUtils.log(log,
- Level.INFO,
+ Level.FINE,
"LOADED_KEYSTORE",
keyStoreLocation);
} catch (Exception e) {
@@ -202,7 +202,7 @@ public final class SSLUtils {
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(trustStoreMgrFactoryAlgorithm);
tmf.init(trustedCertStore);
- LogUtils.log(log, Level.INFO, "LOADED_TRUST_STORE", trustStoreLocation);
+ LogUtils.log(log, Level.FINE, "LOADED_TRUST_STORE", trustStoreLocation);
trustStoreManagers = tmf.getTrustManagers();
return trustStoreManagers;
@@ -255,7 +255,7 @@ public final class SSLUtils {
logMsg = "KEY_STORE_NOT_SET";
}
}
- LogUtils.log(log, Level.INFO, logMsg, keyStoreLocation);
+ LogUtils.log(log, Level.FINE, logMsg, keyStoreLocation);
return keyStoreLocation;
}
@@ -267,7 +267,7 @@ public final class SSLUtils {
keyStoreType = DEFAULT_KEYSTORE_TYPE;
logMsg = "KEY_STORE_TYPE_NOT_SET";
}
- LogUtils.log(log, Level.INFO, logMsg, keyStoreType);
+ LogUtils.log(log, Level.FINE, logMsg, keyStoreType);
return keyStoreType;
}
@@ -283,7 +283,7 @@ public final class SSLUtils {
? "KEY_STORE_PASSWORD_SYSTEM_PROPERTY_SET"
: "KEY_STORE_PASSWORD_NOT_SET";
}
- LogUtils.log(log, Level.INFO, logMsg);
+ LogUtils.log(log, Level.FINE, logMsg);
return keyStorePassword;
}
@@ -298,7 +298,7 @@ public final class SSLUtils {
? "KEY_PASSWORD_SYSTEM_PROPERTY_SET"
: "KEY_PASSWORD_NOT_SET";
}
- LogUtils.log(log, Level.INFO, logMsg);
+ LogUtils.log(log, Level.FINE, logMsg);
return keyPassword;
}
@@ -313,7 +313,7 @@ public final class SSLUtils {
KeyManagerFactory.getDefaultAlgorithm();
logMsg = "KEY_STORE_ALGORITHM_NOT_SET";
}
- LogUtils.log(log, Level.INFO, logMsg, keyStoreMgrFactoryAlgorithm);
+ LogUtils.log(log, Level.FINE, logMsg, keyStoreMgrFactoryAlgorithm);
return keyStoreMgrFactoryAlgorithm;
}
@@ -328,7 +328,7 @@ public final class SSLUtils {
TrustManagerFactory.getDefaultAlgorithm();
logMsg = "TRUST_STORE_ALGORITHM_NOT_SET";
}
- LogUtils.log(log, Level.INFO, logMsg, trustStoreMgrFactoryAlgorithm);
+ LogUtils.log(log, Level.FINE, logMsg, trustStoreMgrFactoryAlgorithm);
return trustStoreMgrFactoryAlgorithm;
}
@@ -357,9 +357,9 @@ public final class SSLUtils {
if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
cipherSuites = getCiphersFromList(cipherSuitesList, log, exclude);
} else {
- LogUtils.log(log, Level.INFO, "CIPHERSUITES_NOT_SET");
+ LogUtils.log(log, Level.FINE, "CIPHERSUITES_NOT_SET");
if (filters == null) {
- LogUtils.log(log, Level.INFO, "CIPHERSUITE_FILTERS_NOT_SET");
+ LogUtils.log(log, Level.FINE, "CIPHERSUITE_FILTERS_NOT_SET");
}
List<String> filteredCipherSuites = new ArrayList<String>();
List<String> excludedCipherSuites = new ArrayList<String>();
@@ -439,7 +439,7 @@ public final class SSLUtils {
boolean exclude) {
int numCipherSuites = cipherSuitesList.size();
String[] cipherSuites = cipherSuitesList.toArray(new String[numCipherSuites]);
- if (log.isLoggable(exclude ? Level.FINE : Level.INFO)) {
+ if (log.isLoggable(Level.FINE)) {
StringBuilder ciphsStr = new StringBuilder();
for (String s : cipherSuites) {
if (ciphsStr.length() != 0) {
@@ -447,7 +447,7 @@ public final class SSLUtils {
}
ciphsStr.append(s);
}
- LogUtils.log(log, exclude ? Level.FINE : Level.INFO,
+ LogUtils.log(log, Level.FINE,
exclude ? "CIPHERSUITES_EXCLUDED" : "CIPHERSUITES_SET", ciphsStr.toString());
}
return cipherSuites;
@@ -467,7 +467,7 @@ public final class SSLUtils {
logMsg = "TRUST_STORE_NOT_SET";
}
}
- LogUtils.log(log, Level.INFO, logMsg, trustStoreLocation);
+ LogUtils.log(log, Level.FINE, logMsg, trustStoreLocation);
return trustStoreLocation;
}
@@ -480,7 +480,7 @@ public final class SSLUtils {
trustStoreType = DEFAULT_TRUST_STORE_TYPE;
logMsg = "TRUST_STORE_TYPE_NOT_SET";
}
- LogUtils.log(log, Level.INFO, logMsg, trustStoreType);
+ LogUtils.log(log, Level.FINE, logMsg, trustStoreType);
return trustStoreType;
}
@@ -488,11 +488,11 @@ public final class SSLUtils {
Logger log) {
if (secureSocketProtocol != null) {
LogUtils.log(log,
- Level.INFO,
+ Level.FINE,
"SECURE_SOCKET_PROTOCOL_SET",
secureSocketProtocol);
} else {
- LogUtils.log(log, Level.INFO, "SECURE_SOCKET_PROTOCOL_NOT_SET");
+ LogUtils.log(log, Level.FINE, "SECURE_SOCKET_PROTOCOL_NOT_SET");
secureSocketProtocol = DEFAULT_SECURE_SOCKET_PROTOCOL;
}
return secureSocketProtocol;
@@ -508,7 +508,7 @@ public final class SSLUtils {
requireClientAuthentication =
isRequireClientAuthentication.booleanValue();
LogUtils.log(log,
- Level.INFO,
+ Level.FINE,
"REQUIRE_CLIENT_AUTHENTICATION_SET",
requireClientAuthentication);
} else {
@@ -529,7 +529,7 @@ public final class SSLUtils {
wantClientAuthentication =
isWantClientAuthentication.booleanValue();
LogUtils.log(log,
- Level.INFO,
+ Level.FINE,
"WANT_CLIENT_AUTHENTICATION_SET",
wantClientAuthentication);
} else {
Modified: cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/ClientServerWrappedContinuationTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/ClientServerWrappedContinuationTest.java?rev=987603&r1=987602&r2=987603&view=diff
==============================================================================
--- cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/ClientServerWrappedContinuationTest.java (original)
+++ cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/ClientServerWrappedContinuationTest.java Fri Aug 20 18:57:25 2010
@@ -38,9 +38,12 @@ import org.junit.Test;
public class ClientServerWrappedContinuationTest extends AbstractClientServerTestBase {
public static final String PORT = allocatePort(Server.class);
+ public static final String HTTPS_PORT = allocatePort(Server.class, 1);
private static final String CLIENT_CONFIG_FILE =
"org/apache/cxf/systest/http_jetty/continuations/cxf.xml";
+ private static final String CLIENT_HTTPS_CONFIG_FILE =
+ "org/apache/cxf/systest/http_jetty/continuations/cxf_https.xml";
private static final String SERVER_CONFIG_FILE =
"org/apache/cxf/systest/http_jetty/continuations/jaxws-server.xml";
@@ -54,6 +57,8 @@ public class ClientServerWrappedContinua
Object implementor = new HelloImplWithWrapppedContinuation();
String address = "http://localhost:" + PORT + "/hellocontinuation";
Endpoint.publish(address, implementor);
+ address = "https://localhost:" + HTTPS_PORT + "/securecontinuation";
+ Endpoint.publish(address, implementor);
}
public static void main(String[] args) {
@@ -87,7 +92,26 @@ public class ClientServerWrappedContinua
HelloContinuationService service = new HelloContinuationService(wsdlURL, serviceName);
assertNotNull(service);
final HelloContinuation helloPort = service.getHelloContinuationPort();
+ doTest(helloPort);
+ }
+
+ @Test
+ public void testHttpsWrappedContinuations() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ Bus bus = bf.createBus(CLIENT_HTTPS_CONFIG_FILE);
+ BusFactory.setDefaultBus(bus);
+
+ QName serviceName = new QName("http://cxf.apache.org/systest/jaxws", "HelloContinuationService");
+
+ URL wsdlURL = new URL("https://localhost:" + HTTPS_PORT + "/securecontinuation?wsdl");
+ HelloContinuationService service = new HelloContinuationService(wsdlURL, serviceName);
+ assertNotNull(service);
+ final HelloContinuation helloPort = service.getHelloContinuationPort();
+ doTest(helloPort);
+ }
+
+ private void doTest(final HelloContinuation helloPort) throws Exception {
ThreadPoolExecutor executor = new ThreadPoolExecutor(10, 10, 0, TimeUnit.SECONDS,
new ArrayBlockingQueue<Runnable>(6));
CountDownLatch startSignal = new CountDownLatch(1);
Added: cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/cxf_https.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/cxf_https.xml?rev=987603&view=auto
==============================================================================
--- cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/cxf_https.xml (added)
+++ cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/cxf_https.xml Fri Aug 20 18:57:25 2010
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:jaxws="http://cxf.apache.org/jaxws"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
+">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+
+ <!-- -->
+ <!-- HTTP/S configuration for clients -->
+ <!-- -->
+ <http:conduit name="https://localhost:.*">
+ <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password"
+ file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password"
+ file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ </http:tlsClientParameters>
+ </http:conduit>
+</beans>
Propchange: cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/cxf_https.xml
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/cxf_https.xml
------------------------------------------------------------------------------
svn:keywords = Rev Date
Propchange: cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/cxf_https.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Modified: cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/jaxws-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/jaxws-server.xml?rev=987603&r1=987602&r2=987603&view=diff
==============================================================================
--- cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/jaxws-server.xml (original)
+++ cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http_jetty/continuations/jaxws-server.xml Fri Aug 20 18:57:25 2010
@@ -28,6 +28,7 @@ under the License.
http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd
http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd
">
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
<!-- -->
<!-- This Spring config file is designed to represent a minimal -->
@@ -44,8 +45,8 @@ under the License.
<!-- -->
<!-- TLS Port configuration parameters for port 9091 -->
<!-- -->
- <httpj:engine-factory id="port-9091-tls-config">
- <httpj:engine port="9091">
+ <httpj:engine-factory>
+ <httpj:engine port="${testutil.ports.Server.1}">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
<sec:keyStore type="JKS" password="password"
@@ -59,21 +60,6 @@ under the License.
</httpj:engine>
</httpj:engine-factory>
- <!-- -->
- <!-- HTTP/S configuration for clients -->
- <!-- -->
- <http:conduit name="{http://cxf.apache.org/systest/jaxws}HelloContinuationPort.http-conduit">
- <http:client ConnectionTimeout="3000000" ReceiveTimeout="3000000"/>
- <http:tlsClientParameters disableCNCheck="true">
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password"
- file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password"
- file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
- </http:tlsClientParameters>
- </http:conduit>
+
</beans>
\ No newline at end of file