You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by "carma.robot" <ca...@gmail.com> on 2014/03/07 06:43:47 UTC
Blueprint property placeholder does not work with HTTP conduit
configuration
I'm using Karaf 2.3.2 and Felix 2.7.4...
I'm had a hell of a time trying to setup a conduit that uses the Blueprint
property-placeholder to inject trust store parameters. The conduit works
when I explicitly configure the trust store properties. Unfortunately, when
I use placeholders it fails. It seems like maybe using Blueprint property
placeholders with conduits does not work. If there was an easy way to
construct similar regex matching conduits in code or by some more tedious
bean construction this wouldn't be that bit an issue but I tried many ways
and failed. No docs to help with this problem... woe is me.
In an act of sheer desperation I spent a few hours going through the CXF
code trying to figure out how I can build this bundle so I don't have to
include clear text passwords in the blueprint configuration. By sheer
chance, I stumbled across HTTPTransportActivator and it looks like something
I could use to solve my problem but of course there's no documentation on
how to use it. Can someone please take pity on this pour soul and help me
figure out how to use this feature?
Alternatively, I've included my original blueprint configuration in case
someone wants to look at it and can figure out what I did wrong. Thanks in
advance.
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0"
xmlns:cxf="http://cxf.apache.org/blueprint/core"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:jaxws="http://cxf.apache.org/blueprint/jaxws"
xsi:schemaLocation="
http://www.osgi.org/xmlns/blueprint/v1.0.0
http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0
http://aries.apache.org/schemas/blueprint-cm/blueprint-cm-1.0.0.xsd
http://cxf.apache.org/blueprint/core
http://cxf.apache.org/schemas/blueprint/core.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/blueprint/jaxws
http://cxf.apache.org/schemas/blueprint/jaxws.xsd">
<cm:property-placeholder id="properties"
persistent-id="com.example.sts.test.system">
<cm:default-properties>
<cm:property name="tls.trustStoreFile"
value="certs/truststore.jceks" />
<cm:property name="tls.trustStorePassword" value="" />
</cm:default-properties>
</cm:property-placeholder>
<http:conduit id="httpConduit" name="https://localhost:(\d)*/sts/.*">
<http:tlsClientParameters>
<sec:trustManagers>
<sec:keyStore type="jceks"
file="${tls.trustStoreFile}"
password="${tls.trustStorePassword}" />
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
</blueprint>
--
View this message in context: http://cxf.547215.n5.nabble.com/Blueprint-property-placeholder-does-not-work-with-HTTP-conduit-configuration-tp5740946.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Blueprint property placeholder does not work with HTTP conduit
configuration
Posted by "carma.robot" <ca...@gmail.com>.
Sure, I will create a ticket and upload an example. In the meanwhile, is
there any way to work around this issue? Can I create a regular expression
matching HTTPConduit by any other means?
--
View this message in context: http://cxf.547215.n5.nabble.com/Blueprint-property-placeholder-does-not-work-with-HTTP-conduit-configuration-tp5740946p5741062.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Blueprint property placeholder does not work with HTTP conduit
configuration
Posted by "carma.robot" <ca...@gmail.com>.
Is there really no way to construct the HTTP conduit in code or using plain
old beans in Spring? Please if you or anyone knows of a work around let me
know.
--
View this message in context: http://cxf.547215.n5.nabble.com/Blueprint-property-placeholder-does-not-work-with-HTTP-conduit-configuration-tp5740946p5741137.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Blueprint property placeholder does not work with HTTP conduit configuration
Posted by Freeman Fang <fr...@gmail.com>.
There's no workaround AFAIK, I will take a close look at this issue when I get chance
-------------
Freeman(Yue) Fang
Red Hat, Inc.
FuseSource is now part of Red Hat
On 2014-3-11, at 下午1:38, carma.robot wrote:
> Freeman,
>
> I have created a JIRA ticket. Please see:
> https://issues.apache.org/jira/browse/CXF-5601
>
> In the meanwhile, can you suggest a workaround for this problem?
>
> Thanks,
>
> C.R.
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Blueprint-property-placeholder-does-not-work-with-HTTP-conduit-configuration-tp5740946p5741064.html
> Sent from the cxf-user mailing list archive at Nabble.com.
RE: Blueprint property placeholder does not work with HTTP conduit
configuration
Posted by "carma.robot" <ca...@gmail.com>.
I don't think sec:keyStore supports that syntax. Anyway, I tried the
configuration below and it did not help.
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0"
xmlns:cxf="http://cxf.apache.org/blueprint/core"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:jaxws="http://cxf.apache.org/blueprint/jaxws"
xsi:schemaLocation="
http://www.osgi.org/xmlns/blueprint/v1.0.0
http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0
http://aries.apache.org/schemas/blueprint-cm/blueprint-cm-1.0.0.xsd
http://cxf.apache.org/blueprint/core
http://cxf.apache.org/schemas/blueprint/core.xsd
http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
http://cxf.apache.org/blueprint/jaxws
http://cxf.apache.org/schemas/blueprint/jaxws.xsd">
<cm:property-placeholder id="properties"
persistent-id="com.example.sts.test.system"
placeholder-prefix="$["
placeholder-suffix="]">
<cm:default-properties>
<cm:property name="tls.trustStoreFile"
value="certs/truststore.jceks" />
<cm:property name="tls.trustStorePassword" value="password" />
</cm:default-properties>
</cm:property-placeholder>
<http:conduit id="httpConduit" name="https://localhost:(\d)*/sts/.*">
<http:tlsClientParameters>
<sec:trustManagers>
<sec:keyStore type="jceks"
file="$[tls.trustStoreFile]"
password="$[tls.trustStorePassword]"
/>
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
</blueprint>
--
View this message in context: http://cxf.547215.n5.nabble.com/Blueprint-property-placeholder-does-not-work-with-HTTP-conduit-configuration-tp5740946p5741136.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: Blueprint property placeholder does not work with HTTP conduit
configuration
Posted by Andrei Shakirin <as...@talend.com>.
Hi,
Could you try placeholder-prefix / placeholder-suffix syntax:
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
<cm:property-placeholder persistent-id="xxxx" activation="eager"
placeholder-prefix="$[" placeholder-suffix="]">
<cm:default-properties>
<cm:property name="kerberos.user.debug" value="true" />
<cm:property name="kerberos.user.useTicketCache" value="false" />
</cm:default-properties>
</cm:property-placeholder>
<jaas:config name="test">
<jaas:module className="com.sun.security.auth.module.Krb5LoginModule" flags="required">
debug = $[kerberos.user.debug]
useTicketCache = $[kerberos.user.useTicketCache]
</jaas:module>
</jaas:config>
</blueprint>
Regards,
Andrei.
> -----Original Message-----
> From: carma.robot [mailto:carma.robot@gmail.com]
> Sent: Dienstag, 11. März 2014 06:38
> To: users@cxf.apache.org
> Subject: Re: Blueprint property placeholder does not work with HTTP conduit
> configuration
>
> Freeman,
>
> I have created a JIRA ticket. Please see:
> https://issues.apache.org/jira/browse/CXF-5601
>
> In the meanwhile, can you suggest a workaround for this problem?
>
> Thanks,
>
> C.R.
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Blueprint-
> property-placeholder-does-not-work-with-HTTP-conduit-configuration-
> tp5740946p5741064.html
> Sent from the cxf-user mailing list archive at Nabble.com.
Re: Blueprint property placeholder does not work with HTTP conduit
configuration
Posted by "carma.robot" <ca...@gmail.com>.
Freeman,
I have created a JIRA ticket. Please see:
https://issues.apache.org/jira/browse/CXF-5601
In the meanwhile, can you suggest a workaround for this problem?
Thanks,
C.R.
--
View this message in context: http://cxf.547215.n5.nabble.com/Blueprint-property-placeholder-does-not-work-with-HTTP-conduit-configuration-tp5740946p5741064.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Blueprint property placeholder does not work with HTTP conduit configuration
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
Would you please raise a jira ticket and append your test case if possible there?
My gut now is we also need TLSClient|ServerParametersHolder where we can use ValueMetadata to do properties substitution.
-------------
Freeman(Yue) Fang
Red Hat, Inc.
FuseSource is now part of Red Hat
On 2014-3-11, at 下午12:25, carma.robot wrote:
> Hi Freeman,
>
> Yes, I meant CXF version 2.7.4. Sorry for the confusion.
>
> I'm also aware of the JIRA ticket that you mentioned. I tried upgrading to
> version 2.7.7 and noticed the same exact issue. In fact, I also tried
> upgrading to 2.7.10 and, even though I had to deal with some interesting
> dependency issues, that did not help either.
>
> Is there anything else I could try? Am I missing something? What is the best
> way to troubleshoot this? If you can point me to a place in the CXF code
> where it makes sense to put a break point then I'd be glad to spend some
> time troubleshooting this with a debugger.
>
> Alternatively, is HTTPTransportActivator something I could use to work
> around this problem?
>
> I appreciate the response and I really hope you can help me out with this.
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Blueprint-property-placeholder-does-not-work-with-HTTP-conduit-configuration-tp5740946p5741060.html
> Sent from the cxf-user mailing list archive at Nabble.com.
Re: Blueprint property placeholder does not work with HTTP conduit
configuration
Posted by "carma.robot" <ca...@gmail.com>.
Hi Freeman,
Yes, I meant CXF version 2.7.4. Sorry for the confusion.
I'm also aware of the JIRA ticket that you mentioned. I tried upgrading to
version 2.7.7 and noticed the same exact issue. In fact, I also tried
upgrading to 2.7.10 and, even though I had to deal with some interesting
dependency issues, that did not help either.
Is there anything else I could try? Am I missing something? What is the best
way to troubleshoot this? If you can point me to a place in the CXF code
where it makes sense to put a break point then I'd be glad to spend some
time troubleshooting this with a debugger.
Alternatively, is HTTPTransportActivator something I could use to work
around this problem?
I appreciate the response and I really hope you can help me out with this.
--
View this message in context: http://cxf.547215.n5.nabble.com/Blueprint-property-placeholder-does-not-work-with-HTTP-conduit-configuration-tp5740946p5741060.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Blueprint property placeholder does not work with HTTP conduit configuration
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
A quick question, what's the CXF version you are using here?
You mentioned the Felix 2.7.4, are you saying CXF 2.7.4?
We have fixed a related issue[1] for CXF 2.7.7 afterwards, could you please use more recent CXF version?
[1]https://issues.apache.org/jira/browse/CXF-5148
-------------
Freeman(Yue) Fang
Red Hat, Inc.
FuseSource is now part of Red Hat
On 2014-3-7, at 下午1:43, carma.robot wrote:
> I'm using Karaf 2.3.2 and Felix 2.7.4...
>
> I'm had a hell of a time trying to setup a conduit that uses the Blueprint
> property-placeholder to inject trust store parameters. The conduit works
> when I explicitly configure the trust store properties. Unfortunately, when
> I use placeholders it fails. It seems like maybe using Blueprint property
> placeholders with conduits does not work. If there was an easy way to
> construct similar regex matching conduits in code or by some more tedious
> bean construction this wouldn't be that bit an issue but I tried many ways
> and failed. No docs to help with this problem... woe is me.
>
> In an act of sheer desperation I spent a few hours going through the CXF
> code trying to figure out how I can build this bundle so I don't have to
> include clear text passwords in the blueprint configuration. By sheer
> chance, I stumbled across HTTPTransportActivator and it looks like something
> I could use to solve my problem but of course there's no documentation on
> how to use it. Can someone please take pity on this pour soul and help me
> figure out how to use this feature?
>
> Alternatively, I've included my original blueprint configuration in case
> someone wants to look at it and can figure out what I did wrong. Thanks in
> advance.
>
> <?xml version="1.0" encoding="UTF-8"?>
> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0"
> xmlns:cxf="http://cxf.apache.org/blueprint/core"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:jaxws="http://cxf.apache.org/blueprint/jaxws"
> xsi:schemaLocation="
> http://www.osgi.org/xmlns/blueprint/v1.0.0
> http://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd
> http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0
> http://aries.apache.org/schemas/blueprint-cm/blueprint-cm-1.0.0.xsd
> http://cxf.apache.org/blueprint/core
> http://cxf.apache.org/schemas/blueprint/core.xsd
> http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
> http://cxf.apache.org/blueprint/jaxws
> http://cxf.apache.org/schemas/blueprint/jaxws.xsd">
>
> <cm:property-placeholder id="properties"
> persistent-id="com.example.sts.test.system">
> <cm:default-properties>
> <cm:property name="tls.trustStoreFile"
> value="certs/truststore.jceks" />
> <cm:property name="tls.trustStorePassword" value="" />
> </cm:default-properties>
> </cm:property-placeholder>
>
> <http:conduit id="httpConduit" name="https://localhost:(\d)*/sts/.*">
> <http:tlsClientParameters>
> <sec:trustManagers>
> <sec:keyStore type="jceks"
> file="${tls.trustStoreFile}"
> password="${tls.trustStorePassword}" />
> </sec:trustManagers>
> </http:tlsClientParameters>
> </http:conduit>
> </blueprint>
>
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Blueprint-property-placeholder-does-not-work-with-HTTP-conduit-configuration-tp5740946.html
> Sent from the cxf-user mailing list archive at Nabble.com.